diff options
| author | Andrew Tridgell <tridge@samba.org> | 2008-12-16 11:41:20 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2008-12-16 11:41:20 +1100 |
| commit | f448fde4e35e56508ad93be8de9f60d88e8b8dcd (patch) | |
| tree | 597b58ba1af03f5250af918ec15300c385281706 | |
| parent | a226d86dcec393b2cd657d5441c3041dfdf5cd8f (diff) | |
| parent | 530758dc2a6dd6dce083789b328e16e51ba6573d (diff) | |
| download | samba-f448fde4e35e56508ad93be8de9f60d88e8b8dcd.tar.gz samba-f448fde4e35e56508ad93be8de9f60d88e8b8dcd.tar.bz2 samba-f448fde4e35e56508ad93be8de9f60d88e8b8dcd.zip | |
Merge branch 'master' of ssh://git.samba.org/data/git/samba
214 files changed, 28609 insertions, 4839 deletions
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml b/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml index b2b3ebd5b1..d1895829a9 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml @@ -1850,7 +1850,7 @@ net idmap dump /var/lib/samba/winbindd_idmap.tdb > idmap_dump.txt <para> The IDMAP dump file can be restored using the following command: <screen> -net idmap restore <full_path_and_tdb_filename> < dumpfile.txt +net idmap restore idmap_dump.txt </screen> Where the Samba run-time tdb files are stored in the <filename>/var/lib/samba</filename> directory the following command can be used to restore the data to the tdb file: diff --git a/docs-xml/smbdotconf/misc/socketaddress.xml b/docs-xml/smbdotconf/misc/socketaddress.xml index 7566380e70..17018efd40 100644 --- a/docs-xml/smbdotconf/misc/socketaddress.xml +++ b/docs-xml/smbdotconf/misc/socketaddress.xml @@ -4,12 +4,14 @@ developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each + <para>This option allows you to control what + address Samba will listen for connections on. This is used to + support multiple virtual interfaces on the one server, each with a different configuration.</para> - - <para>By default Samba will accept connections on any + <para>Setting this option should never be necessary on usual Samba + servers running only one nmbd.</para> + + <para>By default Samba will accept connections on any address.</para> </description> diff --git a/docs-xml/smbdotconf/security/accessbasedshareenum.xml b/docs-xml/smbdotconf/security/accessbasedshareenum.xml new file mode 100644 index 0000000000..c2977c47ae --- /dev/null +++ b/docs-xml/smbdotconf/security/accessbasedshareenum.xml @@ -0,0 +1,18 @@ +<samba:parameter name="access based share enum" + type="boolean" + context="S" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <synonym>public</synonym> + <description> + <para>If this parameter is <constant>yes</constant> for a + service, then the share hosted by the service will only be visible + to users who have read or write access to the share during share + enumeration (for example net view \\sambaserver). This has + parallels to access based enumeration, the main difference being + that only share permissions are evaluated, and security + descriptors on files contained on the share are not used in + computing enumeration access rights.</para> + </description> + <value type="default">no</value> +</samba:parameter> diff --git a/lib/util/util_net.c b/lib/util/util_net.c index 228393a2bb..d1dadc2494 100644 --- a/lib/util/util_net.c +++ b/lib/util/util_net.c @@ -360,7 +360,7 @@ bool same_net(const struct sockaddr *ip1, * Are two sockaddr 's the same family and address ? Ignore port etc. */ -bool addr_equal(const struct sockaddr *ip1, +bool sockaddr_equal(const struct sockaddr *ip1, const struct sockaddr *ip2) { if (ip1->sa_family != ip2->sa_family) { diff --git a/librpc/idl/browser.idl b/librpc/idl/browser.idl index 5b05be9cbb..94d4ce6b62 100644 --- a/librpc/idl/browser.idl +++ b/librpc/idl/browser.idl @@ -1,4 +1,6 @@ -[ +import "srvsvc.idl"; + +[ uuid("6bffd098-a112-3610-9833-012892020162"), version(0.0), helpstring("Browsing"), @@ -9,50 +11,76 @@ interface browser { /******************/ /* Function 0x00 */ - [todo] NTSTATUS BrowserrServerEnum(); + [todo] void BrowserrServerEnum(); /******************/ /* Function 0x01 */ - [todo] NTSTATUS BrowserrDebugCall(); + [todo] void BrowserrDebugCall(); /******************/ /* Function 0x02 */ - [todo] NTSTATUS BrowserrQueryOtherDomains(); + + typedef struct { + uint32 entries_read; + [size_is(entries_read)] srvsvc_NetSrvInfo100 *entries; + } BrowserrSrvInfo100Ctr; + + typedef struct { + uint32 entries_read; + [size_is(entries_read)] srvsvc_NetSrvInfo101 *entries; + } BrowserrSrvInfo101Ctr; + + typedef [switch_type(uint32)] union { + [case(100)] BrowserrSrvInfo100Ctr *info100; + [case(101)] BrowserrSrvInfo101Ctr *info101; + [default] ; + } BrowserrSrvInfoUnion; + + typedef struct { + uint32 level; + [switch_is(level)] BrowserrSrvInfoUnion info; + } BrowserrSrvInfo; + + WERROR BrowserrQueryOtherDomains( + [in,unique] [string,charset(UTF16)] uint16 *server_unc, + [in,out,ref] BrowserrSrvInfo *info, + [out,ref] uint32 *total_entries + ); /******************/ /* Function 0x03 */ - [todo] NTSTATUS BrowserrResetNetlogonState(); + [todo] void BrowserrResetNetlogonState(); /******************/ /* Function 0x04 */ - [todo] NTSTATUS BrowserrDebugTrace(); + [todo] void BrowserrDebugTrace(); /******************/ /* Function 0x05 */ - [todo] NTSTATUS BrowserrQueryStatistics(); + [todo] void BrowserrQueryStatistics(); /******************/ /* Function 0x06 */ - [todo] NTSTATUS BrowserResetStatistics(); + [todo] void BrowserResetStatistics(); /******************/ /* Function 0x07 */ - [todo] NTSTATUS NetrBrowserStatisticsClear(); + [todo] void NetrBrowserStatisticsClear(); /******************/ /* Function 0x08 */ - [todo] NTSTATUS NetrBrowserStatisticsGet(); + [todo] void NetrBrowserStatisticsGet(); /******************/ /* Function 0x09 */ - [todo] NTSTATUS BrowserrSetNetlogonState(); + [todo] void BrowserrSetNetlogonState(); /******************/ /* Function 0x0a */ - [todo] NTSTATUS BrowserrQueryEmulatedDomains(); + [todo] void BrowserrQueryEmulatedDomains(); /******************/ /* Function 0x0b */ - [todo] NTSTATUS BrowserrServerEnumEx(); + [todo] void BrowserrServerEnumEx(); } diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index 003641d97a..db5ca31720 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -16,7 +16,7 @@ import "misc.idl", "security.idl"; typedef bitmap security_secinfo security_secinfo; typedef bitmap kerb_EncTypes kerb_EncTypes; - typedef [public,noejs] struct { + typedef [public] struct { [value(2*strlen_m(string))] uint16 length; [value(2*strlen_m(string))] uint16 size; [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string; diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl index 1907195252..1ef0d913b9 100644 --- a/librpc/idl/misc.idl +++ b/librpc/idl/misc.idl @@ -7,7 +7,7 @@ ] interface misc { - typedef [public,noprint,gensize,noejs] struct { + typedef [public,noprint,gensize] struct { uint32 time_low; uint16 time_mid; uint16 time_hi_and_version; diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index cf4da7adfa..f09e51e30f 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -1500,5 +1500,23 @@ interface netlogon /****************/ /* Function 0x2e */ - [todo] WERROR netr_NETRSERVERGETTRUSTINFO(); + + typedef struct { + uint32 count; + [size_is(count)] uint32 *data; + uint32 entry_count; + [size_is(count)] lsa_String *entries; + } netr_TrustInfo; + + NTSTATUS netr_ServerGetTrustInfo( + [in,unique] [string,charset(UTF16)] uint16 *server_name, + [in,ref] [string,charset(UTF16)] uint16 *account_name, + [in] netr_SchannelType secure_channel_type, + [in,ref] [string,charset(UTF16)] uint16 *computer_name, + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [out,ref] samr_Password *new_owf_password, + [out,ref] samr_Password *old_owf_password, + [out,ref] netr_TrustInfo **trust_info + ); } diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 46478ee9e8..7d5d877bb1 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -410,8 +410,7 @@ import "misc.idl", "lsa.idl", "security.idl"; typedef struct { hyper sequence_num; NTTIME domain_create_time; - uint32 unknown1; - uint32 unknown2; + hyper modified_count_at_last_promotion; } samr_DomInfo13; typedef [switch_type(uint16)] union { @@ -880,10 +879,11 @@ import "misc.idl", "lsa.idl", "security.idl"; } samr_Password; typedef struct { - samr_Password lm_pwd; samr_Password nt_pwd; - boolean8 lm_pwd_active; + samr_Password lm_pwd; boolean8 nt_pwd_active; + boolean8 lm_pwd_active; + uint8 password_expired; } samr_UserInfo18; typedef struct { @@ -916,8 +916,8 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_FIELD_PARAMETERS = 0x00200000, SAMR_FIELD_COUNTRY_CODE = 0x00400000, SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */ + SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */ SAMR_FIELD_PRIVATE_DATA = 0x04000000, SAMR_FIELD_EXPIRED_FLAG = 0x08000000, SAMR_FIELD_SEC_DESC = 0x10000000, @@ -945,8 +945,8 @@ import "misc.idl", "lsa.idl", "security.idl"; lsa_String workstations; lsa_String comment; lsa_BinaryString parameters; - lsa_String unknown1; - lsa_String unknown2; + lsa_BinaryString lm_owf_password; + lsa_BinaryString nt_owf_password; lsa_String unknown3; uint32 buf_count; [size_is(buf_count)] uint8 *buffer; @@ -959,8 +959,8 @@ import "misc.idl", "lsa.idl", "security.idl"; uint16 logon_count; uint16 country_code; uint16 code_page; - uint8 nt_password_set; uint8 lm_password_set; + uint8 nt_password_set; uint8 password_expired; uint8 unknown4; } samr_UserInfo21; diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 3f70e2c36e..4c6aa235d7 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -7,12 +7,39 @@ import "misc.idl"; import "dom_sid.idl"; +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + [ helper("librpc/gen_ndr/ndr_dom_sid.h"), + pyhelper("librpc/ndr/py_security.c"), pointer_default(unique) ] interface security { + + typedef [public,gensize,noprint,nosize,nopull,nopush] struct { + uint8 sid_rev_num; /**< SID revision number */ + [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ + uint8 id_auth[6]; /**< Identifier Authority */ + uint32 sub_auths[15]; + } dom_sid; /* access masks are divided up like this: 0xabccdddd @@ -388,4 +415,5 @@ interface security KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008, KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010 } kerb_EncTypes; + } diff --git a/librpc/idl/srvsvc.idl b/librpc/idl/srvsvc.idl index 3f24402c3f..153d8cfbbe 100644 --- a/librpc/idl/srvsvc.idl +++ b/librpc/idl/srvsvc.idl @@ -638,12 +638,12 @@ import "security.idl", "svcctl.idl"; PLATFORM_ID_VMS = 700 } srvsvc_PlatformId; - typedef struct { + typedef [public] struct { srvsvc_PlatformId platform_id; [string,charset(UTF16)] uint16 *server_name; } srvsvc_NetSrvInfo100; - typedef struct { + typedef [public] struct { srvsvc_PlatformId platform_id; [string,charset(UTF16)] uint16 *server_name; uint32 version_major; diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl index 9216f9893b..2f108a090b 100644 --- a/librpc/idl/winreg.idl +++ b/librpc/idl/winreg.idl @@ -40,7 +40,7 @@ import "lsa.idl", "security.idl"; REG_QWORD = 11 } winreg_Type; - typedef [public,noejs] struct { + typedef [public] struct { [value(strlen_m_term(name)*2)] uint16 name_len; [value(strlen_m_term(name)*2)] uint16 name_size; [string,charset(UTF16)] uint16 *name; diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index 4b135505d8..898a4287ea 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -23,6 +23,9 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_security.h" +#if _SAMBA_BUILD_ == 4 +#include "libcli/security/security.h" +#endif /* return the wire size of a security_ace @@ -116,3 +119,224 @@ size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int fl return ret; } +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) +{ + struct dom_sid zero_sid; + + if (!sid) return 0; + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return 0; + } + + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + uint32_t num_auths; + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); + NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); + if (sid->num_auths != num_auths) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, + "Bad array size %u should exceed %u", + num_auths, sid->num_auths); + } + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +/* + parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth +*/ +enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + enum ndr_err_code status; + struct ndr_pull *subndr; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + subndr = talloc_zero(ndr, struct ndr_pull); + NDR_ERR_HAVE_NO_MEMORY(subndr); + subndr->flags = ndr->flags; + subndr->current_mem_ctx = ndr->current_mem_ctx; + + subndr->data = ndr->data + ndr->offset; + subndr->data_size = 28; + subndr->offset = 0; + + NDR_CHECK(ndr_pull_advance(ndr, 28)); + + status = ndr_pull_dom_sid(subndr, ndr_flags, sid); + if (!NDR_ERR_CODE_IS_SUCCESS(status)) { + /* handle a w2k bug which send random data in the buffer */ + ZERO_STRUCTP(sid); + } else if (sid->num_auths == 0 && sid->sub_auths) { + ZERO_STRUCT(sid->sub_auths); + } + + return NDR_ERR_SUCCESS; +} + +/* + push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer +*/ +enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + uint32_t old_offset; + uint32_t padding; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (sid->num_auths > 5) { + return ndr_push_error(ndr, NDR_ERR_RANGE, + "dom_sid28 allows only upto 5 sub auth [%u]", + sid->num_auths); + } + + old_offset = ndr->offset; + NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); + + padding = 28 - (ndr->offset - old_offset); + + if (padding > 0) { + NDR_CHECK(ndr_push_zero(ndr, padding)); + } + + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (ndr->data_size == ndr->offset) { + ZERO_STRUCTP(sid); + return NDR_ERR_SUCCESS; + } + + return ndr_pull_dom_sid(ndr, ndr_flags, sid); +} + +/* + push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + struct dom_sid zero_sid; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (!sid) { + return NDR_ERR_SUCCESS; + } + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return NDR_ERR_SUCCESS; + } + + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) +{ + uint32_t cntr_sub_auths_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); + NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) +{ + uint32_t cntr_sub_auths_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); + NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths)); + if (r->num_auths < 0 || r->num_auths > 15) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); + } + } + return NDR_ERR_SUCCESS; +} diff --git a/packaging/RHEL-CTDB/configure.rpm b/packaging/RHEL-CTDB/configure.rpm index 7596040205..b9a1ee12c2 100755 --- a/packaging/RHEL-CTDB/configure.rpm +++ b/packaging/RHEL-CTDB/configure.rpm @@ -1,37 +1,56 @@ +#!/bin/sh case `uname -m` in - x86_64) - libdir=/usr/lib64/samba - ;; - *) - libdir=/usr/lib/samba - ;; + x86_64) + _libarch=lib64 + ;; + *) + _libarch=lib + ;; esac -CFLAGS="-Wall -g -D_GNU_SOURCE" ./configure \ - --prefix=/usr \ - --localstatedir=/var \ - --with-configdir=/etc/samba \ - --with-libdir=$libdir \ - --with-lockdir=/var/lib/samba \ - --with-logfilebase=/var/log/samba \ - --with-mandir=/usr/man \ - --with-piddir=/var/run \ - --with-privatedir=/etc/samba \ - --with-sambabook=/usr/share/swat/using_samba \ - --with-swatdir=/usr/share/swat \ +_libarchdir=/usr/${_libarch} + +_prefix=/usr +_sysconfdir=/etc +_mandir=/usr/man +_datadir=/usr/share + +# check for ccache +ccache -h 2>&1 > /dev/null +if [ $? -eq 0 ]; then + CC="ccache gcc" +else + CC="gcc" +fi + +./autogen.sh + +CC="$CC" CFLAGS="-Wall -g -D_GNU_SOURCE" ./configure -C \ + --prefix=${_prefix} \ + --localstatedir=/var \ + --with-configdir=${_sysconfdir}/samba \ + --with-libdir=${_libarchdir}/samba \ + --with-pammodulesdir=/${_libarch}/security \ + --with-lockdir=/var/lib/samba \ + --with-logfilebase=/var/log/samba \ + --with-mandir=${_mandir} \ + --with-piddir=/var/run \ + --with-privatedir=${_sysconfdir}/samba \ + --with-sambabook=${_datadir}/swat/using_samba \ + --with-swatdir=${_datadir}/swat \ --disable-cups \ - --with-acl-support \ + --with-acl-support \ --with-ads \ - --with-automount \ - --with-fhs \ + --with-automount \ + --with-fhs \ --with-pam_smbpass \ --with-libsmbclient \ --with-libsmbsharemodes \ - --without-smbwrapper \ + --without-smbwrapper \ --with-pam \ --with-quotas \ - --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2 \ + --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2,vfs_gpfs \ --with-syslog \ --with-utmp \ --with-cluster-support \ @@ -40,3 +59,6 @@ CFLAGS="-Wall -g -D_GNU_SOURCE" ./configure \ --without-dnsupdate \ --with-aio-support \ $* + +make showlayout + diff --git a/packaging/RHEL-CTDB/makerpms.sh b/packaging/RHEL-CTDB/makerpms.sh index 219982fda9..50fa96c2b1 100755 --- a/packaging/RHEL-CTDB/makerpms.sh +++ b/packaging/RHEL-CTDB/makerpms.sh @@ -25,8 +25,6 @@ RPMSRCDIR=`rpm --eval %_sourcedir` DIRNAME=$(dirname $0) TOPDIR=${DIRNAME}/../.. -SRCDIR=${TOPDIR}/source -VERSION_H=${SRCDIR}/include/version.h SPECFILE="samba.spec" DOCS="docs.tar.bz2" @@ -49,25 +47,14 @@ esac ## ## determine the samba version and create the SPEC file ## -pushd ${SRCDIR} -./script/mkversion.sh -popd -if [ ! -f ${VERSION_H} ] ; then - echo "Error creating version.h" - exit 1 +${DIRNAME}/makespec.sh +RC=$? +if [ $RC -ne 0 ]; then + exit ${RC} fi -VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING ${VERSION_H} | awk '{print $3}'` -vendor_version=`grep SAMBA_VERSION_VENDOR_SUFFIX ${VERSION_H} | awk '{print $3}'` -if test "x${vendor_version}" != "x" ; then - VERSION="${VERSION}-${vendor_version}" -fi -VERSION=`echo ${VERSION} | sed 's/-/_/g'` -VERSION=`echo ${VERSION} | sed 's/\"//g'` -echo "VERSION: ${VERSION}" -sed -e s/PVERSION/${VERSION}/g \ - < ${DIRNAME}/${SPECFILE}.tmpl \ - > ${DIRNAME}/${SPECFILE} +RELEASE=$(grep ^Release ${DIRNAME}/${SPECFILE} | sed -e 's/^Release:\ \+//') +VERSION=$(grep ^Version ${DIRNAME}/${SPECFILE} | sed -e 's/^Version:\ \+//') ## ## create the tarball diff --git a/packaging/RHEL-CTDB/makespec.sh b/packaging/RHEL-CTDB/makespec.sh new file mode 100755 index 0000000000..7d10d55ab4 --- /dev/null +++ b/packaging/RHEL-CTDB/makespec.sh @@ -0,0 +1,36 @@ +#!/bin/sh +# +# Copyright (C) Michael Adam 2008 +# +# Script to determine the samba version and create the SPEC file from template + +DIRNAME=$(dirname $0) +TOPDIR=${DIRNAME}/../.. +SRCDIR=${TOPDIR}/source +VERSION_H=${SRCDIR}/include/version.h +SPECFILE=${DIRNAME}/samba.spec + +## +## determine the samba version and create the SPEC file +## +pushd ${SRCDIR} +./script/mkversion.sh +popd +if [ ! -f ${VERSION_H} ] ; then + echo "Error creating version.h" + exit 1 +fi + +VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING ${VERSION_H} | awk '{print $3}'` +vendor_version=`grep SAMBA_VERSION_VENDOR_SUFFIX ${VERSION_H} | awk '{print +$3}'` +if test "x${vendor_version}" != "x" ; then + VERSION="${VERSION}-${vendor_version}" +fi +VERSION=`echo ${VERSION} | sed 's/-/_/g'` +VERSION=`echo ${VERSION} | sed 's/\"//g'` +echo "VERSION: ${VERSION}" +sed -e s/PVERSION/${VERSION}/g \ + < ${SPECFILE}.tmpl \ + > ${SPECFILE} + diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl index b34f01f659..8a583a9bde 100644 --- a/packaging/RHEL-CTDB/samba.spec.tmpl +++ b/packaging/RHEL-CTDB/samba.spec.tmpl @@ -133,12 +133,11 @@ cd source # RPM_OPT_FLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" ## check for ccache -# ccache -h 2>&1 > /dev/null -#if [ $? -eq 0 ]; then -# CC="ccache gcc" -#else +if ccache -h >/dev/null 2>&1 ; then + CC="ccache gcc" +else CC="gcc" -#fi +fi ## always run autogen.sh ./autogen.sh @@ -149,6 +148,7 @@ CFLAGS="$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE" ./configure \ --with-configdir=%{_sysconfdir}/samba \ --libdir=%{_libarchdir} \ --with-modulesdir=%{_libarchdir}/samba \ + --with-pammodulesdir=%{_libarch}/security \ --with-lockdir=/var/lib/samba \ --with-logfilebase=/var/log/samba \ --with-mandir=%{_mandir} \ @@ -167,7 +167,7 @@ CFLAGS="$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE" ./configure \ --without-smbwrapper \ --with-pam \ --with-quotas \ - --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2 \ + --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2,vfs_gpfs \ --with-syslog \ --with-utmp \ --with-cluster-support \ @@ -230,8 +230,7 @@ make DESTDIR=$RPM_BUILD_ROOT \ install cd .. -# NSS & PAM winbind support -install -m 755 source/bin/pam_winbind.so $RPM_BUILD_ROOT/%{_libarch}/security/pam_winbind.so +# NSS winbind support install -m 755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/%{_libarch}/libnss_winbind.so.2 ( cd $RPM_BUILD_ROOT/%{_libarch}; ln -sf libnss_winbind.so.2 libnss_winbind.so ) @@ -242,8 +241,6 @@ install -m 755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/%{_libarch}/lib #install -m 755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/%{_libarch}/libnss_wins.so # ( cd $RPM_BUILD_ROOT/%{_libarch}; ln -sf libnss_wins.so libnss_wins.so.2 ) -# Install pam_smbpass.so -install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/%{_libarch}/security/pam_smbpass.so ## cleanup /bin/rm -rf $RPM_BUILD_ROOT/usr/lib*/samba/security @@ -419,6 +416,8 @@ exit 0 /sbin/mount.cifs /sbin/umount.cifs +%{_sbindir}/cifs.upcall + %{_bindir}/rpcclient %{_bindir}/smbcacls %{_bindir}/findsmb @@ -432,6 +431,7 @@ exit 0 %{_mandir}/man8/mount.cifs.8.* %{_mandir}/man8/umount.cifs.8.* +%{_mandir}/man8/cifs.upcall.8* %{_mandir}/man8/smbspool.8* %{_mandir}/man1/smbget.1* %{_mandir}/man5/smbgetrc.5* @@ -512,7 +512,6 @@ exit 0 %{_mandir}/man1/ldbedit.1* %{_mandir}/man1/ldbmodify.1* %{_mandir}/man1/ldbsearch.1* -%{_mandir}/man8/cifs.upcall.8* %ifarch i386 i486 i586 i686 ppc s390 %files winbind-32bit diff --git a/pidl/lib/Parse/Pidl/Compat.pm b/pidl/lib/Parse/Pidl/Compat.pm index 7519021144..1b49c439c4 100644 --- a/pidl/lib/Parse/Pidl/Compat.pm +++ b/pidl/lib/Parse/Pidl/Compat.pm @@ -44,7 +44,6 @@ my %supported_properties = ( "nopush" => ["FUNCTION", "TYPEDEF"], "nopull" => ["FUNCTION", "TYPEDEF"], "noprint" => ["FUNCTION", "TYPEDEF"], - "noejs" => ["FUNCTION", "TYPEDEF"], # union "switch_is" => ["ELEMENT"], diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm index 9b61a370e2..5ee26d16b6 100644 --- a/pidl/lib/Parse/Pidl/NDR.pm +++ b/pidl/lib/Parse/Pidl/NDR.pm @@ -855,6 +855,7 @@ my %property_list = ( "endpoint" => ["INTERFACE"], "pointer_default" => ["INTERFACE"], "helper" => ["INTERFACE"], + "pyhelper" => ["INTERFACE"], "authservice" => ["INTERFACE"], "restricted" => ["INTERFACE"], @@ -890,7 +891,6 @@ my %property_list = ( "nopull" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP"], "nosize" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP"], "noprint" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP", "ELEMENT"], - "noejs" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP"], "todo" => ["FUNCTION"], # union diff --git a/pidl/lib/Parse/Pidl/Samba4.pm b/pidl/lib/Parse/Pidl/Samba4.pm index d42e01cdb0..5bdb91ee25 100644 --- a/pidl/lib/Parse/Pidl/Samba4.pm +++ b/pidl/lib/Parse/Pidl/Samba4.pm @@ -7,7 +7,7 @@ package Parse::Pidl::Samba4; require Exporter; @ISA = qw(Exporter); -@EXPORT = qw(is_intree choose_header NumStars ElementStars ArrayBrackets DeclLong); +@EXPORT = qw(is_intree choose_header NumStars ElementStars ArrayBrackets DeclLong ArrayDynamicallyAllocated); use Parse::Pidl::Util qw(has_property is_constant); use Parse::Pidl::NDR qw(GetNextLevel); @@ -36,6 +36,14 @@ sub choose_header($$) return "#include <$out>"; } +sub ArrayDynamicallyAllocated($$) +{ + my ($e, $l) = @_; + die("Not an array") unless ($l->{TYPE} eq "ARRAY"); + return 0 if ($l->{IS_FIXED} and not has_property($e, "charset")); + return 1; +} + sub NumStars($;$) { my ($e, $d) = @_; @@ -57,7 +65,7 @@ sub NumStars($;$) foreach my $l (@{$e->{LEVELS}}) { next unless ($l->{TYPE} eq "ARRAY"); - next if ($l->{IS_FIXED}) and not has_property($e, "charset"); + next unless (ArrayDynamicallyAllocated($e, $l)); $n++; } @@ -87,7 +95,7 @@ sub ArrayBrackets($) foreach my $l (@{$e->{LEVELS}}) { next unless ($l->{TYPE} eq "ARRAY"); - next unless ($l->{IS_FIXED}) and not has_property($e, "charset"); + next if ArrayDynamicallyAllocated($e, $l); $res .= "[$l->{SIZE_IS}]"; } diff --git a/pidl/lib/Parse/Pidl/Samba4/EJS.pm b/pidl/lib/Parse/Pidl/Samba4/EJS.pm deleted file mode 100644 index efb3f2858d..0000000000 --- a/pidl/lib/Parse/Pidl/Samba4/EJS.pm +++ /dev/null @@ -1,874 +0,0 @@ -################################################### -# EJS function wrapper generator -# Copyright jelmer@samba.org 2005 -# Copyright Andrew Tridgell 2005 -# released under the GNU GPL - -package Parse::Pidl::Samba4::EJS; - -use Exporter; -@ISA = qw(Exporter); -@EXPORT_OK = qw(check_null_pointer fn_declare TypeFunctionName); - -use strict; -use Parse::Pidl::Typelist qw(typeHasBody); -use Parse::Pidl::CUtil qw(get_pointer_to get_value_of); -use Parse::Pidl::Util qw(has_property ParseExpr); -use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel); -use Parse::Pidl::Samba4::Header qw(GenerateStructEnv GenerateFunctionInEnv - GenerateFunctionOutEnv); - -use vars qw($VERSION); -$VERSION = '0.01'; - -sub new($) { - my ($class) = @_; - my $self = { res => "", res_hdr => "", tabs => "", constants => {}}; - bless($self, $class); -} - -sub pidl_hdr ($$) -{ - my $self = shift; - $self->{res_hdr} .= shift; -} - -sub pidl($$) -{ - my ($self, $d) = @_; - if ($d) { - $self->{res} .= $self->{tabs}; - $self->{res} .= $d; - } - $self->{res} .= "\n"; -} - -sub indent($) -{ - my ($self) = @_; - $self->{tabs} .= "\t"; -} - -sub deindent($) -{ - my ($self) = @_; - $self->{tabs} = substr($self->{tabs}, 0, -1); -} - -##################################################################### -# check that a variable we get from ParseExpr isn't a null pointer -sub check_null_pointer($$) -{ - my ($self, $size) = @_; - if ($size =~ /^\*/) { - my $size2 = substr($size, 1); - $self->pidl("if ($size2 == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;"); - } -} - -##################################################################### -# work out is a parse function should be declared static or not -sub fn_declare($$$) -{ - my ($self,$fn,$decl) = @_; - - if (has_property($fn, "public")) { - $self->pidl_hdr("$decl;\n"); - $self->pidl("_PUBLIC_ $decl"); - } else { - $self->pidl("static $decl"); - } -} - -########################### -# pull a scalar element -sub EjsPullScalar($$$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - - return if (has_property($e, "value")); - - if (ref($e->{TYPE}) eq "HASH" and not defined($e->{TYPE}->{NAME})) { - $self->EjsTypePull($e->{TYPE}, $var); - } else { - my $pl = Parse::Pidl::NDR::GetPrevLevel($e, $l); - $var = get_pointer_to($var); - # have to handle strings specially :( - if (Parse::Pidl::Typelist::scalar_is_reference($e->{TYPE}) - and (defined($pl) and $pl->{TYPE} eq "POINTER")) { - $var = get_pointer_to($var); - } - - my $t; - if (ref($e->{TYPE}) eq "HASH") { - $t = "$e->{TYPE}->{TYPE}_$e->{TYPE}->{NAME}"; - } else { - $t = $e->{TYPE}; - } - $self->pidl("EJS_CHECK(ejs_pull_$t(ejs, v, $name, $var));"); - } -} - -########################### -# pull a pointer element -sub EjsPullPointer($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - $self->pidl("if (ejs_pull_null(ejs, v, $name)) {"); - $self->indent; - if ($l->{POINTER_TYPE} eq "ref") { - $self->pidl("return NT_STATUS_INVALID_PARAMETER_MIX;"); - } else { - $self->pidl("$var = NULL;"); - } - $self->deindent; - $self->pidl("} else {"); - $self->indent; - $self->pidl("EJS_ALLOC(ejs, $var);"); - $var = get_value_of($var); - $self->EjsPullElement($e, GetNextLevel($e, $l), $var, $name, $env); - $self->deindent; - $self->pidl("}"); -} - -########################### -# pull a string element -sub EjsPullString($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $pl = GetPrevLevel($e, $l); - $var = get_pointer_to($var); - if (defined($pl) and $pl->{TYPE} eq "POINTER") { - $var = get_pointer_to($var); - } - $self->pidl("EJS_CHECK(ejs_pull_string(ejs, v, $name, $var));"); -} - -########################### -# pull an array element -sub EjsPullArray($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $nl = GetNextLevel($e, $l); - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e); - my $size = ParseExpr($l->{SIZE_IS}, $env, $e); - my $pl = GetPrevLevel($e, $l); - if ($pl && $pl->{TYPE} eq "POINTER") { - $var = get_pointer_to($var); - } - # uint8 arrays are treated as data blobs - if ($nl->{TYPE} eq 'DATA' && $e->{TYPE} eq 'uint8') { - if (!$l->{IS_FIXED}) { - $self->check_null_pointer($size); - $self->pidl("EJS_ALLOC_N(ejs, $var, $size);"); - } - $self->check_null_pointer($length); - $self->pidl("ejs_pull_array_uint8(ejs, v, $name, $var, $length);"); - return; - } - my $avar = $var . "[i]"; - $self->pidl("{"); - $self->indent; - $self->pidl("uint32_t i;"); - if (!$l->{IS_FIXED}) { - $self->pidl("EJS_ALLOC_N(ejs, $var, $size);"); - } - $self->pidl("for (i=0;i<$length;i++) {"); - $self->indent; - $self->pidl("char *id = talloc_asprintf(ejs, \"%s.%u\", $name, i);"); - $self->EjsPullElement($e, $nl, $avar, "id", $env); - $self->pidl("talloc_free(id);"); - $self->deindent; - $self->pidl("}"); - $self->pidl("ejs_push_uint32(ejs, v, $name \".length\", &i);"); - $self->deindent; - $self->pidl("}"); -} - -########################### -# pull a switch element -sub EjsPullSwitch($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $switch_var = ParseExpr($l->{SWITCH_IS}, $env, $e); - $self->pidl("ejs_set_switch(ejs, $switch_var);"); - $self->EjsPullElement($e, GetNextLevel($e, $l), $var, $name, $env); -} - -########################### -# pull a structure element -sub EjsPullElement($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - if (($l->{TYPE} eq "POINTER")) { - $self->EjsPullPointer($e, $l, $var, $name, $env); - } elsif (has_property($e, "charset")) { - $self->EjsPullString($e, $l, $var, $name, $env); - } elsif ($l->{TYPE} eq "ARRAY") { - $self->EjsPullArray($e, $l, $var, $name, $env); - } elsif ($l->{TYPE} eq "DATA") { - $self->EjsPullScalar($e, $l, $var, $name, $env); - } elsif (($l->{TYPE} eq "SWITCH")) { - $self->EjsPullSwitch($e, $l, $var, $name, $env); - } else { - $self->pidl("return ejs_panic(ejs, \"unhandled pull type $l->{TYPE}\");"); - } -} - -############################################# -# pull a structure/union element at top level -sub EjsPullElementTop($$$) -{ - my ($self, $e, $env) = @_; - my $l = $e->{LEVELS}[0]; - my $var = ParseExpr($e->{NAME}, $env, $e); - my $name = "\"$e->{NAME}\""; - $self->EjsPullElement($e, $l, $var, $name, $env); -} - -########################### -# pull a struct -sub EjsStructPull($$$) -{ - my ($self, $d, $varname) = @_; - my $env = GenerateStructEnv($d, $varname); - $self->pidl("EJS_CHECK(ejs_pull_struct_start(ejs, &v, name));"); - foreach my $e (@{$d->{ELEMENTS}}) { - $self->EjsPullElementTop($e, $env); - } -} - -########################### -# pull a union -sub EjsUnionPull($$$) -{ - my ($self, $d, $varname) = @_; - my $have_default = 0; - $self->pidl("EJS_CHECK(ejs_pull_struct_start(ejs, &v, name));"); - $self->pidl("switch (ejs->switch_var) {"); - $self->indent; - foreach my $e (@{$d->{ELEMENTS}}) { - if ($e->{CASE} eq "default") { - $have_default = 1; - } - $self->pidl("$e->{CASE}:"); - $self->indent; - if ($e->{TYPE} ne "EMPTY") { - $self->EjsPullElementTop($e, { $e->{NAME} => "$varname->$e->{NAME}"}); - } - $self->pidl("break;"); - $self->deindent; - } - if (! $have_default) { - $self->pidl("default:"); - $self->indent; - $self->pidl("return ejs_panic(ejs, \"Bad switch value\");"); - $self->deindent; - } - $self->deindent; - $self->pidl("}"); -} - -############################################## -# put the enum elements in the constants array -sub EjsEnumConstant($$) -{ - my ($self, $d) = @_; - return unless (defined($d->{ELEMENTS})); - my $v = 0; - foreach my $e (@{$d->{ELEMENTS}}) { - my $el = $e; - chomp $el; - if ($el =~ /^(.*)=\s*(.*)\s*$/) { - $el = $1; - $v = $2; - } - $self->{constants}->{$el} = $v; - $v++; - } -} - -########################### -# pull a enum -sub EjsEnumPull($$$) -{ - my ($self, $d, $varname) = @_; - $self->EjsEnumConstant($d); - $self->pidl("unsigned e;"); - $self->pidl("EJS_CHECK(ejs_pull_enum(ejs, v, name, &e));"); - $self->pidl("*$varname = e;"); -} - -########################### -# pull a bitmap -sub EjsBitmapPull($$$) -{ - my ($self, $d, $varname) = @_; - my $type_fn = $d->{BASE_TYPE}; - $self->pidl("EJS_CHECK(ejs_pull_$type_fn(ejs, v, name, $varname));"); -} - -sub EjsTypePullFunction($$$) -{ - sub EjsTypePullFunction($$$); - my ($self, $d, $name) = @_; - return if (has_property($d, "noejs")); - - if ($d->{TYPE} eq "TYPEDEF") { - $self->EjsTypePullFunction($d->{DATA}, $name); - return; - } - - if ($d->{TYPE} eq "STRUCT") { - $self->fn_declare($d, "NTSTATUS ejs_pull_$name(struct ejs_rpc *ejs, struct MprVar *v, const char *name, struct $name *r)"); - } elsif ($d->{TYPE} eq "UNION") { - $self->fn_declare($d, "NTSTATUS ejs_pull_$name(struct ejs_rpc *ejs, struct MprVar *v, const char *name, union $name *r)"); - } elsif ($d->{TYPE} eq "ENUM") { - $self->fn_declare($d, "NTSTATUS ejs_pull_$name(struct ejs_rpc *ejs, struct MprVar *v, const char *name, enum $name *r)"); - } elsif ($d->{TYPE} eq "BITMAP") { - my($type_decl) = Parse::Pidl::Typelist::mapTypeName($d->{BASE_TYPE}); - $self->fn_declare($d, "NTSTATUS ejs_pull_$name(struct ejs_rpc *ejs, struct MprVar *v, const char *name, $type_decl *r)"); - } - $self->pidl("{"); - $self->indent; - - $self->EjsTypePull($d, "r"); - - $self->pidl("return NT_STATUS_OK;"); - $self->deindent; - $self->pidl("}\n"); -} - -sub EjsTypePull($$$) -{ - my ($self, $d, $varname) = @_; - if ($d->{TYPE} eq 'STRUCT') { - $self->EjsStructPull($d, $varname); - } elsif ($d->{TYPE} eq 'UNION') { - $self->EjsUnionPull($d, $varname); - } elsif ($d->{TYPE} eq 'ENUM') { - $self->EjsEnumPull($d, $varname); - } elsif ($d->{TYPE} eq 'BITMAP') { - $self->EjsBitmapPull($d, $varname); - } else { - warn "Unhandled pull $varname of type $d->{TYPE}"; - } -} - -##################### -# generate a function -sub EjsPullFunction($$) -{ - my ($self, $d) = @_; - my $env = GenerateFunctionInEnv($d); - my $name = $d->{NAME}; - - $self->pidl("\nstatic NTSTATUS ejs_pull_$name(struct ejs_rpc *ejs, struct MprVar *v, struct $name *r)"); - $self->pidl("{"); - $self->indent; - $self->pidl("EJS_CHECK(ejs_pull_struct_start(ejs, &v, \"input\"));"); - - # we pull non-array elements before array elements as arrays - # may have length_is() or size_is() properties that depend - # on the non-array elements - foreach my $e (@{$d->{ELEMENTS}}) { - next unless (grep(/in/, @{$e->{DIRECTION}})); - next if (has_property($e, "length_is") || has_property($e, "size_is")); - $self->EjsPullElementTop($e, $env); - } - - foreach my $e (@{$d->{ELEMENTS}}) { - next unless (grep(/in/, @{$e->{DIRECTION}})); - next unless (has_property($e, "length_is") || has_property($e, "size_is")); - $self->EjsPullElementTop($e, $env); - } - - $self->pidl("return NT_STATUS_OK;"); - $self->deindent; - $self->pidl("}\n"); -} - -########################### -# push a scalar element -sub EjsPushScalar($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - - if (ref($e->{TYPE}) eq "HASH" and not defined($e->{TYPE}->{NAME})) { - $self->EjsTypePush($e->{TYPE}, get_pointer_to($var)); - } else { - # have to handle strings specially :( - my $pl = GetPrevLevel($e, $l); - - if ((not Parse::Pidl::Typelist::scalar_is_reference($e->{TYPE})) - or (defined($pl) and $pl->{TYPE} eq "POINTER")) { - $var = get_pointer_to($var); - } - - $self->pidl("EJS_CHECK(".TypeFunctionName("ejs_push", $e->{TYPE})."(ejs, v, $name, $var));"); - } -} - -########################### -# push a string element -sub EjsPushString($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $pl = GetPrevLevel($e, $l); - if (defined($pl) and $pl->{TYPE} eq "POINTER") { - $var = get_pointer_to($var); - } - $self->pidl("EJS_CHECK(ejs_push_string(ejs, v, $name, $var));"); -} - -########################### -# push a pointer element -sub EjsPushPointer($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - $self->pidl("if (NULL == $var) {"); - $self->indent; - if ($l->{POINTER_TYPE} eq "ref") { - $self->pidl("return NT_STATUS_INVALID_PARAMETER_MIX;"); - } else { - $self->pidl("EJS_CHECK(ejs_push_null(ejs, v, $name));"); - } - $self->deindent; - $self->pidl("} else {"); - $self->indent; - $var = get_value_of($var); - $self->EjsPushElement($e, GetNextLevel($e, $l), $var, $name, $env); - $self->deindent; - $self->pidl("}"); -} - -########################### -# push a switch element -sub EjsPushSwitch($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $switch_var = ParseExpr($l->{SWITCH_IS}, $env, $e); - $self->pidl("ejs_set_switch(ejs, $switch_var);"); - $self->EjsPushElement($e, GetNextLevel($e, $l), $var, $name, $env); -} - -########################### -# push an array element -sub EjsPushArray($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - my $nl = GetNextLevel($e, $l); - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e); - my $pl = GetPrevLevel($e, $l); - if ($pl && $pl->{TYPE} eq "POINTER") { - $var = get_pointer_to($var); - } - # uint8 arrays are treated as data blobs - if ($nl->{TYPE} eq 'DATA' && $e->{TYPE} eq 'uint8') { - $self->check_null_pointer($length); - $self->pidl("ejs_push_array_uint8(ejs, v, $name, $var, $length);"); - return; - } - my $avar = $var . "[i]"; - $self->pidl("{"); - $self->indent; - $self->pidl("uint32_t i;"); - $self->pidl("for (i=0;i<$length;i++) {"); - $self->indent; - $self->pidl("const char *id = talloc_asprintf(ejs, \"%s.%u\", $name, i);"); - $self->EjsPushElement($e, $nl, $avar, "id", $env); - $self->deindent; - $self->pidl("}"); - $self->pidl("ejs_push_uint32(ejs, v, $name \".length\", &i);"); - $self->deindent; - $self->pidl("}"); -} - -################################ -# push a structure/union element -sub EjsPushElement($$$$$$) -{ - my ($self, $e, $l, $var, $name, $env) = @_; - if (($l->{TYPE} eq "POINTER")) { - $self->EjsPushPointer($e, $l, $var, $name, $env); - } elsif (has_property($e, "charset")) { - $self->EjsPushString($e, $l, $var, $name, $env); - } elsif ($l->{TYPE} eq "ARRAY") { - $self->EjsPushArray($e, $l, $var, $name, $env); - } elsif ($l->{TYPE} eq "DATA") { - $self->EjsPushScalar($e, $l, $var, $name, $env); - } elsif (($l->{TYPE} eq "SWITCH")) { - $self->EjsPushSwitch($e, $l, $var, $name, $env); - } else { - $self->pidl("return ejs_panic(ejs, \"unhandled push type $l->{TYPE}\");"); - } -} - -############################################# -# push a structure/union element at top level -sub EjsPushElementTop($$$) -{ - my ($self, $e, $env) = @_; - my $l = $e->{LEVELS}[0]; - my $var = ParseExpr($e->{NAME}, $env, $e); - my $name = "\"$e->{NAME}\""; - $self->EjsPushElement($e, $l, $var, $name, $env); -} - -########################### -# push a struct -sub EjsStructPush($$$) -{ - my ($self, $d, $varname) = @_; - my $env = GenerateStructEnv($d, $varname); - $self->pidl("EJS_CHECK(ejs_push_struct_start(ejs, &v, name));"); - foreach my $e (@{$d->{ELEMENTS}}) { - $self->EjsPushElementTop($e, $env); - } -} - -########################### -# push a union -sub EjsUnionPush($$$) -{ - my ($self, $d, $varname) = @_; - my $have_default = 0; - $self->pidl("EJS_CHECK(ejs_push_struct_start(ejs, &v, name));"); - $self->pidl("switch (ejs->switch_var) {"); - $self->indent; - foreach my $e (@{$d->{ELEMENTS}}) { - if ($e->{CASE} eq "default") { - $have_default = 1; - } - $self->pidl("$e->{CASE}:"); - $self->indent; - if ($e->{TYPE} ne "EMPTY") { - $self->EjsPushElementTop($e, { $e->{NAME} => "$varname->$e->{NAME}"} ); - } - $self->pidl("break;"); - $self->deindent; - } - if (! $have_default) { - $self->pidl("default:"); - $self->indent; - $self->pidl("return ejs_panic(ejs, \"Bad switch value\");"); - $self->deindent; - } - $self->deindent; - $self->pidl("}"); -} - -########################### -# push a enum -sub EjsEnumPush($$$) -{ - my ($self, $d, $varname) = @_; - $self->EjsEnumConstant($d); - $self->pidl("unsigned e = ".get_value_of($varname).";"); - $self->pidl("EJS_CHECK(ejs_push_enum(ejs, v, name, &e));"); -} - -########################### -# push a bitmap -sub EjsBitmapPush($$$) -{ - my ($self, $d, $varname) = @_; - return unless (defined($d->{ELEMENTS})); - my $type_fn = $d->{BASE_TYPE}; - # put the bitmap elements in the constants array - foreach my $e (@{$d->{ELEMENTS}}) { - if ($e =~ /^(\w*)\s*(.*)\s*$/) { - my $bname = $1; - my $v = $2; - $self->{constants}->{$bname} = $v; - } - } - $self->pidl("EJS_CHECK(ejs_push_$type_fn(ejs, v, name, $varname));"); -} - -sub EjsTypePushFunction($$$) -{ - sub EjsTypePushFunction($$$); - my ($self, $d, $name) = @_; - return if (has_property($d, "noejs")); - - my $var = undef; - my $dt = $d; - if ($dt->{TYPE} eq "TYPEDEF") { - $dt = $dt->{DATA}; - } - if ($dt->{TYPE} eq "STRUCT") { - $var = "const struct $name *r"; - } elsif ($dt->{TYPE} eq "UNION") { - $var = "const union $name *r"; - } elsif ($dt->{TYPE} eq "ENUM") { - $var = "const enum $name *r"; - } elsif ($dt->{TYPE} eq "BITMAP") { - my($type_decl) = Parse::Pidl::Typelist::mapTypeName($dt->{BASE_TYPE}); - $var = "const $type_decl *r"; - } - $self->fn_declare($d, "NTSTATUS ".TypeFunctionName("ejs_push", $d) . "(struct ejs_rpc *ejs, struct MprVar *v, const char *name, $var)"); - $self->pidl("{"); - $self->indent; - $self->EjsTypePush($d, "r"); - $self->pidl("return NT_STATUS_OK;"); - $self->deindent; - $self->pidl("}\n"); -} - -sub EjsTypePush($$$) -{ - sub EjsTypePush($$$); - my ($self, $d, $varname) = @_; - - if ($d->{TYPE} eq 'STRUCT') { - $self->EjsStructPush($d, $varname); - } elsif ($d->{TYPE} eq 'UNION') { - $self->EjsUnionPush($d, $varname); - } elsif ($d->{TYPE} eq 'ENUM') { - $self->EjsEnumPush($d, $varname); - } elsif ($d->{TYPE} eq 'BITMAP') { - $self->EjsBitmapPush($d, $varname); - } elsif ($d->{TYPE} eq 'TYPEDEF') { - $self->EjsTypePush($d->{DATA}, $varname); - } else { - warn "Unhandled push $varname of type $d->{TYPE}"; - } -} - -##################### -# generate a function -sub EjsPushFunction($$) -{ - my ($self, $d) = @_; - my $env = GenerateFunctionOutEnv($d); - - $self->pidl("\nstatic NTSTATUS ejs_push_$d->{NAME}(struct ejs_rpc *ejs, struct MprVar *v, const struct $d->{NAME} *r)"); - $self->pidl("{"); - $self->indent; - $self->pidl("EJS_CHECK(ejs_push_struct_start(ejs, &v, \"output\"));"); - - foreach my $e (@{$d->{ELEMENTS}}) { - next unless (grep(/out/, @{$e->{DIRECTION}})); - $self->EjsPushElementTop($e, $env); - } - - if ($d->{RETURN_TYPE}) { - $self->pidl("EJS_CHECK(".TypeFunctionName("ejs_push", $d->{RETURN_TYPE})."(ejs, v, \"result\", &r->out.result));"); - } - - $self->pidl("return NT_STATUS_OK;"); - $self->deindent; - $self->pidl("}\n"); -} - -################################# -# generate a ejs mapping function -sub EjsFunction($$$) -{ - my ($self, $d, $iface) = @_; - my $name = $d->{NAME}; - my $callnum = uc("NDR_$name"); - my $table = "&ndr_table_$iface"; - - $self->pidl("static int ejs_$name(int eid, int argc, struct MprVar **argv)"); - $self->pidl("{"); - $self->indent; - $self->pidl("return ejs_rpc_call(eid, argc, argv, $table, $callnum, (ejs_pull_function_t)ejs_pull_$name, (ejs_push_function_t)ejs_push_$name);"); - $self->deindent; - $self->pidl("}\n"); -} - -################### -# handle a constant -sub EjsConst($$) -{ - my ($self, $const) = @_; - $self->{constants}->{$const->{NAME}} = $const->{VALUE}; -} - -sub EjsImport -{ - my $self = shift; - my @imports = @_; - foreach (@imports) { - s/\.idl\"$//; - s/^\"//; - $self->pidl_hdr("#include \"librpc/gen_ndr/ndr_$_\_ejs\.h\"\n"); - } -} - -##################################################################### -# parse the interface definitions -sub EjsInterface($$$) -{ - my($self,$interface,$needed) = @_; - my @fns = (); - my $name = $interface->{NAME}; - - $self->pidl_hdr("#ifndef _HEADER_EJS_$interface->{NAME}\n"); - $self->pidl_hdr("#define _HEADER_EJS_$interface->{NAME}\n\n"); - - $self->pidl_hdr("\n"); - - foreach my $d (@{$interface->{TYPES}}) { - next unless (typeHasBody($d)); - ($needed->{TypeFunctionName("ejs_push", $d)}) && $self->EjsTypePushFunction($d, $d->{NAME}); - ($needed->{TypeFunctionName("ejs_pull", $d)}) && $self->EjsTypePullFunction($d, $d->{NAME}); - } - - foreach my $d (@{$interface->{FUNCTIONS}}) { - next if not defined($d->{OPNUM}); - next if has_property($d, "noejs"); - - $self->EjsPullFunction($d); - $self->EjsPushFunction($d); - $self->EjsFunction($d, $name); - - push (@fns, $d->{NAME}); - } - - foreach my $d (@{$interface->{CONSTS}}) { - $self->EjsConst($d); - } - - $self->pidl("static int ejs_$name\_init(int eid, int argc, struct MprVar **argv)"); - $self->pidl("{"); - $self->indent; - $self->pidl("struct MprVar *obj = mprInitObject(eid, \"$name\", argc, argv);"); - foreach (@fns) { - $self->pidl("mprSetCFunction(obj, \"$_\", ejs_$_);"); - } - foreach my $v (keys %{$self->{constants}}) { - my $value = $self->{constants}->{$v}; - if (substr($value, 0, 1) eq "\"") { - $self->pidl("mprSetVar(obj, \"$v\", mprString($value));"); - } else { - $self->pidl("mprSetVar(obj, \"$v\", mprCreateNumberVar($value));"); - } - } - $self->pidl("return ejs_rpc_init(obj, \"$name\");"); - $self->deindent; - $self->pidl("}\n"); - - $self->pidl("NTSTATUS ejs_init_$name(void)"); - $self->pidl("{"); - $self->indent; - $self->pidl("ejsDefineCFunction(-1, \"$name\_init\", ejs_$name\_init, NULL, MPR_VAR_SCRIPT_HANDLE);"); - $self->pidl("return NT_STATUS_OK;"); - $self->deindent; - $self->pidl("}"); - - $self->pidl_hdr("\n"); - $self->pidl_hdr("#endif /* _HEADER_EJS_$interface->{NAME} */\n"); -} - -##################################################################### -# parse a parsed IDL into a C header -sub Parse($$$) -{ - my($self,$ndr,$hdr) = @_; - - my $ejs_hdr = $hdr; - $ejs_hdr =~ s/.h$/_ejs.h/; - - $self->pidl_hdr("/* header auto-generated by pidl */\n\n"); - - $self->pidl(" -/* EJS wrapper functions auto-generated by pidl */ -#include \"includes.h\" -#include \"librpc/rpc/dcerpc.h\" -#include \"lib/appweb/ejs/ejs.h\" -#include \"scripting/ejs/ejsrpc.h\" -#include \"scripting/ejs/smbcalls.h\" -#include \"librpc/gen_ndr/ndr_misc_ejs.h\" -#include \"$hdr\" -#include \"$ejs_hdr\" - -"); - - my %needed = (); - - foreach my $x (@{$ndr}) { - ($x->{TYPE} eq "INTERFACE") && NeededInterface($x, \%needed); - } - - foreach my $x (@$ndr) { - ($x->{TYPE} eq "INTERFACE") && $self->EjsInterface($x, \%needed); - ($x->{TYPE} eq "IMPORT") && $self->EjsImport(@{$x->{PATHS}}); - } - - return ($self->{res_hdr}, $self->{res}); -} - -sub NeededFunction($$) -{ - my ($fn,$needed) = @_; - - $needed->{"ejs_pull_$fn->{NAME}"} = 1; - $needed->{"ejs_push_$fn->{NAME}"} = 1; - - foreach (@{$fn->{ELEMENTS}}) { - next if (has_property($_, "subcontext")); #FIXME: Support subcontexts - if (grep(/in/, @{$_->{DIRECTION}})) { - $needed->{TypeFunctionName("ejs_pull", $_->{TYPE})} = 1; - } - if (grep(/out/, @{$_->{DIRECTION}})) { - $needed->{TypeFunctionName("ejs_push", $_->{TYPE})} = 1; - } - } -} - -sub NeededType($$$) -{ - sub NeededType($$$); - my ($t,$needed,$req) = @_; - - NeededType($t->{DATA}, $needed, $req) if ($t->{TYPE} eq "TYPEDEF"); - - return unless (($t->{TYPE} eq "STRUCT") or ($t->{TYPE} eq "UNION")); - - return unless(typeHasBody($t)); - - foreach (@{$t->{ELEMENTS}}) { - next if (has_property($_, "subcontext")); #FIXME: Support subcontexts - my $n; - if (ref($_->{TYPE}) ne "HASH" or defined($_->{TYPE}->{NAME})) { - $needed->{TypeFunctionName("ejs_$req", $_->{TYPE})} = 1; - } - NeededType($_->{TYPE}, $needed, $req) if (ref($_->{TYPE}) eq "HASH"); - } -} - -##################################################################### -# work out what parse functions are needed -sub NeededInterface($$) -{ - my ($interface,$needed) = @_; - - NeededFunction($_, $needed) foreach (@{$interface->{FUNCTIONS}}); - - foreach (reverse @{$interface->{TYPES}}) { - if (has_property($_, "public")) { - $needed->{TypeFunctionName("ejs_pull", $_)} = not has_property($_, "noejs"); - $needed->{TypeFunctionName("ejs_push", $_)} = not has_property($_, "noejs"); - } - - NeededType($_, $needed, "pull") if ($needed->{TypeFunctionName("ejs_pull", $_)}); - NeededType($_, $needed, "push") if ($needed->{TypeFunctionName("ejs_push", $_)}); - } -} - -sub TypeFunctionName($$) -{ - my ($prefix, $t) = @_; - - return "$prefix\_$t->{NAME}" if (ref($t) eq "HASH" and - $t->{TYPE} eq "TYPEDEF"); - return "$prefix\_$t->{TYPE}_$t->{NAME}" if (ref($t) eq "HASH"); - return "$prefix\_$t"; -} - - - -1; diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index fb73075f1a..ee81e51f25 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -16,7 +16,7 @@ use Parse::Pidl::Typelist qw(hasType getType mapTypeName typeHasBody); use Parse::Pidl::Util qw(has_property ParseExpr ParseExprExt print_uuid unmake_str); use Parse::Pidl::CUtil qw(get_pointer_to get_value_of get_array_element); use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel ContainsDeferred is_charset_array); -use Parse::Pidl::Samba4 qw(is_intree choose_header); +use Parse::Pidl::Samba4 qw(is_intree choose_header ArrayDynamicallyAllocated); use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv EnvSubstituteValue GenerateStructEnv); use Parse::Pidl qw(warning); @@ -376,7 +376,7 @@ sub ParseArrayPullHeader($$$$$$) $self->defer("}"); } - if (not $l->{IS_FIXED} and not is_charset_array($e, $l)) { + if (ArrayDynamicallyAllocated($e,$l) and not is_charset_array($e,$l)) { $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$size); } @@ -917,7 +917,7 @@ sub ParseMemCtxPullFlags($$$$) return undef unless ($l->{TYPE} eq "POINTER" or $l->{TYPE} eq "ARRAY"); - return undef if ($l->{TYPE} eq "ARRAY" and $l->{IS_FIXED}); + return undef unless ($l->{TYPE} ne "ARRAY" or ArrayDynamicallyAllocated($e,$l)); return undef if has_fast_array($e, $l); return undef if is_charset_array($e, $l); diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index a3107d4672..4c598b3ca0 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -14,6 +14,7 @@ use Parse::Pidl::Typelist qw(hasType resolveType getType mapTypeName expandAlias use Parse::Pidl::Util qw(has_property ParseExpr unmake_str); use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel ContainsDeferred is_charset_array); use Parse::Pidl::CUtil qw(get_value_of get_pointer_to); +use Parse::Pidl::Samba4 qw(ArrayDynamicallyAllocated); use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv EnvSubstituteValue GenerateStructEnv); use vars qw($VERSION); @@ -223,7 +224,10 @@ sub PythonStruct($$$$$$) $self->pidl("static PyObject *py_$name\_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)"); $self->pidl("{"); $self->indent; + $self->pidl("char *kwlist[] = {NULL};"); $self->pidl("$cname *ret = talloc_zero(NULL, $cname);"); + $self->pidl("if (!PyArg_ParseTupleAndKeywords(args, kwargs, \"\", kwlist))"); + $self->pidl("\treturn NULL;"); $self->pidl("return py_talloc_import(&$name\_Type, ret);"); $self->deindent; $self->pidl("}"); @@ -279,6 +283,11 @@ sub PythonStruct($$$$$$) $self->indent; $self->pidl("{ \"__ndr_pack__\", (PyCFunction)py_$name\_ndr_pack, METH_NOARGS, \"S.pack() -> blob\\nNDR pack\" },"); $self->pidl("{ \"__ndr_unpack__\", (PyCFunction)py_$name\_ndr_unpack, METH_VARARGS, \"S.unpack(blob) -> None\\nNDR unpack\" },"); + $self->deindent; + $self->pidl("#ifdef ".uc("py_$name\_extra_methods")); + $self->pidl("\t" .uc("py_$name\_extra_methods")); + $self->pidl("#endif"); + $self->indent; $self->pidl("{ NULL, NULL, 0, NULL }"); $self->deindent; $self->pidl("};"); @@ -289,6 +298,10 @@ sub PythonStruct($$$$$$) $self->pidl_hdr("#define $name\_Check(op) PyObject_TypeCheck(op, &$name\_Type)\n"); $self->pidl_hdr("#define $name\_CheckExact(op) ((op)->ob_type == &$name\_Type)\n"); $self->pidl_hdr("\n"); + $self->pidl("#ifndef ".uc("py_$name\_repr")); + $self->pidl("#define ".uc("py_$name\_repr") . " py_talloc_default_repr"); + $self->pidl("#endif"); + $self->pidl(""); my $docstring = ($self->DocString($d, $name) or "NULL"); my $typeobject = "$name\_Type"; $self->pidl("PyTypeObject $typeobject = {"); @@ -298,7 +311,7 @@ sub PythonStruct($$$$$$) $self->pidl(".tp_basicsize = sizeof(py_talloc_Object),"); $self->pidl(".tp_dealloc = py_talloc_dealloc,"); $self->pidl(".tp_getset = $getsetters,"); - $self->pidl(".tp_repr = py_talloc_default_repr,"); + $self->pidl(".tp_repr = ".uc("py_$name\_repr").","); $self->pidl(".tp_doc = $docstring,"); $self->pidl(".tp_methods = $py_methods,"); $self->pidl(".tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,"); @@ -623,6 +636,10 @@ sub Interface($$$) $self->pidl_hdr("\n"); + if (has_property($interface, "pyhelper")) { + $self->pidl("#include \"".unmake_str($interface->{PROPERTIES}->{pyhelper})."\"\n"); + } + $self->Const($_) foreach (@{$interface->{CONSTS}}); foreach my $d (@{$interface->{TYPES}}) { @@ -942,7 +959,7 @@ sub ConvertObjectFromPythonLevel($$$$$$$$) $self->pidl("{"); $self->indent; $self->pidl("int $counter;"); - if (!$l->{IS_FIXED}) { + if (ArrayDynamicallyAllocated($e, $l)) { $self->pidl("$var_name = talloc_array_ptrtype($mem_ctx, $var_name, PyList_Size($py_var));"); } $self->pidl("for ($counter = 0; $counter < PyList_Size($py_var); $counter++) {"); diff --git a/pidl/tests/samba-ejs.pl b/pidl/tests/samba-ejs.pl deleted file mode 100755 index 094d37a103..0000000000 --- a/pidl/tests/samba-ejs.pl +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/perl -# (C) 2007 Jelmer Vernooij <jelmer@samba.org> -# Published under the GNU General Public License -use strict; -use warnings; - -use Test::More tests => 10; -use FindBin qw($RealBin); -use lib "$RealBin"; -use Util; -use Parse::Pidl::Util qw(MyDumper); -use Parse::Pidl::Samba4::EJS qw(check_null_pointer - fn_declare TypeFunctionName); - -my $ejs = new Parse::Pidl::Samba4::EJS(); - -$ejs->check_null_pointer("bla"); -is($ejs->{res}, ""); - -$ejs = new Parse::Pidl::Samba4::EJS(); -$ejs->check_null_pointer("*bla"); -is($ejs->{res}, "if (bla == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;\n"); - -$ejs = new Parse::Pidl::Samba4::EJS(); -$ejs->fn_declare({ PROPERTIES => { public => 1 } }, "myproto(int x)"); -is($ejs->{res}, "_PUBLIC_ myproto(int x)\n"); -is($ejs->{res_hdr}, "myproto(int x);\n"); - -$ejs = new Parse::Pidl::Samba4::EJS(); -$ejs->fn_declare({ PROPERTIES => {} }, "mybla(int foo)"); -is($ejs->{res}, "static mybla(int foo)\n"); -is($ejs->{res_hdr}, ""); - -is(TypeFunctionName("ejs_pull", "uint32"), "ejs_pull_uint32"); -is(TypeFunctionName("ejs_pull", {TYPE => "ENUM", NAME => "bar"}), "ejs_pull_ENUM_bar"); -is(TypeFunctionName("ejs_pull", {TYPE => "TYPEDEF", NAME => "bar", DATA => undef}), "ejs_pull_bar"); -is(TypeFunctionName("ejs_push", {TYPE => "STRUCT", NAME => "bar"}), "ejs_push_STRUCT_bar"); diff --git a/source3/Makefile.in b/source3/Makefile.in index 83e94a4382..f53406c39e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -650,7 +650,8 @@ VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o -VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o +VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o modules/onefs_system.o \ + modules/onefs_open.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -1036,6 +1037,7 @@ IDMAP_ADEX_OBJ = \ WINBINDD_OBJ1 = \ winbindd/winbindd.o \ + winbindd/winbindd_reqtrans.o \ winbindd/winbindd_user.o \ winbindd/winbindd_group.o \ winbindd/winbindd_util.o \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9220df01c0..d2a8591ae6 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1294,7 +1294,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - auth_serversupplied_info *src) + const auth_serversupplied_info *src) { auth_serversupplied_info *dst; diff --git a/source3/client/client.c b/source3/client/client.c index 39f8f90bba..c88b918dc8 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -218,13 +218,12 @@ static int readfile(char *b, int n, XFILE *f) Send a message. ****************************************************************************/ -static void send_message(void) +static void send_message(const char *username) { int total_len = 0; int grp_id; - if (!cli_message_start(cli, desthost, - get_cmdline_auth_info_username(), &grp_id)) { + if (!cli_message_start(cli, desthost, username, &grp_id)) { d_printf("message start: %s\n", cli_errstr(cli)); return; } @@ -4607,7 +4606,7 @@ static int do_tar_op(const char *base_directory) Handle a message operation. ****************************************************************************/ -static int do_message_op(void) +static int do_message_op(struct user_auth_info *auth_info) { struct sockaddr_storage ss; struct nmb_name called, calling; @@ -4623,7 +4622,7 @@ static int do_message_op(void) snprintf(name_type_hex, sizeof(name_type_hex), "#%X", name_type); fstrcat(server_name, name_type_hex); - zero_addr(&ss); + zero_sockaddr(&ss); if (have_ip) ss = dest_ss; @@ -4648,7 +4647,7 @@ static int do_message_op(void) return 1; } - send_message(); + send_message(get_cmdline_auth_info_username(auth_info)); cli_cm_shutdown(); return 0; @@ -4695,6 +4694,7 @@ static int do_message_op(void) POPT_TABLEEND }; TALLOC_CTX *frame = talloc_stackframe(); + struct user_auth_info *auth_info; if (!client_set_cur_dir("\\")) { exit(ENOMEM); @@ -4724,6 +4724,12 @@ static int do_message_op(void) load_case_tables(); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + /* skip argv(0) */ pc = poptGetContext("smbclient", argc, (const char **) argv, long_options, 0); poptSetOtherOptionHelp(pc, "service <password>"); @@ -4751,8 +4757,11 @@ static int do_message_op(void) } /* if the service has already been retrieved then check if we have also a password */ - if (service_opt && (!get_cmdline_auth_info_got_pass()) && poptPeekArg(pc)) { - set_cmdline_auth_info_password(poptGetArg(pc)); + if (service_opt + && (!get_cmdline_auth_info_got_pass(auth_info)) + && poptPeekArg(pc)) { + set_cmdline_auth_info_password(auth_info, + poptGetArg(pc)); } switch (opt) { @@ -4858,8 +4867,11 @@ static int do_message_op(void) } /* if the service has already been retrieved then check if we have also a password */ - if (service_opt && !get_cmdline_auth_info_got_pass() && poptPeekArg(pc)) { - set_cmdline_auth_info_password(poptGetArg(pc)); + if (service_opt + && !get_cmdline_auth_info_got_pass(auth_info) + && poptPeekArg(pc)) { + set_cmdline_auth_info_password(auth_info, + poptGetArg(pc)); } /* check for the -P option */ @@ -4893,8 +4905,8 @@ static int do_message_op(void) argv[0], get_dyn_CONFIGFILE()); } - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { exit(-1); } @@ -4929,7 +4941,7 @@ static int do_message_op(void) calling_name = talloc_strdup(frame, global_myname() ); } - smb_encrypt = get_cmdline_auth_info_smb_encrypt(); + smb_encrypt = get_cmdline_auth_info_smb_encrypt(auth_info); if (!init_names()) { fprintf(stderr, "init_names() failed\n"); exit(1); @@ -4947,7 +4959,7 @@ static int do_message_op(void) /* Store the username and password for dfs support */ - cli_cm_set_credentials(); + cli_cm_set_credentials(auth_info); DEBUG(3,("Client started (version %s).\n", SAMBA_VERSION_STRING)); @@ -4980,7 +4992,7 @@ static int do_message_op(void) } if (message) { - return do_message_op(); + return do_message_op(auth_info); } if (process(base_directory)) { diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index da2f98bff8..9f4d1d3fd0 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -80,6 +80,9 @@ #define MOUNT_PASSWD_SIZE 64 #define DOMAIN_SIZE 64 +/* currently maximum length of IPv6 address string */ +#define MAX_ADDRESS_LEN INET6_ADDRSTRLEN + const char *thisprogram; int verboseflag = 0; static int got_password = 0; @@ -189,12 +192,6 @@ static char * getusername(void) { return username; } -static char * parse_cifs_url(char * unc_name) -{ - printf("\nMounting cifs URL not implemented yet. Attempt to mount %s\n",unc_name); - return NULL; -} - static int open_cred_file(char * file_name) { char * line_buf; @@ -494,7 +491,7 @@ static int parse_options(char ** optionsp, int * filesys_flags) } else if (strncmp(data, "ip", 2) == 0) { if (!value || !*value) { printf("target ip address argument missing"); - } else if (strnlen(value, 35) < 35) { + } else if (strnlen(value, MAX_ADDRESS_LEN) <= MAX_ADDRESS_LEN) { if(verboseflag) printf("ip address %s override specified\n",value); got_ip = 1; @@ -882,23 +879,23 @@ static void replace_char(char *string, char from, char to, int maxlen) } /* Note that caller frees the returned buffer if necessary */ -static char * parse_server(char ** punc_name) +static struct addrinfo * +parse_server(char ** punc_name) { char * unc_name = *punc_name; int length = strnlen(unc_name, MAX_UNC_LEN); char * share; - char * ipaddress_string = NULL; - struct hostent * host_entry = NULL; - struct in_addr server_ipaddr; + struct addrinfo *addrlist; + int rc; if(length > (MAX_UNC_LEN - 1)) { printf("mount error: UNC name too long"); return NULL; } - if (strncasecmp("cifs://",unc_name,7) == 0) - return parse_cifs_url(unc_name+7); - if (strncasecmp("smb://",unc_name,6) == 0) { - return parse_cifs_url(unc_name+6); + if ((strncasecmp("cifs://", unc_name, 7) == 0) || + (strncasecmp("smb://", unc_name, 6) == 0)) { + printf("\nMounting cifs URL not implemented yet. Attempt to mount %s\n", unc_name); + return NULL; } if(length < 3) { @@ -939,7 +936,12 @@ continue_unc_parsing: *share = 0; /* temporarily terminate the string */ share += 1; if(got_ip == 0) { - host_entry = gethostbyname(unc_name); + rc = getaddrinfo(unc_name, NULL, NULL, &addrlist); + if (rc != 0) { + printf("mount error: could not resolve address for %s: %s\n", + unc_name, gai_strerror(rc)); + addrlist = NULL; + } } *(share - 1) = '/'; /* put delimiter back */ @@ -954,23 +956,9 @@ continue_unc_parsing: printf("ip address specified explicitly\n"); return NULL; } - if(host_entry == NULL) { - printf("mount error: could not find target server. TCP name %s not found\n", unc_name); - return NULL; - } else { - /* BB should we pass an alternate version of the share name as Unicode */ - /* BB what about ipv6? BB */ - /* BB add retries with alternate servers in list */ + /* BB should we pass an alternate version of the share name as Unicode */ - memcpy(&server_ipaddr.s_addr, host_entry->h_addr, 4); - - ipaddress_string = inet_ntoa(server_ipaddr); - if(ipaddress_string == NULL) { - printf("mount error: could not get valid ip address for target server\n"); - return NULL; - } - return ipaddress_string; - } + return addrlist; } else { /* BB add code to find DFS root (send null path on get DFS Referral to specified server here */ printf("Mounting the DFS root for a particular server not implemented yet\n"); @@ -1034,10 +1022,11 @@ int main(int argc, char ** argv) int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; - char * ipaddr = NULL; + const char * ipaddr = NULL; char * uuid = NULL; char * mountpoint = NULL; char * options = NULL; + char * optionstail; char * resolved_path = NULL; char * temp; char * dev_name; @@ -1050,10 +1039,14 @@ int main(int argc, char ** argv) int optlen = 0; int orgoptlen = 0; size_t options_size = 0; + size_t current_len; int retry = 0; /* set when we have to retry mount with uppercase */ + struct addrinfo *addrhead = NULL, *addr; struct stat statbuf; struct utsname sysinfo; struct mntent mountent; + struct sockaddr_in *addr4; + struct sockaddr_in6 *addr6; FILE * pmntfile; /* setlocale(LC_ALL, ""); @@ -1245,8 +1238,8 @@ int main(int argc, char ** argv) rc = EX_USAGE; goto mount_exit; } - ipaddr = parse_server(&share_name); - if((ipaddr == NULL) && (got_ip == 0)) { + addrhead = addr = parse_server(&share_name); + if((addrhead == NULL) && (got_ip == 0)) { printf("No ip address specified and hostname not found\n"); rc = EX_USAGE; goto mount_exit; @@ -1293,7 +1286,13 @@ int main(int argc, char ** argv) } if(got_user == 0) { - user_name = getusername(); + /* Note that the password will not be retrieved from the + USER env variable (ie user%password form) as there is + already a PASSWD environment varaible */ + if (getenv("USER")) + user_name = strdup(getenv("USER")); + if (user_name == NULL) + user_name = getusername(); got_user = 1; } @@ -1310,7 +1309,6 @@ int main(int argc, char ** argv) } /* FIXME launch daemon (handles dfs name resolution and credential change) remember to clear parms and overwrite password field before launching */ -mount_retry: if(orgoptions) { optlen = strlen(orgoptions); orgoptlen = optlen; @@ -1325,10 +1323,10 @@ mount_retry: } if(user_name) optlen += strlen(user_name) + 6; - if(ipaddr) - optlen += strlen(ipaddr) + 4; + optlen += MAX_ADDRESS_LEN + 4; if(mountpassword) optlen += strlen(mountpassword) + 6; +mount_retry: SAFE_FREE(options); options_size = optlen + 10 + DOMAIN_SIZE; options = (char *)malloc(options_size /* space for commas in password */ + 8 /* space for domain= , domain name itself was counted as part of the length username string above */); @@ -1338,18 +1336,12 @@ mount_retry: exit(EX_SYSERR); } - options[0] = 0; - strlcpy(options,"unc=",options_size); + strlcpy(options, "unc=", options_size); strlcat(options,share_name,options_size); /* scan backwards and reverse direction of slash */ temp = strrchr(options, '/'); if(temp > options + 6) *temp = '\\'; - if(ipaddr) { - strlcat(options,",ip=",options_size); - strlcat(options,ipaddr,options_size); - } - if(user_name) { /* check for syntax like user=domain\user */ if(got_domain == 0) @@ -1391,11 +1383,42 @@ mount_retry: /* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */ replace_char(dev_name, '\\', '/', strlen(share_name)); - if(mount(dev_name, mountpoint, "cifs", flags, options)) { - /* remember to kill daemon on error */ + if (!got_ip && addr) { + strlcat(options, ",ip=", options_size); + current_len = strnlen(options, options_size); + optionstail = options + current_len; + switch (addr->ai_addr->sa_family) { + case AF_INET6: + addr6 = (struct sockaddr_in6 *) addr->ai_addr; + ipaddr = inet_ntop(AF_INET6, &addr6->sin6_addr, optionstail, + options_size - current_len); + break; + case AF_INET: + addr4 = (struct sockaddr_in *) addr->ai_addr; + ipaddr = inet_ntop(AF_INET, &addr4->sin_addr, optionstail, + options_size - current_len); + break; + } + + /* if the address looks bogus, try the next one */ + if (!ipaddr) { + addr = addr->ai_next; + if (addr) + goto mount_retry; + rc = EX_SYSERR; + goto mount_exit; + } + } + + if (mount(dev_name, mountpoint, "cifs", flags, options)) { switch (errno) { - case 0: - printf("mount failed but no error number set\n"); + case ECONNREFUSED: + case EHOSTUNREACH: + if (addr) { + addr = addr->ai_next; + if (addr) + goto mount_retry; + } break; case ENODEV: printf("mount error: cifs filesystem not supported by the system\n"); @@ -1410,64 +1433,64 @@ mount_retry: goto mount_retry; } } - default: - printf("mount error %d = %s\n",errno,strerror(errno)); } + printf("mount error(%d): %s\n", errno, strerror(errno)); printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); rc = EX_FAIL; - } else { - atexit(unlock_mtab); - rc = lock_mtab(); - if (rc) { - printf("cannot lock mtab"); - goto mount_exit; - } - pmntfile = setmntent(MOUNTED, "a+"); - if (!pmntfile) { - printf("could not update mount table\n"); - unlock_mtab(); - rc = EX_FILEIO; - goto mount_exit; - } - mountent.mnt_fsname = dev_name; - mountent.mnt_dir = mountpoint; - mountent.mnt_type = CONST_DISCARD(char *,"cifs"); - mountent.mnt_opts = (char *)malloc(220); - if(mountent.mnt_opts) { - char * mount_user = getusername(); - memset(mountent.mnt_opts,0,200); - if(flags & MS_RDONLY) - strlcat(mountent.mnt_opts,"ro",220); - else - strlcat(mountent.mnt_opts,"rw",220); - if(flags & MS_MANDLOCK) - strlcat(mountent.mnt_opts,",mand",220); - if(flags & MS_NOEXEC) - strlcat(mountent.mnt_opts,",noexec",220); - if(flags & MS_NOSUID) - strlcat(mountent.mnt_opts,",nosuid",220); - if(flags & MS_NODEV) - strlcat(mountent.mnt_opts,",nodev",220); - if(flags & MS_SYNCHRONOUS) - strlcat(mountent.mnt_opts,",sync",220); - if(mount_user) { - if(getuid() != 0) { - strlcat(mountent.mnt_opts, - ",user=", 220); - strlcat(mountent.mnt_opts, - mount_user, 220); - } + goto mount_exit; + } + + atexit(unlock_mtab); + rc = lock_mtab(); + if (rc) { + printf("cannot lock mtab"); + goto mount_exit; + } + pmntfile = setmntent(MOUNTED, "a+"); + if (!pmntfile) { + printf("could not update mount table\n"); + unlock_mtab(); + rc = EX_FILEIO; + goto mount_exit; + } + mountent.mnt_fsname = dev_name; + mountent.mnt_dir = mountpoint; + mountent.mnt_type = CONST_DISCARD(char *,"cifs"); + mountent.mnt_opts = (char *)malloc(220); + if(mountent.mnt_opts) { + char * mount_user = getusername(); + memset(mountent.mnt_opts,0,200); + if(flags & MS_RDONLY) + strlcat(mountent.mnt_opts,"ro",220); + else + strlcat(mountent.mnt_opts,"rw",220); + if(flags & MS_MANDLOCK) + strlcat(mountent.mnt_opts,",mand",220); + if(flags & MS_NOEXEC) + strlcat(mountent.mnt_opts,",noexec",220); + if(flags & MS_NOSUID) + strlcat(mountent.mnt_opts,",nosuid",220); + if(flags & MS_NODEV) + strlcat(mountent.mnt_opts,",nodev",220); + if(flags & MS_SYNCHRONOUS) + strlcat(mountent.mnt_opts,",sync",220); + if(mount_user) { + if(getuid() != 0) { + strlcat(mountent.mnt_opts, + ",user=", 220); + strlcat(mountent.mnt_opts, + mount_user, 220); } } - mountent.mnt_freq = 0; - mountent.mnt_passno = 0; - rc = addmntent(pmntfile,&mountent); - endmntent(pmntfile); - unlock_mtab(); - SAFE_FREE(mountent.mnt_opts); - if (rc) - rc = EX_FILEIO; } + mountent.mnt_freq = 0; + mountent.mnt_passno = 0; + rc = addmntent(pmntfile,&mountent); + endmntent(pmntfile); + unlock_mtab(); + SAFE_FREE(mountent.mnt_opts); + if (rc) + rc = EX_FILEIO; mount_exit: if(mountpassword) { int len = strlen(mountpassword); @@ -1475,6 +1498,8 @@ mount_exit: SAFE_FREE(mountpassword); } + if (addrhead) + freeaddrinfo(addrhead); SAFE_FREE(options); SAFE_FREE(orgoptions); SAFE_FREE(resolved_path); diff --git a/source3/configure.in b/source3/configure.in index 40e78e89d9..b90b1b3f60 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1052,6 +1052,20 @@ if test x"$samba_cv_HAVE_GPFS" = x"yes"; then fi LIBS="$save_LIBS" +printf "%s" "checking for GPFS libs (with 3.2.1 PTF8 available as GPL)... " +save_LIBS="$LIBS" +LIBS="$LIBS -lgpfs" +AC_TRY_LINK([#include <gpfs.h>], + [gpfs_set_share(0,GPFS_SHARE_READ,GPFS_DENY_NONE)], + samba_cv_HAVE_GPFS=yes, + samba_cv_HAVE_GPFS=no) +echo $samba_cv_HAVE_GPFS +if test x"$samba_cv_HAVE_GPFS" = x"yes"; then + AC_DEFINE(HAVE_GPFS,1,[Whether GPFS GPL libs are available]) + default_shared_modules="$default_shared_modules vfs_gpfs" +fi +LIBS="$save_LIBS" + ############################################# # check if building on Isilon OneFS printf "%s" "checking for Isilon OneFS... " diff --git a/source3/include/ads.h b/source3/include/ads.h index b72d250940..abff9eaa8c 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -80,7 +80,6 @@ typedef struct ads_struct { char *server_site_name; char *client_site_name; time_t current_time; - int tried_closest_dc; char *schema_path; char *config_path; } config; diff --git a/source3/include/async_req.h b/source3/include/async_req.h index 2d01b53814..14a30696c4 100644 --- a/source3/include/async_req.h +++ b/source3/include/async_req.h @@ -134,4 +134,8 @@ bool async_post_status(struct async_req *req, NTSTATUS status); bool async_req_nomem(const void *p, struct async_req *req); +bool async_req_is_error(struct async_req *req, NTSTATUS *status); + +NTSTATUS async_req_simple_recv(struct async_req *req); + #endif diff --git a/source3/include/async_smb.h b/source3/include/async_smb.h index 4e2061813f..25fd353632 100644 --- a/source3/include/async_smb.h +++ b/source3/include/async_smb.h @@ -125,6 +125,10 @@ bool cli_chain_cork(struct cli_state *cli, struct event_context *ev, size_t size_hint); void cli_chain_uncork(struct cli_state *cli); bool cli_in_chain(struct cli_state *cli); +bool smb_splice_chain(char **poutbuf, uint8_t smb_command, + uint8_t wct, const uint16_t *vwv, + size_t bytes_alignment, + uint16_t num_bytes, const uint8_t *bytes); NTSTATUS cli_pull_reply(struct async_req *req, uint8_t *pwct, uint16_t **pvwv, diff --git a/source3/include/async_sock.h b/source3/include/async_sock.h index 3c90453601..f0cd5fdaa4 100644 --- a/source3/include/async_sock.h +++ b/source3/include/async_sock.h @@ -22,24 +22,28 @@ #include "includes.h" -ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno); -size_t async_syscall_result_size_t (struct async_req **req, int *perrno); -ssize_t async_syscall_result_int (struct async_req **req, int *perrno); +ssize_t async_syscall_result_ssize_t(struct async_req *req, int *perrno); +size_t async_syscall_result_size_t(struct async_req *req, int *perrno); +ssize_t async_syscall_result_int(struct async_req *req, int *perrno); struct async_req *async_send(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, const void *buffer, size_t length, int flags); -struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, const void *buffer, size_t length, - int flags); struct async_req *async_recv(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, void *buffer, size_t length, int flags); -struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, void *buffer, size_t length, - int flags); struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, const struct sockaddr *address, socklen_t address_len); +struct async_req *sendall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, const void *buffer, size_t length, + int flags); +NTSTATUS sendall_recv(struct async_req *req); + +struct async_req *recvall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, void *buffer, size_t length, + int flags); +NTSTATUS recvall_recv(struct async_req *req); + #endif diff --git a/source3/include/client.h b/source3/include/client.h index 8d57fe1eed..587f3f6c67 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -52,6 +52,7 @@ struct cli_pipe_auth_data { char *domain; char *user_name; + DATA_BLOB user_session_key; union { struct schannel_auth_struct *schannel_auth; diff --git a/source3/include/proto.h b/source3/include/proto.h index f2bbb07f92..24929f6d7f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -123,7 +123,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, bool is_guest, struct auth_serversupplied_info **presult); struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - auth_serversupplied_info *src); + const auth_serversupplied_info *src); bool init_guest_info(void); bool server_info_set_session_key(struct auth_serversupplied_info *info, DATA_BLOB session_key); @@ -637,6 +637,7 @@ void pidfile_create(const char *program_name); /* The following definitions come from lib/popt_common.c */ +void popt_common_set_auth_info(struct user_auth_info *auth_info); /* The following definitions come from lib/privileges.c */ @@ -723,6 +724,7 @@ bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); /* The following definitions come from lib/secdesc.c */ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); +uint32_t get_sec_info(const SEC_DESC *sd); SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb); SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, enum security_descriptor_revision revision, @@ -1138,22 +1140,28 @@ void gfree_all( void ); const char *my_netbios_names(int i); bool set_netbios_aliases(const char **str_array); bool init_names(void); -const char *get_cmdline_auth_info_username(void); -void set_cmdline_auth_info_username(const char *username); -const char *get_cmdline_auth_info_password(void); -void set_cmdline_auth_info_password(const char *password); -bool set_cmdline_auth_info_signing_state(const char *arg); -int get_cmdline_auth_info_signing_state(void); -void set_cmdline_auth_info_use_kerberos(bool b); -bool get_cmdline_auth_info_use_kerberos(void); -void set_cmdline_auth_info_use_krb5_ticket(void); -void set_cmdline_auth_info_smb_encrypt(void); -void set_cmdline_auth_info_use_machine_account(void); -bool get_cmdline_auth_info_got_pass(void); -bool get_cmdline_auth_info_smb_encrypt(void); -bool get_cmdline_auth_info_use_machine_account(void); -bool get_cmdline_auth_info_copy(struct user_auth_info *info); -bool set_cmdline_auth_info_machine_account_creds(void); +struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx); +const char *get_cmdline_auth_info_username(struct user_auth_info *auth_info); +void set_cmdline_auth_info_username(struct user_auth_info *auth_info, + const char *username); +void set_cmdline_auth_info_password(struct user_auth_info *auth_info, + const char *password); +const char *get_cmdline_auth_info_password(struct user_auth_info *auth_info); +bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info, + const char *arg); +int get_cmdline_auth_info_signing_state(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, + bool b); +bool get_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info *auth_info); +void set_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_got_pass(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info); +struct user_auth_info *get_cmdline_auth_info_copy(TALLOC_CTX *mem_ctx, + struct user_auth_info *info); +bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info); bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); const char *get_numlist(const char *p, uint32 **num, int *count); @@ -1396,13 +1404,13 @@ bool is_loopback_ip_v4(struct in_addr ip); bool is_loopback_addr(const struct sockaddr *pss); bool is_zero_addr(const struct sockaddr *pss); void zero_ip_v4(struct in_addr *ip); -void zero_addr(struct sockaddr_storage *pss); +void zero_sockaddr(struct sockaddr_storage *pss); void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss, struct in_addr ip); bool same_net(const struct sockaddr *ip1, const struct sockaddr *ip2, const struct sockaddr *mask); -bool addr_equal(const struct sockaddr *ip1, +bool sockaddr_equal(const struct sockaddr *ip1, const struct sockaddr *ip2); bool is_address_any(const struct sockaddr *psa); uint16_t get_sockaddr_port(const struct sockaddr_storage *pss); @@ -2314,15 +2322,7 @@ void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct do /* The following definitions come from librpc/ndr/sid.c */ -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); /* The following definitions come from librpc/rpc/binding.c */ @@ -2418,7 +2418,7 @@ struct cli_state *cli_cm_open(TALLOC_CTX *ctx, bool force_encrypt); void cli_cm_shutdown(void); void cli_cm_display(void); -void cli_cm_set_credentials(void); +void cli_cm_set_credentials(struct user_auth_info *auth_info); void cli_cm_set_port(int port_number); void cli_cm_set_dest_name_type(int type); void cli_cm_set_signing_state(int state); @@ -2983,6 +2983,7 @@ bool namecache_status_fetch(const char *keyname, /* The following definitions come from libsmb/namequery.c */ bool saf_store( const char *domain, const char *servername ); +bool saf_join_store( const char *domain, const char *servername ); bool saf_delete( const char *domain ); char *saf_fetch( const char *domain ); NODE_STATUS_STRUCT *node_status_query(int fd, @@ -3454,7 +3455,7 @@ bool is_valid_share_mode_entry(const struct share_mode_entry *e); bool is_deferred_open_entry(const struct share_mode_entry *e); bool is_unused_share_mode_entry(const struct share_mode_entry *e); void set_share_mode(struct share_mode_lock *lck, files_struct *fsp, - uid_t uid, uint16 mid, uint16 op_type, bool initial_delete_on_close_allowed); + uid_t uid, uint16 mid, uint16 op_type); void add_deferred_open(struct share_mode_lock *lck, uint16 mid, struct timeval request_time, struct file_id id); @@ -3464,11 +3465,9 @@ bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp); bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp); NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close, uint32 dosmode); -bool can_set_initial_delete_on_close(const struct share_mode_lock *lck); void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok); void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, UNIX_USER_TOKEN *tok); bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKEN *tok); -bool set_allow_initial_delete_on_close(struct share_mode_lock *lck, files_struct *fsp, bool delete_on_close); bool set_sticky_write_time(struct file_id fileid, struct timespec write_time); bool set_write_time(struct file_id fileid, struct timespec write_time); int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *, @@ -3922,7 +3921,7 @@ char *lp_remote_announce(void); char *lp_remote_browse_sync(void); const char **lp_wins_server_list(void); const char **lp_interfaces(void); -char *lp_socket_address(void); +const char *lp_socket_address(void); char *lp_nis_home_map_name(void); const char **lp_netbios_aliases(void); const char *lp_passdb_backend(void); @@ -4136,6 +4135,7 @@ bool lp_hide_special_files(int ); bool lp_hideunreadable(int ); bool lp_hideunwriteable_files(int ); bool lp_browseable(int ); +bool lp_access_based_share_enum(int ); bool lp_readonly(int ); bool lp_no_set_dir(int ); bool lp_guest_ok(int ); @@ -4252,7 +4252,7 @@ const char *lp_ldap_machine_suffix(void); const char *lp_ldap_user_suffix(void); const char *lp_ldap_group_suffix(void); const char *lp_ldap_idmap_suffix(void); -void *lp_local_ptr(int snum, void *ptr); +void *lp_local_ptr_by_snum(int snum, void *ptr); bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue); void init_locals(void); bool lp_is_default(int snum, struct parm_struct *parm); @@ -5672,7 +5672,8 @@ void init_samr_user_info16(struct samr_UserInfo16 *r, uint32_t acct_flags); void init_samr_user_info18(struct samr_UserInfo18 *r, const uint8 lm_pwd[16], - const uint8 nt_pwd[16]); + const uint8 nt_pwd[16], + uint8_t password_expired); void init_samr_user_info20(struct samr_UserInfo20 *r, struct lsa_BinaryString *parameters); void init_samr_user_info21(struct samr_UserInfo21 *r, @@ -6520,70 +6521,6 @@ bool svcctl_io_r_query_service_config2(const char *desc, SVCCTL_R_QUERY_SERVICE_ bool svcctl_io_q_query_service_status_ex(const char *desc, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, prs_struct *ps, int depth); bool svcctl_io_r_query_service_status_ex(const char *desc, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u, prs_struct *ps, int depth); -/* The following definitions come from rpc_server/srv_dfs_nt.c */ - -void _dfs_GetManagerVersion(pipes_struct *p, struct dfs_GetManagerVersion *r); -WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r); -WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r); -WERROR _dfs_Enum(pipes_struct *p, struct dfs_Enum *r); -WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r); -WERROR _dfs_SetInfo(pipes_struct *p, struct dfs_SetInfo *r); -WERROR _dfs_Rename(pipes_struct *p, struct dfs_Rename *r); -WERROR _dfs_Move(pipes_struct *p, struct dfs_Move *r); -WERROR _dfs_ManagerGetConfigInfo(pipes_struct *p, struct dfs_ManagerGetConfigInfo *r); -WERROR _dfs_ManagerSendSiteInfo(pipes_struct *p, struct dfs_ManagerSendSiteInfo *r); -WERROR _dfs_AddFtRoot(pipes_struct *p, struct dfs_AddFtRoot *r); -WERROR _dfs_RemoveFtRoot(pipes_struct *p, struct dfs_RemoveFtRoot *r); -WERROR _dfs_AddStdRoot(pipes_struct *p, struct dfs_AddStdRoot *r); -WERROR _dfs_RemoveStdRoot(pipes_struct *p, struct dfs_RemoveStdRoot *r); -WERROR _dfs_ManagerInitialize(pipes_struct *p, struct dfs_ManagerInitialize *r); -WERROR _dfs_AddStdRootForced(pipes_struct *p, struct dfs_AddStdRootForced *r); -WERROR _dfs_GetDcAddress(pipes_struct *p, struct dfs_GetDcAddress *r); -WERROR _dfs_SetDcAddress(pipes_struct *p, struct dfs_SetDcAddress *r); -WERROR _dfs_FlushFtTable(pipes_struct *p, struct dfs_FlushFtTable *r); -WERROR _dfs_Add2(pipes_struct *p, struct dfs_Add2 *r); -WERROR _dfs_Remove2(pipes_struct *p, struct dfs_Remove2 *r); -WERROR _dfs_EnumEx(pipes_struct *p, struct dfs_EnumEx *r); -WERROR _dfs_SetInfo2(pipes_struct *p, struct dfs_SetInfo2 *r); - -/* The following definitions come from rpc_server/srv_dssetup_nt.c */ - -WERROR _dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p, - struct dssetup_DsRoleGetPrimaryDomainInformation *r); -WERROR _dssetup_DsRoleDnsNameToFlatName(pipes_struct *p, - struct dssetup_DsRoleDnsNameToFlatName *r); -WERROR _dssetup_DsRoleDcAsDc(pipes_struct *p, - struct dssetup_DsRoleDcAsDc *r); -WERROR _dssetup_DsRoleDcAsReplica(pipes_struct *p, - struct dssetup_DsRoleDcAsReplica *r); -WERROR _dssetup_DsRoleDemoteDc(pipes_struct *p, - struct dssetup_DsRoleDemoteDc *r); -WERROR _dssetup_DsRoleGetDcOperationProgress(pipes_struct *p, - struct dssetup_DsRoleGetDcOperationProgress *r); -WERROR _dssetup_DsRoleGetDcOperationResults(pipes_struct *p, - struct dssetup_DsRoleGetDcOperationResults *r); -WERROR _dssetup_DsRoleCancel(pipes_struct *p, - struct dssetup_DsRoleCancel *r); -WERROR _dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p, - struct dssetup_DsRoleServerSaveStateForUpgrade *r); -WERROR _dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p, - struct dssetup_DsRoleUpgradeDownlevelServer *r); -WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p, - struct dssetup_DsRoleAbortDownlevelServerUpgrade *r); - -/* The following definitions come from rpc_server/srv_echo_nt.c */ - -void _echo_AddOne(pipes_struct *p, struct echo_AddOne *r ); -void _echo_EchoData(pipes_struct *p, struct echo_EchoData *r); -void _echo_SinkData(pipes_struct *p, struct echo_SinkData *r); -void _echo_SourceData(pipes_struct *p, struct echo_SourceData *r); -void _echo_TestCall(pipes_struct *p, struct echo_TestCall *r); -NTSTATUS _echo_TestCall2(pipes_struct *p, struct echo_TestCall2 *r); -uint32 _echo_TestSleep(pipes_struct *p, struct echo_TestSleep *r); -void _echo_TestEnum(pipes_struct *p, struct echo_TestEnum *r); -void _echo_TestSurrounding(pipes_struct *p, struct echo_TestSurrounding *r); -uint16 _echo_TestDoublePointer(pipes_struct *p, struct echo_TestDoublePointer *r); - /* The following definitions come from rpc_server/srv_eventlog.c */ NTSTATUS rpc_eventlog2_init(void); @@ -6604,43 +6541,9 @@ bool parse_logentry( char *line, Eventlog_entry * entry, bool * eor ); /* The following definitions come from rpc_server/srv_eventlog_nt.c */ -NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, - struct eventlog_OpenEventLogW *r); -NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, - struct eventlog_ClearEventLogW *r); -NTSTATUS _eventlog_CloseEventLog( pipes_struct * p, struct eventlog_CloseEventLog *r ); NTSTATUS _eventlog_read_eventlog( pipes_struct * p, EVENTLOG_Q_READ_EVENTLOG * q_u, EVENTLOG_R_READ_EVENTLOG * r_u ); -NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, - struct eventlog_GetOldestRecord *r); -NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, - struct eventlog_GetNumRecords *r); -NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r); -NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r); -NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r); -NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r); -NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r); -NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p, struct eventlog_ReadEventLogW *r); -NTSTATUS _eventlog_ReportEventW(pipes_struct *p, struct eventlog_ReportEventW *r); -NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r); -NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r); -NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r); -NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r); -NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r); -NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r); -NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r); -NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r); -NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r); -NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r); -NTSTATUS _eventlog_GetLogIntormation(pipes_struct *p, struct eventlog_GetLogIntormation *r); -NTSTATUS _eventlog_FlushEventLog(pipes_struct *p, struct eventlog_FlushEventLog *r); - -/* The following definitions come from rpc_server/srv_initshutdown_nt.c */ - -WERROR _initshutdown_Init(pipes_struct *p, struct initshutdown_Init *r); -WERROR _initshutdown_InitEx(pipes_struct *p, struct initshutdown_InitEx *r); -WERROR _initshutdown_Abort(pipes_struct *p, struct initshutdown_Abort *r); /* The following definitions come from rpc_server/srv_lsa_hnd.c */ @@ -6651,216 +6554,6 @@ bool close_policy_hnd(pipes_struct *p, POLICY_HND *hnd); void close_policy_by_pipe(pipes_struct *p); bool pipe_access_check(pipes_struct *p); -/* The following definitions come from rpc_server/srv_lsa_nt.c */ - -NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, - struct lsa_OpenPolicy2 *r); -NTSTATUS _lsa_OpenPolicy(pipes_struct *p, - struct lsa_OpenPolicy *r); -NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, - struct lsa_EnumTrustDom *r); -NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p, - struct lsa_QueryInfoPolicy *r); -NTSTATUS _lsa_LookupSids(pipes_struct *p, - struct lsa_LookupSids *r); -NTSTATUS _lsa_LookupSids2(pipes_struct *p, - struct lsa_LookupSids2 *r); -NTSTATUS _lsa_LookupSids3(pipes_struct *p, - struct lsa_LookupSids3 *r); -NTSTATUS _lsa_LookupNames(pipes_struct *p, - struct lsa_LookupNames *r); -NTSTATUS _lsa_LookupNames2(pipes_struct *p, - struct lsa_LookupNames2 *r); -NTSTATUS _lsa_LookupNames3(pipes_struct *p, - struct lsa_LookupNames3 *r); -NTSTATUS _lsa_LookupNames4(pipes_struct *p, - struct lsa_LookupNames4 *r); -NTSTATUS _lsa_Close(pipes_struct *p, struct lsa_Close *r); -NTSTATUS _lsa_OpenSecret(pipes_struct *p, struct lsa_OpenSecret *r); -NTSTATUS _lsa_OpenTrustedDomain(pipes_struct *p, struct lsa_OpenTrustedDomain *r); -NTSTATUS _lsa_CreateTrustedDomain(pipes_struct *p, struct lsa_CreateTrustedDomain *r); -NTSTATUS _lsa_CreateSecret(pipes_struct *p, struct lsa_CreateSecret *r); -NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r); -NTSTATUS _lsa_DeleteObject(pipes_struct *p, - struct lsa_DeleteObject *r); -NTSTATUS _lsa_EnumPrivs(pipes_struct *p, - struct lsa_EnumPrivs *r); -NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p, - struct lsa_LookupPrivDisplayName *r); -NTSTATUS _lsa_EnumAccounts(pipes_struct *p, - struct lsa_EnumAccounts *r); -NTSTATUS _lsa_GetUserName(pipes_struct *p, - struct lsa_GetUserName *r); -NTSTATUS _lsa_CreateAccount(pipes_struct *p, - struct lsa_CreateAccount *r); -NTSTATUS _lsa_OpenAccount(pipes_struct *p, - struct lsa_OpenAccount *r); -NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, - struct lsa_EnumPrivsAccount *r); -NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, - struct lsa_GetSystemAccessAccount *r); -NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, - struct lsa_SetSystemAccessAccount *r); -NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, - struct lsa_AddPrivilegesToAccount *r); -NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, - struct lsa_RemovePrivilegesFromAccount *r); -NTSTATUS _lsa_QuerySecurity(pipes_struct *p, - struct lsa_QuerySecurity *r); -NTSTATUS _lsa_AddAccountRights(pipes_struct *p, - struct lsa_AddAccountRights *r); -NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, - struct lsa_RemoveAccountRights *r); -NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, - struct lsa_EnumAccountRights *r); -NTSTATUS _lsa_LookupPrivValue(pipes_struct *p, - struct lsa_LookupPrivValue *r); -NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r); -NTSTATUS _lsa_SetSecObj(pipes_struct *p, struct lsa_SetSecObj *r); -NTSTATUS _lsa_ChangePassword(pipes_struct *p, struct lsa_ChangePassword *r); -NTSTATUS _lsa_SetInfoPolicy(pipes_struct *p, struct lsa_SetInfoPolicy *r); -NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r); -NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r); -NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccount *r); -NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r); -NTSTATUS _lsa_SetInformationTrustedDomain(pipes_struct *p, struct lsa_SetInformationTrustedDomain *r); -NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct lsa_QuerySecret *r); -NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r); -NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccountsWithUserRight *r); -NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct lsa_QueryTrustedDomainInfoBySid *r); -NTSTATUS _lsa_SetTrustedDomainInfo(pipes_struct *p, struct lsa_SetTrustedDomainInfo *r); -NTSTATUS _lsa_DeleteTrustedDomain(pipes_struct *p, struct lsa_DeleteTrustedDomain *r); -NTSTATUS _lsa_StorePrivateData(pipes_struct *p, struct lsa_StorePrivateData *r); -NTSTATUS _lsa_RetrievePrivateData(pipes_struct *p, struct lsa_RetrievePrivateData *r); -NTSTATUS _lsa_QueryInfoPolicy2(pipes_struct *p, struct lsa_QueryInfoPolicy2 *r); -NTSTATUS _lsa_SetInfoPolicy2(pipes_struct *p, struct lsa_SetInfoPolicy2 *r); -NTSTATUS _lsa_QueryTrustedDomainInfoByName(pipes_struct *p, struct lsa_QueryTrustedDomainInfoByName *r); -NTSTATUS _lsa_SetTrustedDomainInfoByName(pipes_struct *p, struct lsa_SetTrustedDomainInfoByName *r); -NTSTATUS _lsa_EnumTrustedDomainsEx(pipes_struct *p, struct lsa_EnumTrustedDomainsEx *r); -NTSTATUS _lsa_CreateTrustedDomainEx(pipes_struct *p, struct lsa_CreateTrustedDomainEx *r); -NTSTATUS _lsa_CloseTrustedDomainEx(pipes_struct *p, struct lsa_CloseTrustedDomainEx *r); -NTSTATUS _lsa_QueryDomainInformationPolicy(pipes_struct *p, struct lsa_QueryDomainInformationPolicy *r); -NTSTATUS _lsa_SetDomainInformationPolicy(pipes_struct *p, struct lsa_SetDomainInformationPolicy *r); -NTSTATUS _lsa_OpenTrustedDomainByName(pipes_struct *p, struct lsa_OpenTrustedDomainByName *r); -NTSTATUS _lsa_TestCall(pipes_struct *p, struct lsa_TestCall *r); -NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r); -NTSTATUS _lsa_CREDRWRITE(pipes_struct *p, struct lsa_CREDRWRITE *r); -NTSTATUS _lsa_CREDRREAD(pipes_struct *p, struct lsa_CREDRREAD *r); -NTSTATUS _lsa_CREDRENUMERATE(pipes_struct *p, struct lsa_CREDRENUMERATE *r); -NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(pipes_struct *p, struct lsa_CREDRWRITEDOMAINCREDENTIALS *r); -NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(pipes_struct *p, struct lsa_CREDRREADDOMAINCREDENTIALS *r); -NTSTATUS _lsa_CREDRDELETE(pipes_struct *p, struct lsa_CREDRDELETE *r); -NTSTATUS _lsa_CREDRGETTARGETINFO(pipes_struct *p, struct lsa_CREDRGETTARGETINFO *r); -NTSTATUS _lsa_CREDRPROFILELOADED(pipes_struct *p, struct lsa_CREDRPROFILELOADED *r); -NTSTATUS _lsa_CREDRGETSESSIONTYPES(pipes_struct *p, struct lsa_CREDRGETSESSIONTYPES *r); -NTSTATUS _lsa_LSARREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARREGISTERAUDITEVENT *r); -NTSTATUS _lsa_LSARGENAUDITEVENT(pipes_struct *p, struct lsa_LSARGENAUDITEVENT *r); -NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARUNREGISTERAUDITEVENT *r); -NTSTATUS _lsa_lsaRQueryForestTrustInformation(pipes_struct *p, struct lsa_lsaRQueryForestTrustInformation *r); -NTSTATUS _lsa_LSARSETFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARSETFORESTTRUSTINFORMATION *r); -NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r); -NTSTATUS _lsa_LSAROPENPOLICYSCE(pipes_struct *p, struct lsa_LSAROPENPOLICYSCE *r); -NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(pipes_struct *p, struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r); -NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(pipes_struct *p, struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r); -NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(pipes_struct *p, struct lsa_LSARADTREPORTSECURITYEVENT *r); - -/* The following definitions come from rpc_server/srv_netlog_nt.c */ - -WERROR _netr_LogonControl(pipes_struct *p, - struct netr_LogonControl *r); -WERROR _netr_LogonControl2(pipes_struct *p, - struct netr_LogonControl2 *r); -WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, - struct netr_NetrEnumerateTrustedDomains *r); -NTSTATUS _netr_ServerReqChallenge(pipes_struct *p, - struct netr_ServerReqChallenge *r); -NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, - struct netr_ServerAuthenticate *r); -NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, - struct netr_ServerAuthenticate2 *r); -NTSTATUS _netr_ServerPasswordSet(pipes_struct *p, - struct netr_ServerPasswordSet *r); -NTSTATUS _netr_LogonSamLogoff(pipes_struct *p, - struct netr_LogonSamLogoff *r); -NTSTATUS _netr_LogonSamLogon(pipes_struct *p, - struct netr_LogonSamLogon *r); -NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p, - struct netr_LogonSamLogonEx *r); -WERROR _netr_LogonUasLogon(pipes_struct *p, - struct netr_LogonUasLogon *r); -WERROR _netr_LogonUasLogoff(pipes_struct *p, - struct netr_LogonUasLogoff *r); -NTSTATUS _netr_DatabaseDeltas(pipes_struct *p, - struct netr_DatabaseDeltas *r); -NTSTATUS _netr_DatabaseSync(pipes_struct *p, - struct netr_DatabaseSync *r); -NTSTATUS _netr_AccountDeltas(pipes_struct *p, - struct netr_AccountDeltas *r); -NTSTATUS _netr_AccountSync(pipes_struct *p, - struct netr_AccountSync *r); -WERROR _netr_GetDcName(pipes_struct *p, - struct netr_GetDcName *r); -WERROR _netr_GetAnyDCName(pipes_struct *p, - struct netr_GetAnyDCName *r); -NTSTATUS _netr_DatabaseSync2(pipes_struct *p, - struct netr_DatabaseSync2 *r); -NTSTATUS _netr_DatabaseRedo(pipes_struct *p, - struct netr_DatabaseRedo *r); -WERROR _netr_LogonControl2Ex(pipes_struct *p, - struct netr_LogonControl2Ex *r); -WERROR _netr_DsRGetDCName(pipes_struct *p, - struct netr_DsRGetDCName *r); -WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p, - struct netr_NETRLOGONDUMMYROUTINE1 *r); -WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p, - struct netr_NETRLOGONSETSERVICEBITS *r); -WERROR _netr_LogonGetTrustRid(pipes_struct *p, - struct netr_LogonGetTrustRid *r); -WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p, - struct netr_NETRLOGONCOMPUTESERVERDIGEST *r); -WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p, - struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r); -NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, - struct netr_ServerAuthenticate3 *r); -WERROR _netr_DsRGetDCNameEx(pipes_struct *p, - struct netr_DsRGetDCNameEx *r); -WERROR _netr_DsRGetSiteName(pipes_struct *p, - struct netr_DsRGetSiteName *r); -NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p, - struct netr_LogonGetDomainInfo *r); -NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, - struct netr_ServerPasswordSet2 *r); -WERROR _netr_ServerPasswordGet(pipes_struct *p, - struct netr_ServerPasswordGet *r); -WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p, - struct netr_NETRLOGONSENDTOSAM *r); -WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p, - struct netr_DsRAddressToSitenamesW *r); -WERROR _netr_DsRGetDCNameEx2(pipes_struct *p, - struct netr_DsRGetDCNameEx2 *r); -WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p, - struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r); -WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p, - struct netr_NetrEnumerateTrustedDomainsEx *r); -WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p, - struct netr_DsRAddressToSitenamesExW *r); -WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p, - struct netr_DsrGetDcSiteCoverageW *r); -WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p, - struct netr_DsrEnumerateDomainTrusts *r); -WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, - struct netr_DsrDeregisterDNSHostRecords *r); -NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, - struct netr_ServerTrustPasswordsGet *r); -WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, - struct netr_DsRGetForestTrustInformation *r); -WERROR _netr_GetForestTrustInformation(pipes_struct *p, - struct netr_GetForestTrustInformation *r); -NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, - struct netr_LogonSamLogonWithFlags *r); -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, - struct netr_NETRSERVERGETTRUSTINFO *r); - /* The following definitions come from rpc_server/srv_ntsvcs.c */ void ntsvcs2_get_pipe_fns( struct api_struct **fns, int *n_fns ); @@ -6868,137 +6561,7 @@ NTSTATUS rpc_ntsvcs2_init(void); /* The following definitions come from rpc_server/srv_ntsvcs_nt.c */ -WERROR _PNP_GetVersion(pipes_struct *p, - struct PNP_GetVersion *r); -WERROR _PNP_GetDeviceListSize(pipes_struct *p, - struct PNP_GetDeviceListSize *r); WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, NTSVCS_R_GET_DEVICE_LIST *r_u ); -WERROR _PNP_ValidateDeviceInstance(pipes_struct *p, - struct PNP_ValidateDeviceInstance *r); -WERROR _PNP_GetHwProfInfo(pipes_struct *p, - struct PNP_GetHwProfInfo *r); -WERROR _PNP_HwProfFlags(pipes_struct *p, - struct PNP_HwProfFlags *r); -WERROR _PNP_Disconnect(pipes_struct *p, - struct PNP_Disconnect *r); -WERROR _PNP_Connect(pipes_struct *p, - struct PNP_Connect *r); -WERROR _PNP_GetGlobalState(pipes_struct *p, - struct PNP_GetGlobalState *r); -WERROR _PNP_InitDetection(pipes_struct *p, - struct PNP_InitDetection *r); -WERROR _PNP_ReportLogOn(pipes_struct *p, - struct PNP_ReportLogOn *r); -WERROR _PNP_GetRootDeviceInstance(pipes_struct *p, - struct PNP_GetRootDeviceInstance *r); -WERROR _PNP_GetRelatedDeviceInstance(pipes_struct *p, - struct PNP_GetRelatedDeviceInstance *r); -WERROR _PNP_EnumerateSubKeys(pipes_struct *p, - struct PNP_EnumerateSubKeys *r); -WERROR _PNP_GetDeviceList(pipes_struct *p, - struct PNP_GetDeviceList *r); -WERROR _PNP_GetDepth(pipes_struct *p, - struct PNP_GetDepth *r); -WERROR _PNP_GetDeviceRegProp(pipes_struct *p, - struct PNP_GetDeviceRegProp *r); -WERROR _PNP_SetDeviceRegProp(pipes_struct *p, - struct PNP_SetDeviceRegProp *r); -WERROR _PNP_GetClassInstance(pipes_struct *p, - struct PNP_GetClassInstance *r); -WERROR _PNP_CreateKey(pipes_struct *p, - struct PNP_CreateKey *r); -WERROR _PNP_DeleteRegistryKey(pipes_struct *p, - struct PNP_DeleteRegistryKey *r); -WERROR _PNP_GetClassCount(pipes_struct *p, - struct PNP_GetClassCount *r); -WERROR _PNP_GetClassName(pipes_struct *p, - struct PNP_GetClassName *r); -WERROR _PNP_DeleteClassKey(pipes_struct *p, - struct PNP_DeleteClassKey *r); -WERROR _PNP_GetInterfaceDeviceAlias(pipes_struct *p, - struct PNP_GetInterfaceDeviceAlias *r); -WERROR _PNP_GetInterfaceDeviceList(pipes_struct *p, - struct PNP_GetInterfaceDeviceList *r); -WERROR _PNP_GetInterfaceDeviceListSize(pipes_struct *p, - struct PNP_GetInterfaceDeviceListSize *r); -WERROR _PNP_RegisterDeviceClassAssociation(pipes_struct *p, - struct PNP_RegisterDeviceClassAssociation *r); -WERROR _PNP_UnregisterDeviceClassAssociation(pipes_struct *p, - struct PNP_UnregisterDeviceClassAssociation *r); -WERROR _PNP_GetClassRegProp(pipes_struct *p, - struct PNP_GetClassRegProp *r); -WERROR _PNP_SetClassRegProp(pipes_struct *p, - struct PNP_SetClassRegProp *r); -WERROR _PNP_CreateDevInst(pipes_struct *p, - struct PNP_CreateDevInst *r); -WERROR _PNP_DeviceInstanceAction(pipes_struct *p, - struct PNP_DeviceInstanceAction *r); -WERROR _PNP_GetDeviceStatus(pipes_struct *p, - struct PNP_GetDeviceStatus *r); -WERROR _PNP_SetDeviceProblem(pipes_struct *p, - struct PNP_SetDeviceProblem *r); -WERROR _PNP_DisableDevInst(pipes_struct *p, - struct PNP_DisableDevInst *r); -WERROR _PNP_UninstallDevInst(pipes_struct *p, - struct PNP_UninstallDevInst *r); -WERROR _PNP_AddID(pipes_struct *p, - struct PNP_AddID *r); -WERROR _PNP_RegisterDriver(pipes_struct *p, - struct PNP_RegisterDriver *r); -WERROR _PNP_QueryRemove(pipes_struct *p, - struct PNP_QueryRemove *r); -WERROR _PNP_RequestDeviceEject(pipes_struct *p, - struct PNP_RequestDeviceEject *r); -WERROR _PNP_IsDockStationPresent(pipes_struct *p, - struct PNP_IsDockStationPresent *r); -WERROR _PNP_RequestEjectPC(pipes_struct *p, - struct PNP_RequestEjectPC *r); -WERROR _PNP_AddEmptyLogConf(pipes_struct *p, - struct PNP_AddEmptyLogConf *r); -WERROR _PNP_FreeLogConf(pipes_struct *p, - struct PNP_FreeLogConf *r); -WERROR _PNP_GetFirstLogConf(pipes_struct *p, - struct PNP_GetFirstLogConf *r); -WERROR _PNP_GetNextLogConf(pipes_struct *p, - struct PNP_GetNextLogConf *r); -WERROR _PNP_GetLogConfPriority(pipes_struct *p, - struct PNP_GetLogConfPriority *r); -WERROR _PNP_AddResDes(pipes_struct *p, - struct PNP_AddResDes *r); -WERROR _PNP_FreeResDes(pipes_struct *p, - struct PNP_FreeResDes *r); -WERROR _PNP_GetNextResDes(pipes_struct *p, - struct PNP_GetNextResDes *r); -WERROR _PNP_GetResDesData(pipes_struct *p, - struct PNP_GetResDesData *r); -WERROR _PNP_GetResDesDataSize(pipes_struct *p, - struct PNP_GetResDesDataSize *r); -WERROR _PNP_ModifyResDes(pipes_struct *p, - struct PNP_ModifyResDes *r); -WERROR _PNP_DetectResourceLimit(pipes_struct *p, - struct PNP_DetectResourceLimit *r); -WERROR _PNP_QueryResConfList(pipes_struct *p, - struct PNP_QueryResConfList *r); -WERROR _PNP_SetHwProf(pipes_struct *p, - struct PNP_SetHwProf *r); -WERROR _PNP_QueryArbitratorFreeData(pipes_struct *p, - struct PNP_QueryArbitratorFreeData *r); -WERROR _PNP_QueryArbitratorFreeSize(pipes_struct *p, - struct PNP_QueryArbitratorFreeSize *r); -WERROR _PNP_RunDetection(pipes_struct *p, - struct PNP_RunDetection *r); -WERROR _PNP_RegisterNotification(pipes_struct *p, - struct PNP_RegisterNotification *r); -WERROR _PNP_UnregisterNotification(pipes_struct *p, - struct PNP_UnregisterNotification *r); -WERROR _PNP_GetCustomDevProp(pipes_struct *p, - struct PNP_GetCustomDevProp *r); -WERROR _PNP_GetVersionInternal(pipes_struct *p, - struct PNP_GetVersionInternal *r); -WERROR _PNP_GetBlockedDriverInfo(pipes_struct *p, - struct PNP_GetBlockedDriverInfo *r); -WERROR _PNP_GetServerSideDeviceInstallFlags(pipes_struct *p, - struct PNP_GetServerSideDeviceInstallFlags *r); /* The following definitions come from rpc_server/srv_pipe.c */ @@ -7035,145 +6598,6 @@ NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len, NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, ssize_t *nread, bool *is_data_outstanding); - -/* The following definitions come from rpc_server/srv_samr_nt.c */ - -NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r); -NTSTATUS _samr_OpenDomain(pipes_struct *p, - struct samr_OpenDomain *r); -NTSTATUS _samr_GetUserPwInfo(pipes_struct *p, - struct samr_GetUserPwInfo *r); -NTSTATUS _samr_SetSecurity(pipes_struct *p, - struct samr_SetSecurity *r); -NTSTATUS _samr_QuerySecurity(pipes_struct *p, - struct samr_QuerySecurity *r); -NTSTATUS _samr_EnumDomainUsers(pipes_struct *p, - struct samr_EnumDomainUsers *r); -NTSTATUS _samr_EnumDomainGroups(pipes_struct *p, - struct samr_EnumDomainGroups *r); -NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, - struct samr_EnumDomainAliases *r); -NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, - struct samr_QueryDisplayInfo *r); -NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p, - struct samr_QueryDisplayInfo2 *r); -NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p, - struct samr_QueryDisplayInfo3 *r); -NTSTATUS _samr_QueryAliasInfo(pipes_struct *p, - struct samr_QueryAliasInfo *r); -NTSTATUS _samr_LookupNames(pipes_struct *p, - struct samr_LookupNames *r); -NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, - struct samr_ChangePasswordUser2 *r); -NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, - struct samr_ChangePasswordUser3 *r); -NTSTATUS _samr_LookupRids(pipes_struct *p, - struct samr_LookupRids *r); -NTSTATUS _samr_OpenUser(pipes_struct *p, - struct samr_OpenUser *r); -NTSTATUS _samr_QueryUserInfo(pipes_struct *p, - struct samr_QueryUserInfo *r); -NTSTATUS _samr_GetGroupsForUser(pipes_struct *p, - struct samr_GetGroupsForUser *r); -NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, - struct samr_QueryDomainInfo *r); -NTSTATUS _samr_CreateUser2(pipes_struct *p, - struct samr_CreateUser2 *r); -NTSTATUS _samr_Connect(pipes_struct *p, - struct samr_Connect *r); -NTSTATUS _samr_Connect2(pipes_struct *p, - struct samr_Connect2 *r); -NTSTATUS _samr_Connect4(pipes_struct *p, - struct samr_Connect4 *r); -NTSTATUS _samr_Connect5(pipes_struct *p, - struct samr_Connect5 *r); -NTSTATUS _samr_LookupDomain(pipes_struct *p, - struct samr_LookupDomain *r); -NTSTATUS _samr_EnumDomains(pipes_struct *p, - struct samr_EnumDomains *r); -NTSTATUS _samr_OpenAlias(pipes_struct *p, - struct samr_OpenAlias *r); -NTSTATUS _samr_SetUserInfo(pipes_struct *p, - struct samr_SetUserInfo *r); -NTSTATUS _samr_SetUserInfo2(pipes_struct *p, - struct samr_SetUserInfo2 *r); -NTSTATUS _samr_GetAliasMembership(pipes_struct *p, - struct samr_GetAliasMembership *r); -NTSTATUS _samr_GetMembersInAlias(pipes_struct *p, - struct samr_GetMembersInAlias *r); -NTSTATUS _samr_QueryGroupMember(pipes_struct *p, - struct samr_QueryGroupMember *r); -NTSTATUS _samr_AddAliasMember(pipes_struct *p, - struct samr_AddAliasMember *r); -NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, - struct samr_DeleteAliasMember *r); -NTSTATUS _samr_AddGroupMember(pipes_struct *p, - struct samr_AddGroupMember *r); -NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, - struct samr_DeleteGroupMember *r); -NTSTATUS _samr_DeleteUser(pipes_struct *p, - struct samr_DeleteUser *r); -NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, - struct samr_DeleteDomainGroup *r); -NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, - struct samr_DeleteDomAlias *r); -NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, - struct samr_CreateDomainGroup *r); -NTSTATUS _samr_CreateDomAlias(pipes_struct *p, - struct samr_CreateDomAlias *r); -NTSTATUS _samr_QueryGroupInfo(pipes_struct *p, - struct samr_QueryGroupInfo *r); -NTSTATUS _samr_SetGroupInfo(pipes_struct *p, - struct samr_SetGroupInfo *r); -NTSTATUS _samr_SetAliasInfo(pipes_struct *p, - struct samr_SetAliasInfo *r); -NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, - struct samr_GetDomPwInfo *r); -NTSTATUS _samr_OpenGroup(pipes_struct *p, - struct samr_OpenGroup *r); -NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p, - struct samr_RemoveMemberFromForeignDomain *r); -NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p, - struct samr_QueryDomainInfo2 *r); -NTSTATUS _samr_SetDomainInfo(pipes_struct *p, - struct samr_SetDomainInfo *r); -NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p, - struct samr_GetDisplayEnumerationIndex *r); -NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p, - struct samr_GetDisplayEnumerationIndex2 *r); -NTSTATUS _samr_Shutdown(pipes_struct *p, - struct samr_Shutdown *r); -NTSTATUS _samr_CreateUser(pipes_struct *p, - struct samr_CreateUser *r); -NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p, - struct samr_SetMemberAttributesOfGroup *r); -NTSTATUS _samr_ChangePasswordUser(pipes_struct *p, - struct samr_ChangePasswordUser *r); -NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p, - struct samr_TestPrivateFunctionsDomain *r); -NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p, - struct samr_TestPrivateFunctionsUser *r); -NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, - struct samr_QueryUserInfo2 *r); -NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p, - struct samr_AddMultipleMembersToAlias *r); -NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p, - struct samr_RemoveMultipleMembersFromAlias *r); -NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p, - struct samr_OemChangePasswordUser2 *r); -NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p, - struct samr_SetBootKeyInformation *r); -NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p, - struct samr_GetBootKeyInformation *r); -NTSTATUS _samr_Connect3(pipes_struct *p, - struct samr_Connect3 *r); -NTSTATUS _samr_RidToSid(pipes_struct *p, - struct samr_RidToSid *r); -NTSTATUS _samr_SetDsrmPassword(pipes_struct *p, - struct samr_SetDsrmPassword *r); -NTSTATUS _samr_ValidatePassword(pipes_struct *p, - struct samr_ValidatePassword *r); - /* The following definitions come from rpc_server/srv_samr_util.c */ void copy_id20_to_sam_passwd(struct samu *to, @@ -7333,79 +6757,7 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X /* The following definitions come from rpc_server/srv_srvsvc_nt.c */ -WERROR _srvsvc_NetFileEnum(pipes_struct *p, - struct srvsvc_NetFileEnum *r); -WERROR _srvsvc_NetSrvGetInfo(pipes_struct *p, - struct srvsvc_NetSrvGetInfo *r); -WERROR _srvsvc_NetSrvSetInfo(pipes_struct *p, - struct srvsvc_NetSrvSetInfo *r); -WERROR _srvsvc_NetConnEnum(pipes_struct *p, - struct srvsvc_NetConnEnum *r); -WERROR _srvsvc_NetSessEnum(pipes_struct *p, - struct srvsvc_NetSessEnum *r); -WERROR _srvsvc_NetSessDel(pipes_struct *p, - struct srvsvc_NetSessDel *r); -WERROR _srvsvc_NetShareEnumAll(pipes_struct *p, - struct srvsvc_NetShareEnumAll *r); -WERROR _srvsvc_NetShareEnum(pipes_struct *p, - struct srvsvc_NetShareEnum *r); -WERROR _srvsvc_NetShareGetInfo(pipes_struct *p, - struct srvsvc_NetShareGetInfo *r); char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname); -WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, - struct srvsvc_NetShareSetInfo *r); -WERROR _srvsvc_NetShareAdd(pipes_struct *p, - struct srvsvc_NetShareAdd *r); -WERROR _srvsvc_NetShareDel(pipes_struct *p, - struct srvsvc_NetShareDel *r); -WERROR _srvsvc_NetShareDelSticky(pipes_struct *p, - struct srvsvc_NetShareDelSticky *r); -WERROR _srvsvc_NetRemoteTOD(pipes_struct *p, - struct srvsvc_NetRemoteTOD *r); -WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, - struct srvsvc_NetGetFileSecurity *r); -WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, - struct srvsvc_NetSetFileSecurity *r); -WERROR _srvsvc_NetDiskEnum(pipes_struct *p, - struct srvsvc_NetDiskEnum *r); -WERROR _srvsvc_NetNameValidate(pipes_struct *p, - struct srvsvc_NetNameValidate *r); -WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r); -WERROR _srvsvc_NetCharDevEnum(pipes_struct *p, struct srvsvc_NetCharDevEnum *r); -WERROR _srvsvc_NetCharDevGetInfo(pipes_struct *p, struct srvsvc_NetCharDevGetInfo *r); -WERROR _srvsvc_NetCharDevControl(pipes_struct *p, struct srvsvc_NetCharDevControl *r); -WERROR _srvsvc_NetCharDevQEnum(pipes_struct *p, struct srvsvc_NetCharDevQEnum *r); -WERROR _srvsvc_NetCharDevQGetInfo(pipes_struct *p, struct srvsvc_NetCharDevQGetInfo *r); -WERROR _srvsvc_NetCharDevQSetInfo(pipes_struct *p, struct srvsvc_NetCharDevQSetInfo *r); -WERROR _srvsvc_NetCharDevQPurge(pipes_struct *p, struct srvsvc_NetCharDevQPurge *r); -WERROR _srvsvc_NetCharDevQPurgeSelf(pipes_struct *p, struct srvsvc_NetCharDevQPurgeSelf *r); -WERROR _srvsvc_NetFileGetInfo(pipes_struct *p, struct srvsvc_NetFileGetInfo *r); -WERROR _srvsvc_NetShareCheck(pipes_struct *p, struct srvsvc_NetShareCheck *r); -WERROR _srvsvc_NetServerStatisticsGet(pipes_struct *p, struct srvsvc_NetServerStatisticsGet *r); -WERROR _srvsvc_NetTransportAdd(pipes_struct *p, struct srvsvc_NetTransportAdd *r); -WERROR _srvsvc_NetTransportEnum(pipes_struct *p, struct srvsvc_NetTransportEnum *r); -WERROR _srvsvc_NetTransportDel(pipes_struct *p, struct srvsvc_NetTransportDel *r); -WERROR _srvsvc_NetSetServiceBits(pipes_struct *p, struct srvsvc_NetSetServiceBits *r); -WERROR _srvsvc_NetPathType(pipes_struct *p, struct srvsvc_NetPathType *r); -WERROR _srvsvc_NetPathCanonicalize(pipes_struct *p, struct srvsvc_NetPathCanonicalize *r); -WERROR _srvsvc_NetPathCompare(pipes_struct *p, struct srvsvc_NetPathCompare *r); -WERROR _srvsvc_NETRPRNAMECANONICALIZE(pipes_struct *p, struct srvsvc_NETRPRNAMECANONICALIZE *r); -WERROR _srvsvc_NetPRNameCompare(pipes_struct *p, struct srvsvc_NetPRNameCompare *r); -WERROR _srvsvc_NetShareDelStart(pipes_struct *p, struct srvsvc_NetShareDelStart *r); -WERROR _srvsvc_NetShareDelCommit(pipes_struct *p, struct srvsvc_NetShareDelCommit *r); -WERROR _srvsvc_NetServerTransportAddEx(pipes_struct *p, struct srvsvc_NetServerTransportAddEx *r); -WERROR _srvsvc_NetServerSetServiceBitsEx(pipes_struct *p, struct srvsvc_NetServerSetServiceBitsEx *r); -WERROR _srvsvc_NETRDFSGETVERSION(pipes_struct *p, struct srvsvc_NETRDFSGETVERSION *r); -WERROR _srvsvc_NETRDFSCREATELOCALPARTITION(pipes_struct *p, struct srvsvc_NETRDFSCREATELOCALPARTITION *r); -WERROR _srvsvc_NETRDFSDELETELOCALPARTITION(pipes_struct *p, struct srvsvc_NETRDFSDELETELOCALPARTITION *r); -WERROR _srvsvc_NETRDFSSETLOCALVOLUMESTATE(pipes_struct *p, struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r); -WERROR _srvsvc_NETRDFSSETSERVERINFO(pipes_struct *p, struct srvsvc_NETRDFSSETSERVERINFO *r); -WERROR _srvsvc_NETRDFSCREATEEXITPOINT(pipes_struct *p, struct srvsvc_NETRDFSCREATEEXITPOINT *r); -WERROR _srvsvc_NETRDFSDELETEEXITPOINT(pipes_struct *p, struct srvsvc_NETRDFSDELETEEXITPOINT *r); -WERROR _srvsvc_NETRDFSMODIFYPREFIX(pipes_struct *p, struct srvsvc_NETRDFSMODIFYPREFIX *r); -WERROR _srvsvc_NETRDFSFIXLOCALVOLUME(pipes_struct *p, struct srvsvc_NETRDFSFIXLOCALVOLUME *r); -WERROR _srvsvc_NETRDFSMANAGERREPORTSITEINFO(pipes_struct *p, struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r); -WERROR _srvsvc_NETRSERVERTRANSPORTDELEX(pipes_struct *p, struct srvsvc_NETRSERVERTRANSPORTDELEX *r); /* The following definitions come from rpc_server/srv_svcctl.c */ @@ -7415,138 +6767,9 @@ NTSTATUS rpc_svcctl2_init(void); /* The following definitions come from rpc_server/srv_svcctl_nt.c */ bool init_service_op_table( void ); -WERROR _svcctl_OpenSCManagerW(pipes_struct *p, - struct svcctl_OpenSCManagerW *r); -WERROR _svcctl_OpenServiceW(pipes_struct *p, - struct svcctl_OpenServiceW *r); -WERROR _svcctl_CloseServiceHandle(pipes_struct *p, struct svcctl_CloseServiceHandle *r); -WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, - struct svcctl_GetServiceDisplayNameW *r); -WERROR _svcctl_QueryServiceStatus(pipes_struct *p, - struct svcctl_QueryServiceStatus *r); WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, SVCCTL_R_ENUM_SERVICES_STATUS *r_u); -WERROR _svcctl_StartServiceW(pipes_struct *p, - struct svcctl_StartServiceW *r); -WERROR _svcctl_ControlService(pipes_struct *p, - struct svcctl_ControlService *r); -WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, - struct svcctl_EnumDependentServicesW *r); WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u ); WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG2 *r_u ); -WERROR _svcctl_LockServiceDatabase(pipes_struct *p, - struct svcctl_LockServiceDatabase *r); -WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p, - struct svcctl_UnlockServiceDatabase *r); -WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, - struct svcctl_QueryServiceObjectSecurity *r); -WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, - struct svcctl_SetServiceObjectSecurity *r); -WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r); -WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r); -WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r); -WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r); -WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r); -WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r); -WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, struct svcctl_EnumServicesStatusW *r); -WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, struct svcctl_QueryServiceConfigW *r); -WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r); -WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r); -WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r); -WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r); -WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r); -WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r); -WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r); -WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r); -WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r); -WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r); -WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r); -WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r); -WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r); -WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r); -WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r); -WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r); -WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r); -WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r); -WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r); -WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, struct svcctl_QueryServiceConfig2W *r); -WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, struct svcctl_QueryServiceStatusEx *r); -WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r); -WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r); -WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r); - -/* The following definitions come from rpc_server/srv_winreg_nt.c */ - -WERROR _winreg_CloseKey(pipes_struct *p, struct winreg_CloseKey *r); -WERROR _winreg_OpenHKLM(pipes_struct *p, struct winreg_OpenHKLM *r); -WERROR _winreg_OpenHKPD(pipes_struct *p, struct winreg_OpenHKPD *r); -WERROR _winreg_OpenHKPT(pipes_struct *p, struct winreg_OpenHKPT *r); -WERROR _winreg_OpenHKCR(pipes_struct *p, struct winreg_OpenHKCR *r); -WERROR _winreg_OpenHKU(pipes_struct *p, struct winreg_OpenHKU *r); -WERROR _winreg_OpenHKCU(pipes_struct *p, struct winreg_OpenHKCU *r); -WERROR _winreg_OpenHKCC(pipes_struct *p, struct winreg_OpenHKCC *r); -WERROR _winreg_OpenHKDD(pipes_struct *p, struct winreg_OpenHKDD *r); -WERROR _winreg_OpenHKPN(pipes_struct *p, struct winreg_OpenHKPN *r); -WERROR _winreg_OpenKey(pipes_struct *p, struct winreg_OpenKey *r); -WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r); -WERROR _winreg_QueryInfoKey(pipes_struct *p, struct winreg_QueryInfoKey *r); -WERROR _winreg_GetVersion(pipes_struct *p, struct winreg_GetVersion *r); -WERROR _winreg_EnumKey(pipes_struct *p, struct winreg_EnumKey *r); -WERROR _winreg_EnumValue(pipes_struct *p, struct winreg_EnumValue *r); -WERROR _winreg_InitiateSystemShutdown(pipes_struct *p, struct winreg_InitiateSystemShutdown *r); -WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateSystemShutdownEx *r); -WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShutdown *r); -WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r); -WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r); -WERROR _winreg_SaveKeyEx(pipes_struct *p, struct winreg_SaveKeyEx *r); -WERROR _winreg_CreateKey( pipes_struct *p, struct winreg_CreateKey *r); -WERROR _winreg_SetValue(pipes_struct *p, struct winreg_SetValue *r); -WERROR _winreg_DeleteKey(pipes_struct *p, struct winreg_DeleteKey *r); -WERROR _winreg_DeleteValue(pipes_struct *p, struct winreg_DeleteValue *r); -WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r); -WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r); -WERROR _winreg_FlushKey(pipes_struct *p, struct winreg_FlushKey *r); -WERROR _winreg_UnLoadKey(pipes_struct *p, struct winreg_UnLoadKey *r); -WERROR _winreg_ReplaceKey(pipes_struct *p, struct winreg_ReplaceKey *r); -WERROR _winreg_LoadKey(pipes_struct *p, struct winreg_LoadKey *r); -WERROR _winreg_NotifyChangeKeyValue(pipes_struct *p, struct winreg_NotifyChangeKeyValue *r); -WERROR _winreg_QueryMultipleValues(pipes_struct *p, struct winreg_QueryMultipleValues *r); -WERROR _winreg_QueryMultipleValues2(pipes_struct *p, struct winreg_QueryMultipleValues2 *r); - -/* The following definitions come from rpc_server/srv_wkssvc_nt.c */ - -WERROR _wkssvc_NetWkstaGetInfo(pipes_struct *p, struct wkssvc_NetWkstaGetInfo *r); -WERROR _wkssvc_NetWkstaSetInfo(pipes_struct *p, struct wkssvc_NetWkstaSetInfo *r); -WERROR _wkssvc_NetWkstaEnumUsers(pipes_struct *p, struct wkssvc_NetWkstaEnumUsers *r); -WERROR _wkssvc_NetrWkstaUserGetInfo(pipes_struct *p, struct wkssvc_NetrWkstaUserGetInfo *r); -WERROR _wkssvc_NetrWkstaUserSetInfo(pipes_struct *p, struct wkssvc_NetrWkstaUserSetInfo *r); -WERROR _wkssvc_NetWkstaTransportEnum(pipes_struct *p, struct wkssvc_NetWkstaTransportEnum *r); -WERROR _wkssvc_NetrWkstaTransportAdd(pipes_struct *p, struct wkssvc_NetrWkstaTransportAdd *r); -WERROR _wkssvc_NetrWkstaTransportDel(pipes_struct *p, struct wkssvc_NetrWkstaTransportDel *r); -WERROR _wkssvc_NetrUseAdd(pipes_struct *p, struct wkssvc_NetrUseAdd *r); -WERROR _wkssvc_NetrUseGetInfo(pipes_struct *p, struct wkssvc_NetrUseGetInfo *r); -WERROR _wkssvc_NetrUseDel(pipes_struct *p, struct wkssvc_NetrUseDel *r); -WERROR _wkssvc_NetrUseEnum(pipes_struct *p, struct wkssvc_NetrUseEnum *r); -WERROR _wkssvc_NetrMessageBufferSend(pipes_struct *p, struct wkssvc_NetrMessageBufferSend *r); -WERROR _wkssvc_NetrWorkstationStatisticsGet(pipes_struct *p, struct wkssvc_NetrWorkstationStatisticsGet *r) ; -WERROR _wkssvc_NetrLogonDomainNameAdd(pipes_struct *p, struct wkssvc_NetrLogonDomainNameAdd *r); -WERROR _wkssvc_NetrLogonDomainNameDel(pipes_struct *p, struct wkssvc_NetrLogonDomainNameDel *r); -WERROR _wkssvc_NetrJoinDomain(pipes_struct *p, struct wkssvc_NetrJoinDomain *r); -WERROR _wkssvc_NetrUnjoinDomain(pipes_struct *p, struct wkssvc_NetrUnjoinDomain *r); -WERROR _wkssvc_NetrRenameMachineInDomain(pipes_struct *p, struct wkssvc_NetrRenameMachineInDomain *r); -WERROR _wkssvc_NetrValidateName(pipes_struct *p, struct wkssvc_NetrValidateName *r); -WERROR _wkssvc_NetrGetJoinInformation(pipes_struct *p, struct wkssvc_NetrGetJoinInformation *r); -WERROR _wkssvc_NetrGetJoinableOus(pipes_struct *p, struct wkssvc_NetrGetJoinableOus *r); -WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, - struct wkssvc_NetrJoinDomain2 *r); -WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, - struct wkssvc_NetrUnjoinDomain2 *r); -WERROR _wkssvc_NetrRenameMachineInDomain2(pipes_struct *p, struct wkssvc_NetrRenameMachineInDomain2 *r); -WERROR _wkssvc_NetrValidateName2(pipes_struct *p, struct wkssvc_NetrValidateName2 *r); -WERROR _wkssvc_NetrGetJoinableOus2(pipes_struct *p, struct wkssvc_NetrGetJoinableOus2 *r); -WERROR _wkssvc_NetrAddAlternateComputerName(pipes_struct *p, struct wkssvc_NetrAddAlternateComputerName *r); -WERROR _wkssvc_NetrRemoveAlternateComputerName(pipes_struct *p, struct wkssvc_NetrRemoveAlternateComputerName *r); -WERROR _wkssvc_NetrSetPrimaryComputername(pipes_struct *p, struct wkssvc_NetrSetPrimaryComputername *r); -WERROR _wkssvc_NetrEnumerateComputerNames(pipes_struct *p, struct wkssvc_NetrEnumerateComputerNames *r); /* The following definitions come from rpcclient/cmd_dfs.c */ @@ -7819,6 +7042,7 @@ bool dns_register_smbd_reply(struct dns_reg_state *dns_state, mode_t unix_mode(connection_struct *conn, int dosmode, const char *fname, const char *inherit_from_dir); uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf); +int dos_attributes_to_stat_dos_flags(uint32_t dosmode); uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf); int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, SMB_STRUCT_STAT *st, @@ -7894,6 +7118,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, char **pp_saved_last_component, SMB_STRUCT_STAT *pst); NTSTATUS check_name(connection_struct *conn, const char *name); +int get_real_filename(connection_struct *conn, const char *path, + const char *name, TALLOC_CTX *mem_ctx, + char **found_name); /* The following definitions come from smbd/files.c */ @@ -8095,78 +7322,74 @@ NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd, uint32_t access_desired, uint32_t *access_granted); NTSTATUS fd_close(files_struct *fsp); +void change_file_owner_to_parent(connection_struct *conn, + const char *inherit_from_dir, + files_struct *fsp); +NTSTATUS change_dir_owner_to_parent(connection_struct *conn, + const char *inherit_from_dir, + const char *fname, + SMB_STRUCT_STAT *psbuf); +bool is_executable(const char *fname); +bool is_stat_open(uint32 access_mask); +bool request_timed_out(struct timeval request_time, + struct timeval timeout); +bool open_match_attributes(connection_struct *conn, + const char *path, + uint32 old_dos_attr, + uint32 new_dos_attr, + mode_t existing_unx_mode, + mode_t new_unx_mode, + mode_t *returned_unx_mode); +NTSTATUS fcb_or_dos_open(struct smb_request *req, + connection_struct *conn, + files_struct *fsp_to_dup_into, + const char *fname, + struct file_id id, + uint16 file_pid, + uint16 vuid, + uint32 access_mask, + uint32 share_access, + uint32 create_options); bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func, uint32 *paccess_mask, uint32 *pshare_mode, uint32 *pcreate_disposition, uint32 *pcreate_options); -NTSTATUS open_file_ntcreate(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ - uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ - uint32 create_disposition, /* FILE_OPEN_IF etc. */ - uint32 create_options, /* options such as delete on close. */ - uint32 new_dos_attributes, /* attributes used for new file. */ - int oplock_request, /* internal Samba oplock codes. */ - /* Information (FILE_EXISTS etc.) */ - int *pinfo, - files_struct **result); NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, files_struct **result); NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp); -NTSTATUS open_directory(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, - uint32 share_access, - uint32 create_disposition, - uint32 create_options, - uint32 file_attributes, - int *pinfo, - files_struct **result); NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory); void msg_file_was_renamed(struct messaging_context *msg, void *private_data, uint32_t msg_type, struct server_id server_id, DATA_BLOB *data); -NTSTATUS create_file_unixpath(connection_struct *conn, - struct smb_request *req, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf); -NTSTATUS create_file(connection_struct *conn, - struct smb_request *req, - uint16_t root_dir_fid, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf); +struct case_semantics_state; +struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, + connection_struct *conn); +NTSTATUS create_file_default(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); +NTSTATUS get_relative_fid_filename(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, char **new_fname); /* The following definitions come from smbd/oplock.c */ @@ -8501,10 +7724,10 @@ bool token_contains_name_in_list(const char *username, const struct nt_user_token *token, const char **list); bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + const struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index bcf605ee53..891bd4aaf7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -209,18 +209,7 @@ typedef uint32 codepoint_t; * * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp **/ -typedef struct dom_sid { - uint8 sid_rev_num; /**< SID revision number */ - uint8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - /* - * Pointer to sub-authorities. - * - * @note The values in these uint32's are in *native* byteorder, not - * neccessarily little-endian...... JRA. - */ - uint32 sub_auths[MAXSUBAUTHS]; -} DOM_SID; +typedef struct dom_sid DOM_SID; enum id_mapping { ID_UNKNOWN = 0, @@ -710,7 +699,6 @@ struct pending_message_list { }; #define SHARE_MODE_FLAG_POSIX_OPEN 0x1 -#define SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE 0x2 /* struct returned by get_share_modes */ struct share_mode_entry { @@ -1895,4 +1883,9 @@ struct smb_extended_info { char samba_version_string[SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH]; }; +/* + * create_file_flags + */ +#define CFF_DOS_PATH 0x00000001 + #endif /* _SMB_H */ diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 119ceeb158..5149da0cb3 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -333,7 +333,7 @@ do { \ /* Warning - this must only be called with 0 <= c < 128. IT WILL * GIVE GARBAGE if c > 128 or c < 0. JRA. */ -extern char toupper_ascii_fast_table[]; +extern const char toupper_ascii_fast_table[]; #define toupper_ascii_fast(c) toupper_ascii_fast_table[(unsigned int)(c)]; #endif diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 4cedb4a9c6..d02d14b854 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -110,6 +110,7 @@ open handle. JRA. */ /* Changed to version 24 - make security descriptor const in fset_nt_acl. JRA. */ /* Changed to version 25 - Jelmer's change from SMB_BIG_UINT to uint64_t. */ +/* Leave at 25 - not yet released. Add create_file call. -- tprouty. */ #define SMB_VFS_INTERFACE_VERSION 25 @@ -134,6 +135,8 @@ struct connection_struct; struct files_struct; struct security_descriptor; struct vfs_statvfs_struct; +struct smb_request; +struct ea_list; /* Available VFS operations. These values must be in sync with vfs_ops struct @@ -170,6 +173,7 @@ typedef enum _vfs_op_type { /* File operations */ SMB_VFS_OP_OPEN, + SMB_VFS_OP_CREATE_FILE, SMB_VFS_OP_CLOSE, SMB_VFS_OP_READ, SMB_VFS_OP_PREAD, @@ -206,6 +210,7 @@ typedef enum _vfs_op_type { SMB_VFS_OP_CHFLAGS, SMB_VFS_OP_FILE_ID_CREATE, SMB_VFS_OP_STREAMINFO, + SMB_VFS_OP_GET_REAL_FILENAME, /* NT ACL operations. */ @@ -305,6 +310,23 @@ struct vfs_ops { /* File operations */ int (*open)(struct vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode); + NTSTATUS (*create_file)(struct vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); int (*close_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp); ssize_t (*vfs_read)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n); ssize_t (*pread)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); @@ -354,6 +376,12 @@ struct vfs_ops { unsigned int *num_streams, struct stream_struct **streams); + int (*get_real_filename)(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name); + /* NT ACL operations. */ NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle, @@ -452,6 +480,7 @@ struct vfs_ops { /* File operations */ struct vfs_handle_struct *open; + struct vfs_handle_struct *create_file; struct vfs_handle_struct *close_hnd; struct vfs_handle_struct *vfs_read; struct vfs_handle_struct *pread; @@ -488,6 +517,7 @@ struct vfs_ops { struct vfs_handle_struct *chflags; struct vfs_handle_struct *file_id_create; struct vfs_handle_struct *streaminfo; + struct vfs_handle_struct *get_real_filename; /* NT ACL operations. */ diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 8fbc21b12d..b008d86b3c 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -48,6 +48,7 @@ /* File operations */ #define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_CREATE_FILE(conn, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((conn)->vfs.ops.create_file)((conn)->vfs.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_CLOSE(fsp) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp))) #define SMB_VFS_READ(fsp, data, n) ((fsp)->conn->vfs.ops.vfs_read((fsp)->conn->vfs.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_PREAD(fsp, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (data), (n), (off))) @@ -84,6 +85,7 @@ #define SMB_VFS_CHFLAGS(conn, path, flags) ((conn)->vfs.ops.chflags((conn)->vfs.handles.chflags, (path), (flags))) #define SMB_VFS_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops.file_id_create((conn)->vfs.handles.file_id_create, (dev), (inode))) #define SMB_VFS_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs.ops.streaminfo((conn)->vfs.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs.ops.get_real_filename((conn)->vfs.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) @@ -173,6 +175,7 @@ /* File operations */ #define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_CREATE_FILE(conn, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((conn)->vfs_opaque.ops.create_file)((conn)->vfs_opaque.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_OPAQUE_CLOSE(fsp) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp))) #define SMB_VFS_OPAQUE_READ(fsp, data, n) ((fsp)->conn->vfs_opaque.ops.vfs_read((fsp)->conn->vfs_opaque.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (data), (n), (off))) @@ -209,6 +212,7 @@ #define SMB_VFS_OPAQUE_CHFLAGS(conn, path, flags) ((conn)->vfs_opaque.ops.chflags((conn)->vfs_opaque.handles.chflags, (path), (flags))) #define SMB_VFS_OPAQUE_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops_opaque.file_id_create((conn)->vfs_opaque.handles.file_id_create, (dev), (inode))) #define SMB_VFS_OPAQUE_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs_opaque.ops.streaminfo((conn)->vfs_opaque.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_OPAQUE_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs_opaque.ops.get_real_filename((conn)->vfs_opaque.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) @@ -299,6 +303,7 @@ /* File operations */ #define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_CREATE_FILE(handle, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((handle)->vfs_next.ops.create_file)((handle)->vfs_next.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_NEXT_CLOSE(handle, fsp) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp))) #define SMB_VFS_NEXT_READ(handle, fsp, data, n) ((handle)->vfs_next.ops.vfs_read((handle)->vfs_next.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (data), (n), (off))) @@ -335,6 +340,7 @@ #define SMB_VFS_NEXT_CHFLAGS(handle, path, flags) ((handle)->vfs_next.ops.chflags((handle)->vfs_next.handles.chflags, (path), (flags))) #define SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode) ((handle)->vfs_next.ops.file_id_create((handle)->vfs_next.handles.file_id_create, (dev), (inode))) #define SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx, num_streams, streams) ((handle)->vfs_next.ops.streaminfo((handle)->vfs_next.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_NEXT_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs_next.ops.get_real_filename((conn)->vfs_next.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) diff --git a/source3/lib/async_req.c b/source3/lib/async_req.c index 501a6b5524..159666f15c 100644 --- a/source3/lib/async_req.c +++ b/source3/lib/async_req.c @@ -172,3 +172,26 @@ bool async_req_nomem(const void *p, struct async_req *req) async_req_error(req, NT_STATUS_NO_MEMORY); return true; } + +bool async_req_is_error(struct async_req *req, NTSTATUS *status) +{ + if (req->state < ASYNC_REQ_DONE) { + *status = NT_STATUS_INTERNAL_ERROR; + return true; + } + if (req->state == ASYNC_REQ_ERROR) { + *status = req->status; + return true; + } + return false; +} + +NTSTATUS async_req_simple_recv(struct async_req *req) +{ + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + return NT_STATUS_OK; +} diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c index ffba6de832..225cc7b195 100644 --- a/source3/lib/async_sock.c +++ b/source3/lib/async_sock.c @@ -177,18 +177,13 @@ static struct async_req *async_fde_syscall_new( * @retval The return value from the asynchronously called syscall */ -ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno) +ssize_t async_syscall_result_ssize_t(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - ssize_t result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_ssize_t; } /** @@ -198,18 +193,13 @@ ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno) * @retval The return value from the asynchronously called syscall */ -size_t async_syscall_result_size_t(struct async_req **req, int *perrno) +size_t async_syscall_result_size_t(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - size_t result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_size_t; } /** @@ -219,18 +209,13 @@ size_t async_syscall_result_size_t(struct async_req **req, int *perrno) * @retval The return value from the asynchronously called syscall */ -ssize_t async_syscall_result_int(struct async_req **req, int *perrno) +ssize_t async_syscall_result_int(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - int result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_int; } /** @@ -353,9 +338,9 @@ static void async_sendall_callback(struct event_context *ev, * "length" bytes */ -struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, const void *buffer, size_t length, - int flags) +struct async_req *sendall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, const void *buffer, size_t length, + int flags) { struct async_req *result; struct async_syscall_state *state; @@ -377,6 +362,11 @@ struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, return result; } +NTSTATUS sendall_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + /** * fde event handler for the "recv" syscall * @param[in] ev The event context that sent us here @@ -498,9 +488,9 @@ static void async_recvall_callback(struct event_context *ev, * async_recvall will call recv(2) until "length" bytes are received */ -struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, void *buffer, size_t length, - int flags) +struct async_req *recvall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, void *buffer, size_t length, + int flags) { struct async_req *result; struct async_syscall_state *state; @@ -522,6 +512,11 @@ struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, return result; } +NTSTATUS recvall_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + /** * fde event handler for connect(2) * @param[in] ev The event context that sent us here diff --git a/source3/lib/debug.c b/source3/lib/debug.c index d64fcb66d9..193e9efc96 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -851,7 +851,7 @@ void check_log_size( void ) ret = vasprintf(&msgbuf, format_str, ap); va_end(ap); - if (ret == -1) { + if (ret != -1) { syslog(priority, "%s", msgbuf); } SAFE_FREE(msgbuf); diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index a0d93d6fe7..636639c11d 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -240,7 +240,7 @@ void display_sec_acl(SEC_ACL *sec_acl) void display_acl_type(uint16 type) { - static fstring typestr=""; + fstring typestr=""; typestr[0] = 0; diff --git a/source3/lib/interface.c b/source3/lib/interface.c index f533ec92c7..48fa4d32a9 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -33,7 +33,7 @@ bool ismyaddr(const struct sockaddr *ip) { struct interface *i; for (i=local_interfaces;i;i=i->next) { - if (addr_equal((struct sockaddr *)&i->ip,ip)) { + if (sockaddr_equal((struct sockaddr *)&i->ip,ip)) { return true; } } @@ -65,7 +65,7 @@ static struct interface *iface_find(const struct sockaddr *ip, if (same_net(ip, (struct sockaddr *)&i->ip, (struct sockaddr *)&i->netmask)) { return i; } - } else if (addr_equal((struct sockaddr *)&i->ip, ip)) { + } else if (sockaddr_equal((struct sockaddr *)&i->ip, ip)) { return i; } } @@ -93,7 +93,7 @@ void setup_linklocal_scope_id(struct sockaddr *pss) { struct interface *i; for (i=local_interfaces;i;i=i->next) { - if (addr_equal((struct sockaddr *)&i->ip,pss)) { + if (sockaddr_equal((struct sockaddr *)&i->ip,pss)) { struct sockaddr_in6 *psa6 = (struct sockaddr_in6 *)pss; psa6->sin6_scope_id = if_nametoindex(i->name); @@ -388,7 +388,7 @@ static void interpret_interface(char *token) } for (i=0;i<total_probed;i++) { - if (addr_equal((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip)) { + if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip)) { add_interface(&probed_ifaces[i]); return; } @@ -441,8 +441,8 @@ static void interpret_interface(char *token) make_net(&ss_net, &ss, &ss_mask); /* Maybe the first component was a broadcast address. */ - if (addr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) || - addr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) { + if (sockaddr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) || + sockaddr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) { for (i=0;i<total_probed;i++) { if (same_net((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip, diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 2e319cf23c..1f4b03f677 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -46,7 +46,7 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX, fields_present |= SAMR_FIELD_ACCOUNT_NAME; } if (infoX->usriX_password) { - fields_present |= SAMR_FIELD_PASSWORD; + fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT; } if (infoX->usriX_flags) { fields_present |= SAMR_FIELD_ACCT_FLAGS; diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 2e6d3b3cb1..cad14ec493 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -166,7 +166,7 @@ struct poptOption popt_common_configfile[] = { }; struct poptOption popt_common_version[] = { - { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback }, + { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback }, { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" }, POPT_TABLEEND }; @@ -318,7 +318,7 @@ const struct poptOption popt_common_dynconfig[] = { * exit on failure * ****************************************************************************/ -static void get_password_file(void) +static void get_password_file(struct user_auth_info *auth_info) { int fd = -1; char *p; @@ -377,13 +377,14 @@ static void get_password_file(void) } SAFE_FREE(spec); - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); if (close_it) { close(fd); } } -static void get_credentials_file(const char *file) +static void get_credentials_file(struct user_auth_info *auth_info, + const char *file) { XFILE *auth; fstring buf; @@ -426,9 +427,9 @@ static void get_credentials_file(const char *file) val++; if (strwicmp("password", param) == 0) { - set_cmdline_auth_info_password(val); + set_cmdline_auth_info_password(auth_info, val); } else if (strwicmp("username", param) == 0) { - set_cmdline_auth_info_username(val); + set_cmdline_auth_info_username(auth_info, val); } else if (strwicmp("domain", param) == 0) { set_global_myworkgroup(val); } @@ -453,13 +454,16 @@ static void popt_common_credentials_callback(poptContext con, const struct poptOption *opt, const char *arg, const void *data) { + struct user_auth_info *auth_info = talloc_get_type_abort( + *((const char **)data), struct user_auth_info); char *p; if (reason == POPT_CALLBACK_REASON_PRE) { - set_cmdline_auth_info_username("GUEST"); + set_cmdline_auth_info_username(auth_info, "GUEST"); if (getenv("LOGNAME")) { - set_cmdline_auth_info_username(getenv("LOGNAME")); + set_cmdline_auth_info_username(auth_info, + getenv("LOGNAME")); } if (getenv("USER")) { @@ -467,24 +471,25 @@ static void popt_common_credentials_callback(poptContext con, if (!puser) { exit(ENOMEM); } - set_cmdline_auth_info_username(puser); + set_cmdline_auth_info_username(auth_info, puser); if ((p = strchr_m(puser,'%'))) { size_t len; *p = 0; len = strlen(p+1); - set_cmdline_auth_info_password(p+1); + set_cmdline_auth_info_password(auth_info, p+1); memset(strchr_m(getenv("USER"),'%')+1,'X',len); } SAFE_FREE(puser); } if (getenv("PASSWD")) { - set_cmdline_auth_info_password(getenv("PASSWD")); + set_cmdline_auth_info_password(auth_info, + getenv("PASSWD")); } if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) { - get_password_file(); + get_password_file(auth_info); } return; @@ -499,19 +504,22 @@ static void popt_common_credentials_callback(poptContext con, if ((lp=strchr_m(puser,'%'))) { size_t len; *lp = 0; - set_cmdline_auth_info_username(puser); - set_cmdline_auth_info_password(lp+1); + set_cmdline_auth_info_username(auth_info, + puser); + set_cmdline_auth_info_password(auth_info, + lp+1); len = strlen(lp+1); memset(strchr_m(arg,'%')+1,'X',len); } else { - set_cmdline_auth_info_username(puser); + set_cmdline_auth_info_username(auth_info, + puser); } SAFE_FREE(puser); } break; case 'A': - get_credentials_file(arg); + get_credentials_file(auth_info, arg); break; case 'k': @@ -519,31 +527,40 @@ static void popt_common_credentials_callback(poptContext con, d_printf("No kerberos support compiled in\n"); exit(1); #else - set_cmdline_auth_info_use_krb5_ticket(); + set_cmdline_auth_info_use_krb5_ticket(auth_info); #endif break; case 'S': - if (!set_cmdline_auth_info_signing_state(arg)) { + if (!set_cmdline_auth_info_signing_state(auth_info, arg)) { fprintf(stderr, "Unknown signing option %s\n", arg ); exit(1); } break; case 'P': - set_cmdline_auth_info_use_machine_account(); + set_cmdline_auth_info_use_machine_account(auth_info); break; case 'N': - set_cmdline_auth_info_password(""); + set_cmdline_auth_info_password(auth_info, ""); break; case 'e': - set_cmdline_auth_info_smb_encrypt(); + set_cmdline_auth_info_smb_encrypt(auth_info); break; } } +static struct user_auth_info *global_auth_info; + +void popt_common_set_auth_info(struct user_auth_info *auth_info) +{ + global_auth_info = auth_info; +} + struct poptOption popt_common_credentials[] = { - { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, (void *)popt_common_credentials_callback }, + { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, + (void *)popt_common_credentials_callback, 0, + (const char *)&global_auth_info }, { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" }, { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N', "Don't ask for a password" }, { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "Use kerberos (active directory) authentication" }, diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index df85336603..400f5f31b0 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -100,6 +100,33 @@ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) } /******************************************************************* + Given a security_descriptor return the sec_info. +********************************************************************/ + +uint32_t get_sec_info(const SEC_DESC *sd) +{ + uint32_t sec_info = ALL_SECURITY_INFORMATION; + + SMB_ASSERT(sd); + + if (sd->owner_sid == NULL) { + sec_info &= ~OWNER_SECURITY_INFORMATION; + } + if (sd->group_sid == NULL) { + sec_info &= ~GROUP_SECURITY_INFORMATION; + } + if (sd->sacl == NULL) { + sec_info &= ~SACL_SECURITY_INFORMATION; + } + if (sd->dacl == NULL) { + sec_info &= ~DACL_SECURITY_INFORMATION; + } + + return sec_info; +} + + +/******************************************************************* Merge part of security descriptor old_sec in to the empty sections of security descriptor new_sec. ********************************************************************/ diff --git a/source3/lib/util.c b/source3/lib/util.c index 074b523ae0..dd23d547b5 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -280,135 +280,154 @@ bool init_names(void) Used mainly in client tools. ****************************************************************************/ -static struct user_auth_info cmdline_auth_info = { - NULL, /* username */ - NULL, /* password */ - false, /* got_pass */ - false, /* use_kerberos */ - Undefined, /* signing state */ - false, /* smb_encrypt */ - false /* use machine account */ -}; - -const char *get_cmdline_auth_info_username(void) -{ - if (!cmdline_auth_info.username) { +struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx) +{ + struct user_auth_info *result; + + result = TALLOC_ZERO_P(mem_ctx, struct user_auth_info); + if (result == NULL) { + return NULL; + } + + result->signing_state = Undefined; + return result; +} + +const char *get_cmdline_auth_info_username(struct user_auth_info *auth_info) +{ + if (!auth_info->username) { return ""; } - return cmdline_auth_info.username; + return auth_info->username; } -void set_cmdline_auth_info_username(const char *username) +void set_cmdline_auth_info_username(struct user_auth_info *auth_info, + const char *username) { - SAFE_FREE(cmdline_auth_info.username); - cmdline_auth_info.username = SMB_STRDUP(username); - if (!cmdline_auth_info.username) { + TALLOC_FREE(auth_info->username); + auth_info->username = talloc_strdup(auth_info, username); + if (!auth_info->username) { exit(ENOMEM); } } -const char *get_cmdline_auth_info_password(void) +const char *get_cmdline_auth_info_password(struct user_auth_info *auth_info) { - if (!cmdline_auth_info.password) { + if (!auth_info->password) { return ""; } - return cmdline_auth_info.password; + return auth_info->password; } -void set_cmdline_auth_info_password(const char *password) +void set_cmdline_auth_info_password(struct user_auth_info *auth_info, + const char *password) { - SAFE_FREE(cmdline_auth_info.password); - cmdline_auth_info.password = SMB_STRDUP(password); - if (!cmdline_auth_info.password) { + TALLOC_FREE(auth_info->password); + auth_info->password = talloc_strdup(auth_info, password); + if (!auth_info->password) { exit(ENOMEM); } - cmdline_auth_info.got_pass = true; + auth_info->got_pass = true; } -bool set_cmdline_auth_info_signing_state(const char *arg) +bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info, + const char *arg) { - cmdline_auth_info.signing_state = -1; + auth_info->signing_state = -1; if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false")) { - cmdline_auth_info.signing_state = false; + auth_info->signing_state = false; } else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") || strequal(arg, "auto")) { - cmdline_auth_info.signing_state = true; + auth_info->signing_state = true; } else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced")) { - cmdline_auth_info.signing_state = Required; + auth_info->signing_state = Required; } else { return false; } return true; } -int get_cmdline_auth_info_signing_state(void) +int get_cmdline_auth_info_signing_state(struct user_auth_info *auth_info) { - return cmdline_auth_info.signing_state; + return auth_info->signing_state; } -void set_cmdline_auth_info_use_kerberos(bool b) +void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, + bool b) { - cmdline_auth_info.use_kerberos = b; + auth_info->use_kerberos = b; } -bool get_cmdline_auth_info_use_kerberos(void) +bool get_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info) { - return cmdline_auth_info.use_kerberos; + return auth_info->use_kerberos; } /* This should only be used by lib/popt_common.c JRA */ -void set_cmdline_auth_info_use_krb5_ticket(void) +void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info *auth_info) { - cmdline_auth_info.use_kerberos = true; - cmdline_auth_info.got_pass = true; + auth_info->use_kerberos = true; + auth_info->got_pass = true; } /* This should only be used by lib/popt_common.c JRA */ -void set_cmdline_auth_info_smb_encrypt(void) +void set_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info) { - cmdline_auth_info.smb_encrypt = true; + auth_info->smb_encrypt = true; } -void set_cmdline_auth_info_use_machine_account(void) +void set_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info) { - cmdline_auth_info.use_machine_account = true; + auth_info->use_machine_account = true; } -bool get_cmdline_auth_info_got_pass(void) +bool get_cmdline_auth_info_got_pass(struct user_auth_info *auth_info) { - return cmdline_auth_info.got_pass; + return auth_info->got_pass; } -bool get_cmdline_auth_info_smb_encrypt(void) +bool get_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info) { - return cmdline_auth_info.smb_encrypt; + return auth_info->smb_encrypt; } -bool get_cmdline_auth_info_use_machine_account(void) +bool get_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info) { - return cmdline_auth_info.use_machine_account; + return auth_info->use_machine_account; } -bool get_cmdline_auth_info_copy(struct user_auth_info *info) +struct user_auth_info *get_cmdline_auth_info_copy(TALLOC_CTX *mem_ctx, + struct user_auth_info *src) { - *info = cmdline_auth_info; - /* Now re-alloc the strings. */ - info->username = SMB_STRDUP(get_cmdline_auth_info_username()); - info->password = SMB_STRDUP(get_cmdline_auth_info_password()); - if (!info->username || !info->password) { - return false; + struct user_auth_info *result; + + result = user_auth_info_init(mem_ctx); + if (result == NULL) { + return NULL; } - return true; + + *result = *src; + + result->username = talloc_strdup( + result, get_cmdline_auth_info_username(src)); + result->password = talloc_strdup( + result, get_cmdline_auth_info_password(src)); + if ((result->username == NULL) || (result->password == NULL)) { + TALLOC_FREE(result); + return NULL; + } + + return result; } -bool set_cmdline_auth_info_machine_account_creds(void) +bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info) { char *pass = NULL; char *account = NULL; - if (!get_cmdline_auth_info_use_machine_account()) { + if (!get_cmdline_auth_info_use_machine_account(auth_info)) { return false; } @@ -430,8 +449,8 @@ bool set_cmdline_auth_info_machine_account_creds(void) return false; } - set_cmdline_auth_info_username(account); - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_username(auth_info, account); + set_cmdline_auth_info_password(auth_info, pass); SAFE_FREE(account); SAFE_FREE(pass); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 5721f412d6..605bbf1fb6 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -52,7 +52,7 @@ bool interpret_string_addr(struct sockaddr_storage *pss, } #endif - zero_addr(pss); + zero_sockaddr(pss); if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) { return false; @@ -81,7 +81,7 @@ bool interpret_string_addr(struct sockaddr_storage *pss, Set an address to INADDR_ANY. ******************************************************************/ -void zero_addr(struct sockaddr_storage *pss) +void zero_sockaddr(struct sockaddr_storage *pss) { memset(pss, '\0', sizeof(*pss)); /* Ensure we're at least a valid sockaddr-storage. */ @@ -1254,7 +1254,7 @@ static bool matchname(const char *remotehost, if (!res->ai_addr) { continue; } - if (addr_equal((const struct sockaddr *)res->ai_addr, + if (sockaddr_equal((const struct sockaddr *)res->ai_addr, (struct sockaddr *)pss)) { freeaddrinfo(ailist); return true; @@ -1367,7 +1367,7 @@ const char *get_peer_name(int fd, bool force_lookup) p = get_peer_addr_internal(fd, addr_buf, sizeof(addr_buf), (struct sockaddr *)&ss, &length); /* it might be the same as the last one - save some DNS work */ - if (addr_equal((struct sockaddr *)&ss, (struct sockaddr *)&nc.ss)) { + if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&nc.ss)) { return nc.name ? nc.name : "UNKNOWN"; } @@ -1687,7 +1687,7 @@ bool is_myname_or_ipaddr(const char *s) } n = get_interfaces(nics, MAX_INTERFACES); for (i=0; i<n; i++) { - if (addr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { + if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { TALLOC_FREE(nics); return true; } diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index fde4f825e8..9358061797 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -24,7 +24,7 @@ #include "includes.h" -char toupper_ascii_fast_table[128] = { +const char toupper_ascii_fast_table[128] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 4658f66cfd..7dfc19b462 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -772,7 +772,7 @@ static char *get_kdc_ip_string(char *mem_ctx, get_kdc_list(realm, sitename, &ip_srv_site, &count_site); for (i = 0; i < count_site; i++) { - if (addr_equal((struct sockaddr *)&ip_srv_site[i].ss, + if (sockaddr_equal((struct sockaddr *)&ip_srv_site[i].ss, (struct sockaddr *)pss)) { continue; } @@ -795,13 +795,13 @@ static char *get_kdc_ip_string(char *mem_ctx, for (i = 0; i < count_nonsite; i++) { int j; - if (addr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)pss)) { + if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)pss)) { continue; } /* Ensure this isn't an IP already seen (YUK! this is n*n....) */ for (j = 0; j < count_site; j++) { - if (addr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, + if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)&ip_srv_site[j].ss)) { break; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 932e42e076..cf8a7ebb1b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -162,6 +162,11 @@ bool ads_closest_dc(ADS_STRUCT *ads) return True; } + if (ads->config.client_site_name == NULL) { + DEBUG(10,("ads_closest_dc: client belongs to no site\n")); + return True; + } + DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", ads->config.ldap_server_name)); @@ -267,10 +272,12 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) static NTSTATUS ads_find_dc(ADS_STRUCT *ads) { + const char *c_domain; const char *c_realm; int count, i=0; struct ip_service *ip_list; const char *realm; + const char *domain; bool got_realm = False; bool use_own_domain = False; char *sitename; @@ -308,13 +315,44 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } + if ( use_own_domain ) { + c_domain = lp_workgroup(); + } else { + c_domain = ads->server.workgroup; + } + realm = c_realm; + domain = c_domain; + + /* + * In case of LDAP we use get_dc_name() as that + * creates the custom krb5.conf file + */ + if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { + fstring srv_name; + struct sockaddr_storage ip_out; + + DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", + (got_realm ? "realm" : "domain"), realm)); + + if (get_dc_name(domain, realm, srv_name, &ip_out)) { + /* + * we call ads_try_connect() to fill in the + * ads->config details + */ + if (ads_try_connect(ads, srv_name, false)) { + return NT_STATUS_OK; + } + } + + return NT_STATUS_NO_LOGON_SERVERS; + } sitename = sitename_fetch(realm); again: - DEBUG(6,("ads_find_dc: looking for %s '%s'\n", + DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n", (got_realm ? "realm" : "domain"), realm)); status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm); @@ -613,9 +651,8 @@ got_connection: /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - saf_store( ads->server.workgroup, addr); - saf_store( ads->server.realm, addr); + saf_store( ads->server.workgroup, ads->config.ldap_server_name); + saf_store( ads->server.realm, ads->config.ldap_server_name); } ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index 6324a22041..6ada66ca40 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -75,7 +75,6 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ndr_print_string(ndr, "server_site_name", r->config.server_site_name); ndr_print_string(ndr, "client_site_name", r->config.client_site_name); ndr_print_time_t(ndr, "current_time", r->config.current_time); - ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc); ndr_print_string(ndr, "schema_path", r->config.schema_path); ndr_print_string(ndr, "config_path", r->config.config_path); ndr->depth--; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 908fb78ab4..691f6ff8eb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1521,7 +1521,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, return WERR_OK; } - saf_store(r->in.domain_name, r->in.dc_name); + saf_join_store(r->out.netbios_domain_name, r->in.dc_name); + if (r->out.dns_domain_name) { + saf_join_store(r->out.dns_domain_name, r->in.dc_name); + } #ifdef WITH_ADS if (r->out.domain_is_ad) { @@ -1752,6 +1755,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.domain_name, NULL, NULL, + DS_FORCE_REDISCOVERY | DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_RETURN_DNS_NAME, diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 990f6f6a63..81956942ca 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -324,7 +324,7 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); if (ret) { - DEBUG(10, ("krb5_kt_start_seq_get failed: %s", + DEBUG(10, ("krb5_kt_start_seq_get failed: %s\n", error_message(ret))); return NULL; } diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 4351810169..73d4439743 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -282,8 +282,8 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, * libnet_samsync */ -void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, - struct netr_ChangeLogEntry *e) +static void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, + struct netr_ChangeLogEntry *e) { ZERO_STRUCTP(e); diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 1af3249473..1ce4e67c56 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -2296,23 +2296,36 @@ NTSTATUS rpccli_netr_LogonSamLogonWithFlags(struct rpc_pipe_client *cli, return r.out.result; } -NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - WERROR *werror) +NTSTATUS rpccli_netr_ServerGetTrustInfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name /* [in] [unique,charset(UTF16)] */, + const char *account_name /* [in] [ref,charset(UTF16)] */, + enum netr_SchannelType secure_channel_type /* [in] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, + struct netr_Authenticator *credential /* [in] [ref] */, + struct netr_Authenticator *return_authenticator /* [out] [ref] */, + struct samr_Password *new_owf_password /* [out] [ref] */, + struct samr_Password *old_owf_password /* [out] [ref] */, + struct netr_TrustInfo **trust_info /* [out] [ref] */) { - struct netr_NETRSERVERGETTRUSTINFO r; + struct netr_ServerGetTrustInfo r; NTSTATUS status; /* In parameters */ + r.in.server_name = server_name; + r.in.account_name = account_name; + r.in.secure_channel_type = secure_channel_type; + r.in.computer_name = computer_name; + r.in.credential = credential; if (DEBUGLEVEL >= 10) { - NDR_PRINT_IN_DEBUG(netr_NETRSERVERGETTRUSTINFO, &r); + NDR_PRINT_IN_DEBUG(netr_ServerGetTrustInfo, &r); } status = cli_do_rpc_ndr(cli, mem_ctx, &ndr_table_netlogon, - NDR_NETR_NETRSERVERGETTRUSTINFO, + NDR_NETR_SERVERGETTRUSTINFO, &r); if (!NT_STATUS_IS_OK(status)) { @@ -2320,7 +2333,7 @@ NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, } if (DEBUGLEVEL >= 10) { - NDR_PRINT_OUT_DEBUG(netr_NETRSERVERGETTRUSTINFO, &r); + NDR_PRINT_OUT_DEBUG(netr_ServerGetTrustInfo, &r); } if (NT_STATUS_IS_ERR(status)) { @@ -2328,12 +2341,12 @@ NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, } /* Return variables */ + *return_authenticator = *r.out.return_authenticator; + *new_owf_password = *r.out.new_owf_password; + *old_owf_password = *r.out.old_owf_password; + *trust_info = *r.out.trust_info; /* Return result */ - if (werror) { - *werror = r.out.result; - } - - return werror_to_ntstatus(r.out.result); + return r.out.result; } diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index 9f5eac15b2..3fbc00e9da 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -356,7 +356,15 @@ NTSTATUS rpccli_netr_LogonSamLogonWithFlags(struct rpc_pipe_client *cli, union netr_Validation *validation /* [out] [ref,switch_is(validation_level)] */, uint8_t *authoritative /* [out] [ref] */, uint32_t *flags /* [in,out] [ref] */); -NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - WERROR *werror); +NTSTATUS rpccli_netr_ServerGetTrustInfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name /* [in] [unique,charset(UTF16)] */, + const char *account_name /* [in] [ref,charset(UTF16)] */, + enum netr_SchannelType secure_channel_type /* [in] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, + struct netr_Authenticator *credential /* [in] [ref] */, + struct netr_Authenticator *return_authenticator /* [out] [ref] */, + struct samr_Password *new_owf_password /* [out] [ref] */, + struct samr_Password *old_owf_password /* [out] [ref] */, + struct netr_TrustInfo **trust_info /* [out] [ref] */); #endif /* __CLI_NETLOGON__ */ diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h index 0ccbcdf5b0..ee8a31138d 100644 --- a/source3/librpc/gen_ndr/lsa.h +++ b/source3/librpc/gen_ndr/lsa.h @@ -17,7 +17,7 @@ struct lsa_String { uint16_t length;/* [value(2*strlen_m(string))] */ uint16_t size;/* [value(2*strlen_m(string))] */ const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */ -}/* [public,noejs] */; +}/* [public] */; struct lsa_StringLarge { uint16_t length;/* [value(2*strlen_m(string))] */ diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index d1cf64e0eb..de4abdcae5 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -11,7 +11,7 @@ struct GUID { uint16_t time_hi_and_version; uint8_t clock_seq[2]; uint8_t node[6]; -}/* [noprint,gensize,public,noejs] */; +}/* [noprint,gensize,public] */; struct ndr_syntax_id { struct GUID uuid; diff --git a/source3/librpc/gen_ndr/ndr_drsblobs.c b/source3/librpc/gen_ndr/ndr_drsblobs.c index dd8d77ea15..d965e40bd2 100644 --- a/source3/librpc/gen_ndr/ndr_drsblobs.c +++ b/source3/librpc/gen_ndr/ndr_drsblobs.c @@ -2351,7 +2351,6 @@ static enum ndr_err_code ndr_push_AuthInfoNT4Owf(struct ndr_push *ndr, int ndr_f NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2364,7 +2363,6 @@ static enum ndr_err_code ndr_pull_AuthInfoNT4Owf(struct ndr_pull *ndr, int ndr_f NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2477,7 +2475,6 @@ static enum ndr_err_code ndr_push_AuthInfo(struct ndr_push *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_push_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2525,7 +2522,6 @@ static enum ndr_err_code ndr_pull_AuthInfo(struct ndr_pull *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_pull_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2584,7 +2580,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_AuthenticationInformation(struct ndr_push *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2605,7 +2600,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AuthenticationInformation(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2641,7 +2635,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr, for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { if (r->current[cntr_current_0]) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current[cntr_current_0])); - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); } } } @@ -2681,7 +2675,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current[cntr_current_0])); _mem_save_current_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current[cntr_current_0], 0); - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_1, 0); ndr->offset = _relative_save_offset; } diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index c4102eba6e..81f8ddcab9 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -8617,6 +8617,145 @@ _PUBLIC_ void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, cons ndr->depth--; } +static enum ndr_err_code ndr_push_netr_TrustInfo(struct ndr_push *ndr, int ndr_flags, const struct netr_TrustInfo *r) +{ + uint32_t cntr_data_1; + uint32_t cntr_entries_1; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->data)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->entry_count)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->data) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->data[cntr_data_1])); + } + } + if (r->entries) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); + } + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); + } + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_TrustInfo *r) +{ + uint32_t _ptr_data; + uint32_t cntr_data_1; + TALLOC_CTX *_mem_save_data_0; + TALLOC_CTX *_mem_save_data_1; + uint32_t _ptr_entries; + uint32_t cntr_entries_1; + TALLOC_CTX *_mem_save_entries_0; + TALLOC_CTX *_mem_save_entries_1; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data)); + if (_ptr_data) { + NDR_PULL_ALLOC(ndr, r->data); + } else { + r->data = NULL; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->entry_count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries)); + if (_ptr_entries) { + NDR_PULL_ALLOC(ndr, r->entries); + } else { + r->entries = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->data) { + _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); + NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); + for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->data[cntr_data_1])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); + } + if (r->entries) { + _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); + NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); + } + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); + } + if (r->data) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->count)); + } + if (r->entries) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_TrustInfo(struct ndr_print *ndr, const char *name, const struct netr_TrustInfo *r) +{ + uint32_t cntr_data_1; + uint32_t cntr_entries_1; + ndr_print_struct(ndr, name, "netr_TrustInfo"); + ndr->depth++; + ndr_print_uint32(ndr, "count", r->count); + ndr_print_ptr(ndr, "data", r->data); + ndr->depth++; + if (r->data) { + ndr->print(ndr, "%s: ARRAY(%d)", "data", (int)r->count); + ndr->depth++; + for (cntr_data_1=0;cntr_data_1<r->count;cntr_data_1++) { + char *idx_1=NULL; + if (asprintf(&idx_1, "[%d]", cntr_data_1) != -1) { + ndr_print_uint32(ndr, "data", r->data[cntr_data_1]); + free(idx_1); + } + } + ndr->depth--; + } + ndr->depth--; + ndr_print_uint32(ndr, "entry_count", r->entry_count); + ndr_print_ptr(ndr, "entries", r->entries); + ndr->depth++; + if (r->entries) { + ndr->print(ndr, "%s: ARRAY(%d)", "entries", (int)r->count); + ndr->depth++; + for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) { + char *idx_1=NULL; + if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) { + ndr_print_lsa_String(ndr, "entries", &r->entries[cntr_entries_1]); + free(idx_1); + } + } + ndr->depth--; + } + ndr->depth--; + ndr->depth--; +} + static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int flags, const struct netr_LogonUasLogon *r) { if (flags & NDR_IN) { @@ -15424,42 +15563,225 @@ _PUBLIC_ void ndr_print_netr_LogonSamLogonWithFlags(struct ndr_print *ndr, const ndr->depth--; } -static enum ndr_err_code ndr_push_netr_NETRSERVERGETTRUSTINFO(struct ndr_push *ndr, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r) +static enum ndr_err_code ndr_push_netr_ServerGetTrustInfo(struct ndr_push *ndr, int flags, const struct netr_ServerGetTrustInfo *r) { if (flags & NDR_IN) { + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name)); + if (r->in.server_name) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->in.account_name == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.account_name, ndr_charset_length(r->in.account_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_push_netr_SchannelType(ndr, NDR_SCALARS, r->in.secure_channel_type)); + if (r->in.computer_name == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + if (r->in.credential == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); + if (r->out.return_authenticator == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator)); + if (r->out.new_owf_password == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.new_owf_password)); + if (r->out.old_owf_password == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.old_owf_password)); + if (r->out.trust_info == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.trust_info)); + if (*r->out.trust_info) { + NDR_CHECK(ndr_push_netr_TrustInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.trust_info)); + } + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_netr_NETRSERVERGETTRUSTINFO(struct ndr_pull *ndr, int flags, struct netr_NETRSERVERGETTRUSTINFO *r) +static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, int flags, struct netr_ServerGetTrustInfo *r) { + uint32_t _ptr_server_name; + uint32_t _ptr_trust_info; + TALLOC_CTX *_mem_save_server_name_0; + TALLOC_CTX *_mem_save_credential_0; + TALLOC_CTX *_mem_save_return_authenticator_0; + TALLOC_CTX *_mem_save_new_owf_password_0; + TALLOC_CTX *_mem_save_old_owf_password_0; + TALLOC_CTX *_mem_save_trust_info_0; + TALLOC_CTX *_mem_save_trust_info_1; if (flags & NDR_IN) { + ZERO_STRUCT(r->out); + + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name)); + if (_ptr_server_name) { + NDR_PULL_ALLOC(ndr, r->in.server_name); + } else { + r->in.server_name = NULL; + } + if (r->in.server_name) { + _mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); + if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); + } + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); + if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); + if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->in.credential); + } + _mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC); + NDR_PULL_ALLOC(ndr, r->out.return_authenticator); + ZERO_STRUCTP(r->out.return_authenticator); + NDR_PULL_ALLOC(ndr, r->out.new_owf_password); + ZERO_STRUCTP(r->out.new_owf_password); + NDR_PULL_ALLOC(ndr, r->out.old_owf_password); + ZERO_STRUCTP(r->out.old_owf_password); + NDR_PULL_ALLOC(ndr, r->out.trust_info); + ZERO_STRUCTP(r->out.trust_info); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.return_authenticator); + } + _mem_save_return_authenticator_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.new_owf_password); + } + _mem_save_new_owf_password_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.new_owf_password, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.new_owf_password)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_owf_password_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.old_owf_password); + } + _mem_save_old_owf_password_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.old_owf_password, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.old_owf_password)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_owf_password_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.trust_info); + } + _mem_save_trust_info_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.trust_info, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trust_info)); + if (_ptr_trust_info) { + NDR_PULL_ALLOC(ndr, *r->out.trust_info); + } else { + *r->out.trust_info = NULL; + } + if (*r->out.trust_info) { + _mem_save_trust_info_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.trust_info, 0); + NDR_CHECK(ndr_pull_netr_TrustInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.trust_info)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trust_info_1, 0); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trust_info_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_netr_NETRSERVERGETTRUSTINFO(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r) +_PUBLIC_ void ndr_print_netr_ServerGetTrustInfo(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerGetTrustInfo *r) { - ndr_print_struct(ndr, name, "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, name, "netr_ServerGetTrustInfo"); ndr->depth++; if (flags & NDR_SET_VALUES) { ndr->flags |= LIBNDR_PRINT_SET_VALUES; } if (flags & NDR_IN) { - ndr_print_struct(ndr, "in", "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, "in", "netr_ServerGetTrustInfo"); + ndr->depth++; + ndr_print_ptr(ndr, "server_name", r->in.server_name); ndr->depth++; + if (r->in.server_name) { + ndr_print_string(ndr, "server_name", r->in.server_name); + } + ndr->depth--; + ndr_print_ptr(ndr, "account_name", r->in.account_name); + ndr->depth++; + ndr_print_string(ndr, "account_name", r->in.account_name); + ndr->depth--; + ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type); + ndr_print_ptr(ndr, "computer_name", r->in.computer_name); + ndr->depth++; + ndr_print_string(ndr, "computer_name", r->in.computer_name); + ndr->depth--; + ndr_print_ptr(ndr, "credential", r->in.credential); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "credential", r->in.credential); + ndr->depth--; ndr->depth--; } if (flags & NDR_OUT) { - ndr_print_struct(ndr, "out", "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, "out", "netr_ServerGetTrustInfo"); ndr->depth++; - ndr_print_WERROR(ndr, "result", r->out.result); + ndr_print_ptr(ndr, "return_authenticator", r->out.return_authenticator); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "return_authenticator", r->out.return_authenticator); + ndr->depth--; + ndr_print_ptr(ndr, "new_owf_password", r->out.new_owf_password); + ndr->depth++; + ndr_print_samr_Password(ndr, "new_owf_password", r->out.new_owf_password); + ndr->depth--; + ndr_print_ptr(ndr, "old_owf_password", r->out.old_owf_password); + ndr->depth++; + ndr_print_samr_Password(ndr, "old_owf_password", r->out.old_owf_password); + ndr->depth--; + ndr_print_ptr(ndr, "trust_info", r->out.trust_info); + ndr->depth++; + ndr_print_ptr(ndr, "trust_info", *r->out.trust_info); + ndr->depth++; + if (*r->out.trust_info) { + ndr_print_netr_TrustInfo(ndr, "trust_info", *r->out.trust_info); + } + ndr->depth--; + ndr->depth--; + ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; } ndr->depth--; @@ -15835,11 +16157,11 @@ static const struct ndr_interface_call netlogon_calls[] = { false, }, { - "netr_NETRSERVERGETTRUSTINFO", - sizeof(struct netr_NETRSERVERGETTRUSTINFO), - (ndr_push_flags_fn_t) ndr_push_netr_NETRSERVERGETTRUSTINFO, - (ndr_pull_flags_fn_t) ndr_pull_netr_NETRSERVERGETTRUSTINFO, - (ndr_print_function_t) ndr_print_netr_NETRSERVERGETTRUSTINFO, + "netr_ServerGetTrustInfo", + sizeof(struct netr_ServerGetTrustInfo), + (ndr_push_flags_fn_t) ndr_push_netr_ServerGetTrustInfo, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerGetTrustInfo, + (ndr_print_function_t) ndr_print_netr_ServerGetTrustInfo, false, }, { NULL, 0, NULL, NULL, NULL, false } diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h index be20448636..5858906c1c 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.h +++ b/source3/librpc/gen_ndr/ndr_netlogon.h @@ -104,7 +104,7 @@ extern const struct ndr_interface_table ndr_table_netlogon; #define NDR_NETR_LOGONSAMLOGONWITHFLAGS (0x2d) -#define NDR_NETR_NETRSERVERGETTRUSTINFO (0x2e) +#define NDR_NETR_SERVERGETTRUSTINFO (0x2e) #define NDR_NETLOGON_CALL_COUNT (47) void ndr_print_netr_UasInfo(struct ndr_print *ndr, const char *name, const struct netr_UasInfo *r); @@ -226,6 +226,7 @@ void ndr_print_netr_DomainTrust(struct ndr_print *ndr, const char *name, const s void ndr_print_netr_DomainTrustList(struct ndr_print *ndr, const char *name, const struct netr_DomainTrustList *r); void ndr_print_netr_DsRAddressToSitenamesExWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesExWCtr *r); void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, const struct DcSitesCtr *r); +void ndr_print_netr_TrustInfo(struct ndr_print *ndr, const char *name, const struct netr_TrustInfo *r); void ndr_print_netr_LogonUasLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogon *r); void ndr_print_netr_LogonUasLogoff(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogoff *r); void ndr_print_netr_LogonSamLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogon *r); @@ -276,5 +277,5 @@ void ndr_print_netr_ServerTrustPasswordsGet(struct ndr_print *ndr, const char *n void ndr_print_netr_DsRGetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetForestTrustInformation *r); void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_GetForestTrustInformation *r); void ndr_print_netr_LogonSamLogonWithFlags(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogonWithFlags *r); -void ndr_print_netr_NETRSERVERGETTRUSTINFO(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r); +void ndr_print_netr_ServerGetTrustInfo(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerGetTrustInfo *r); #endif /* _HEADER_NDR_netlogon */ diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index 975bde3340..83db0faaef 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -852,8 +852,7 @@ static enum ndr_err_code ndr_push_samr_DomInfo13(struct ndr_push *ndr, int ndr_f NDR_CHECK(ndr_push_align(ndr, 8)); NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->sequence_num)); NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->domain_create_time)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2)); + NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->modified_count_at_last_promotion)); } if (ndr_flags & NDR_BUFFERS) { } @@ -866,8 +865,7 @@ static enum ndr_err_code ndr_pull_samr_DomInfo13(struct ndr_pull *ndr, int ndr_f NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->sequence_num)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->domain_create_time)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->modified_count_at_last_promotion)); } if (ndr_flags & NDR_BUFFERS) { } @@ -880,8 +878,7 @@ _PUBLIC_ void ndr_print_samr_DomInfo13(struct ndr_print *ndr, const char *name, ndr->depth++; ndr_print_hyper(ndr, "sequence_num", r->sequence_num); ndr_print_NTTIME(ndr, "domain_create_time", r->domain_create_time); - ndr_print_uint32(ndr, "unknown1", r->unknown1); - ndr_print_uint32(ndr, "unknown2", r->unknown2); + ndr_print_hyper(ndr, "modified_count_at_last_promotion", r->modified_count_at_last_promotion); ndr->depth--; } @@ -2652,10 +2649,11 @@ static enum ndr_err_code ndr_push_samr_UserInfo18(struct ndr_push *ndr, int ndr_ { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_pwd_active)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_pwd_active)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_pwd_active)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2666,10 +2664,11 @@ static enum ndr_err_code ndr_pull_samr_UserInfo18(struct ndr_pull *ndr, int ndr_ { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_pwd_active)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_pwd_active)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_pwd_active)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2680,10 +2679,11 @@ _PUBLIC_ void ndr_print_samr_UserInfo18(struct ndr_print *ndr, const char *name, { ndr_print_struct(ndr, name, "samr_UserInfo18"); ndr->depth++; - ndr_print_samr_Password(ndr, "lm_pwd", &r->lm_pwd); ndr_print_samr_Password(ndr, "nt_pwd", &r->nt_pwd); - ndr_print_uint8(ndr, "lm_pwd_active", r->lm_pwd_active); + ndr_print_samr_Password(ndr, "lm_pwd", &r->lm_pwd); ndr_print_uint8(ndr, "nt_pwd_active", r->nt_pwd_active); + ndr_print_uint8(ndr, "lm_pwd_active", r->lm_pwd_active); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } @@ -2761,8 +2761,8 @@ _PUBLIC_ void ndr_print_samr_FieldsPresent(struct ndr_print *ndr, const char *na ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PARAMETERS", SAMR_FIELD_PARAMETERS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_COUNTRY_CODE", SAMR_FIELD_COUNTRY_CODE, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_CODE_PAGE", SAMR_FIELD_CODE_PAGE, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD", SAMR_FIELD_PASSWORD, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD2", SAMR_FIELD_PASSWORD2, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_NT_PASSWORD_PRESENT", SAMR_FIELD_NT_PASSWORD_PRESENT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LM_PASSWORD_PRESENT", SAMR_FIELD_LM_PASSWORD_PRESENT, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PRIVATE_DATA", SAMR_FIELD_PRIVATE_DATA, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_EXPIRED_FLAG", SAMR_FIELD_EXPIRED_FLAG, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_SEC_DESC", SAMR_FIELD_SEC_DESC, r); @@ -2790,8 +2790,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->lm_owf_password)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->nt_owf_password)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count)); NDR_CHECK(ndr_push_unique_ptr(ndr, r->buffer)); @@ -2804,8 +2804,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->logon_count)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_password_set)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_password_set)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_password_set)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->unknown4)); } @@ -2820,8 +2820,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown2)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->lm_owf_password)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->nt_owf_password)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown3)); if (r->buffer) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count)); @@ -2854,8 +2854,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->lm_owf_password)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->nt_owf_password)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->buf_count)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_buffer)); @@ -2873,8 +2873,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logon_count)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_password_set)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_password_set)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_password_set)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->unknown4)); } @@ -2889,8 +2889,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown2)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->lm_owf_password)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->nt_owf_password)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown3)); if (r->buffer) { _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); @@ -2928,8 +2928,8 @@ _PUBLIC_ void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, ndr_print_lsa_String(ndr, "workstations", &r->workstations); ndr_print_lsa_String(ndr, "comment", &r->comment); ndr_print_lsa_BinaryString(ndr, "parameters", &r->parameters); - ndr_print_lsa_String(ndr, "unknown1", &r->unknown1); - ndr_print_lsa_String(ndr, "unknown2", &r->unknown2); + ndr_print_lsa_BinaryString(ndr, "lm_owf_password", &r->lm_owf_password); + ndr_print_lsa_BinaryString(ndr, "nt_owf_password", &r->nt_owf_password); ndr_print_lsa_String(ndr, "unknown3", &r->unknown3); ndr_print_uint32(ndr, "buf_count", r->buf_count); ndr_print_ptr(ndr, "buffer", r->buffer); @@ -2947,8 +2947,8 @@ _PUBLIC_ void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, ndr_print_uint16(ndr, "logon_count", r->logon_count); ndr_print_uint16(ndr, "country_code", r->country_code); ndr_print_uint16(ndr, "code_page", r->code_page); - ndr_print_uint8(ndr, "nt_password_set", r->nt_password_set); ndr_print_uint8(ndr, "lm_password_set", r->lm_password_set); + ndr_print_uint8(ndr, "nt_password_set", r->nt_password_set); ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr_print_uint8(ndr, "unknown4", r->unknown4); ndr->depth--; diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index 108f2f689c..8339a40d40 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -427,7 +427,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee)); } return NDR_ERR_SUCCESS; } @@ -621,11 +620,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, in if (ndr_flags & NDR_BUFFERS) { if (r->owner_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); } if (r->group_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } if (r->sacl) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl)); @@ -694,7 +693,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid)); _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -704,7 +703,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid)); _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -855,14 +854,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr } if (ndr_flags & NDR_BUFFERS) { if (r->user_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->user_sid)); } if (r->group_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); } } } @@ -916,13 +915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->user_sid) { _mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->user_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0); } if (r->group_sid) { _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); @@ -931,7 +930,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); } } diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index bddf1bd2b7..f8cbf4afa8 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -8,6 +8,10 @@ #include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) +enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); +enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *r); +size_t ndr_size_dom_sid(const struct dom_sid *r, int flags); enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r); enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r); void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.c b/source3/librpc/gen_ndr/ndr_srvsvc.c index 9ac3aa82c9..125542d14a 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.c +++ b/source3/librpc/gen_ndr/ndr_srvsvc.c @@ -6358,7 +6358,7 @@ _PUBLIC_ void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *nam ndr_print_enum(ndr, name, "ENUM", val, r); } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6376,7 +6376,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; @@ -6421,7 +6421,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char * ndr->depth--; } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6449,7 +6449,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.h b/source3/librpc/gen_ndr/ndr_srvsvc.h index 33569d1870..126680cad0 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.h +++ b/source3/librpc/gen_ndr/ndr_srvsvc.h @@ -186,7 +186,11 @@ void ndr_print_srvsvc_NetShareInfoCtr(struct ndr_print *ndr, const char *name, c enum ndr_err_code ndr_push_srvsvc_PlatformId(struct ndr_push *ndr, int ndr_flags, enum srvsvc_PlatformId r); enum ndr_err_code ndr_pull_srvsvc_PlatformId(struct ndr_pull *ndr, int ndr_flags, enum srvsvc_PlatformId *r); void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *name, enum srvsvc_PlatformId r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r); void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo101(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo102(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo102 *r); void ndr_print_srvsvc_NetSrvInfo402(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo402 *r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index 4d9b549e75..7fb253446a 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -964,6 +964,13 @@ struct DcSitesCtr { struct lsa_String *sites;/* [unique,size_is(num_sites)] */ }; +struct netr_TrustInfo { + uint32_t count; + uint32_t *data;/* [unique,size_is(count)] */ + uint32_t entry_count; + struct lsa_String *entries;/* [unique,size_is(count)] */ +}; + struct netr_LogonUasLogon { struct { @@ -1706,9 +1713,21 @@ struct netr_LogonSamLogonWithFlags { }; -struct netr_NETRSERVERGETTRUSTINFO { +struct netr_ServerGetTrustInfo { struct { - WERROR result; + const char *server_name;/* [unique,charset(UTF16)] */ + const char *account_name;/* [ref,charset(UTF16)] */ + enum netr_SchannelType secure_channel_type; + const char *computer_name;/* [ref,charset(UTF16)] */ + struct netr_Authenticator *credential;/* [ref] */ + } in; + + struct { + struct netr_Authenticator *return_authenticator;/* [ref] */ + struct samr_Password *new_owf_password;/* [ref] */ + struct samr_Password *old_owf_password;/* [ref] */ + struct netr_TrustInfo **trust_info;/* [ref] */ + NTSTATUS result; } out; }; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 537f144940..3116f26d8c 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -252,8 +252,7 @@ struct samr_DomInfo12 { struct samr_DomInfo13 { uint64_t sequence_num; NTTIME domain_create_time; - uint32_t unknown1; - uint32_t unknown2; + uint64_t modified_count_at_last_promotion; }; union samr_DomainInfo { @@ -477,10 +476,11 @@ struct samr_Password { }/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */; struct samr_UserInfo18 { - struct samr_Password lm_pwd; struct samr_Password nt_pwd; - uint8_t lm_pwd_active; + struct samr_Password lm_pwd; uint8_t nt_pwd_active; + uint8_t lm_pwd_active; + uint8_t password_expired; }; struct samr_UserInfo20 { @@ -512,8 +512,8 @@ struct samr_UserInfo20 { #define SAMR_FIELD_PARAMETERS ( 0x00200000 ) #define SAMR_FIELD_COUNTRY_CODE ( 0x00400000 ) #define SAMR_FIELD_CODE_PAGE ( 0x00800000 ) -#define SAMR_FIELD_PASSWORD ( 0x01000000 ) -#define SAMR_FIELD_PASSWORD2 ( 0x02000000 ) +#define SAMR_FIELD_NT_PASSWORD_PRESENT ( 0x01000000 ) +#define SAMR_FIELD_LM_PASSWORD_PRESENT ( 0x02000000 ) #define SAMR_FIELD_PRIVATE_DATA ( 0x04000000 ) #define SAMR_FIELD_EXPIRED_FLAG ( 0x08000000 ) #define SAMR_FIELD_SEC_DESC ( 0x10000000 ) @@ -536,8 +536,8 @@ struct samr_UserInfo21 { struct lsa_String workstations; struct lsa_String comment; struct lsa_BinaryString parameters; - struct lsa_String unknown1; - struct lsa_String unknown2; + struct lsa_BinaryString lm_owf_password; + struct lsa_BinaryString nt_owf_password; struct lsa_String unknown3; uint32_t buf_count; uint8_t *buffer;/* [unique,size_is(buf_count)] */ @@ -550,8 +550,8 @@ struct samr_UserInfo21 { uint16_t logon_count; uint16_t country_code; uint16_t code_page; - uint8_t nt_password_set; uint8_t lm_password_set; + uint8_t nt_password_set; uint8_t password_expired; uint8_t unknown4; }; diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index fe23347fdf..99e1f4b1c9 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -4,6 +4,9 @@ #include "librpc/gen_ndr/misc.h" #include "librpc/gen_ndr/dom_sid.h" +#define dom_sid2 dom_sid +#define dom_sid28 dom_sid +#define dom_sid0 dom_sid #ifndef _HEADER_security #define _HEADER_security @@ -129,6 +132,13 @@ #define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 ) #define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 ) #define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 ) +struct dom_sid { + uint8_t sid_rev_num; + int8_t num_auths;/* [range(0,15)] */ + uint8_t id_auth[6]; + uint32_t sub_auths[15]; +}/* [noprint,gensize,nopull,public,nopush,nosize] */; + enum sec_privilege #ifndef USE_UINT_ENUMS { diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c index 2cb2978af2..8cb461e94d 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.c +++ b/source3/librpc/gen_ndr/srv_netlogon.c @@ -3733,18 +3733,18 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) return true; } -static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) +static bool api_netr_ServerGetTrustInfo(pipes_struct *p) { const struct ndr_interface_call *call; struct ndr_pull *pull; struct ndr_push *push; enum ndr_err_code ndr_err; DATA_BLOB blob; - struct netr_NETRSERVERGETTRUSTINFO *r; + struct netr_ServerGetTrustInfo *r; - call = &ndr_table_netlogon.calls[NDR_NETR_NETRSERVERGETTRUSTINFO]; + call = &ndr_table_netlogon.calls[NDR_NETR_SERVERGETTRUSTINFO]; - r = talloc(talloc_tos(), struct netr_NETRSERVERGETTRUSTINFO); + r = talloc(talloc_tos(), struct netr_ServerGetTrustInfo); if (r == NULL) { return false; } @@ -3768,10 +3768,35 @@ static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) } if (DEBUGLEVEL >= 10) { - NDR_PRINT_IN_DEBUG(netr_NETRSERVERGETTRUSTINFO, r); + NDR_PRINT_IN_DEBUG(netr_ServerGetTrustInfo, r); } - r->out.result = _netr_NETRSERVERGETTRUSTINFO(p, r); + ZERO_STRUCT(r->out); + r->out.return_authenticator = talloc_zero(r, struct netr_Authenticator); + if (r->out.return_authenticator == NULL) { + talloc_free(r); + return false; + } + + r->out.new_owf_password = talloc_zero(r, struct samr_Password); + if (r->out.new_owf_password == NULL) { + talloc_free(r); + return false; + } + + r->out.old_owf_password = talloc_zero(r, struct samr_Password); + if (r->out.old_owf_password == NULL) { + talloc_free(r); + return false; + } + + r->out.trust_info = talloc_zero(r, struct netr_TrustInfo *); + if (r->out.trust_info == NULL) { + talloc_free(r); + return false; + } + + r->out.result = _netr_ServerGetTrustInfo(p, r); if (p->rng_fault_state) { talloc_free(r); @@ -3780,7 +3805,7 @@ static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) } if (DEBUGLEVEL >= 10) { - NDR_PRINT_OUT_DEBUG(netr_NETRSERVERGETTRUSTINFO, r); + NDR_PRINT_OUT_DEBUG(netr_ServerGetTrustInfo, r); } push = ndr_push_init_ctx(r, NULL); @@ -3856,7 +3881,7 @@ static struct api_struct api_netlogon_cmds[] = {"NETR_DSRGETFORESTTRUSTINFORMATION", NDR_NETR_DSRGETFORESTTRUSTINFORMATION, api_netr_DsRGetForestTrustInformation}, {"NETR_GETFORESTTRUSTINFORMATION", NDR_NETR_GETFORESTTRUSTINFORMATION, api_netr_GetForestTrustInformation}, {"NETR_LOGONSAMLOGONWITHFLAGS", NDR_NETR_LOGONSAMLOGONWITHFLAGS, api_netr_LogonSamLogonWithFlags}, - {"NETR_NETRSERVERGETTRUSTINFO", NDR_NETR_NETRSERVERGETTRUSTINFO, api_netr_NETRSERVERGETTRUSTINFO}, + {"NETR_SERVERGETTRUSTINFO", NDR_NETR_SERVERGETTRUSTINFO, api_netr_ServerGetTrustInfo}, }; void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns) diff --git a/source3/librpc/gen_ndr/srv_netlogon.h b/source3/librpc/gen_ndr/srv_netlogon.h index 1fe16c603b..cd68d12f1e 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.h +++ b/source3/librpc/gen_ndr/srv_netlogon.h @@ -47,7 +47,7 @@ NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustP WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r); WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r); -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, struct netr_NETRSERVERGETTRUSTINFO *r); +NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r); void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns); NTSTATUS rpc_netlogon_init(void); #endif /* __SRV_NETLOGON__ */ diff --git a/source3/librpc/gen_ndr/srvsvc.h b/source3/librpc/gen_ndr/srvsvc.h index b50213bb96..6467f72a5b 100644 --- a/source3/librpc/gen_ndr/srvsvc.h +++ b/source3/librpc/gen_ndr/srvsvc.h @@ -431,7 +431,7 @@ enum srvsvc_PlatformId struct srvsvc_NetSrvInfo100 { enum srvsvc_PlatformId platform_id; const char *server_name;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo101 { enum srvsvc_PlatformId platform_id; @@ -440,7 +440,7 @@ struct srvsvc_NetSrvInfo101 { uint32_t version_minor; uint32_t server_type; const char *comment;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo102 { enum srvsvc_PlatformId platform_id; diff --git a/source3/librpc/gen_ndr/winreg.h b/source3/librpc/gen_ndr/winreg.h index fbbab33c8d..a98120ccf5 100644 --- a/source3/librpc/gen_ndr/winreg.h +++ b/source3/librpc/gen_ndr/winreg.h @@ -54,7 +54,7 @@ struct winreg_String { uint16_t name_len;/* [value(strlen_m_term(name)*2)] */ uint16_t name_size;/* [value(strlen_m_term(name)*2)] */ const char *name;/* [unique,charset(UTF16)] */ -}/* [public,noejs] */; +}/* [public] */; struct KeySecurityData { uint8_t *data;/* [unique,length_is(len),size_is(size)] */ diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index 39b7e3cd59..252da85929 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -22,72 +22,6 @@ #include "includes.h" /* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); - NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths)); - if (r->num_auths > 15) { - return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); - } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -/* convert a dom_sid to a string */ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) @@ -123,161 +57,3 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) return ret; } - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - diff --git a/source3/librpc/rpc/dcerpc.c b/source3/librpc/rpc/dcerpc.c index 77bb7b33a2..69bfc6f329 100644 --- a/source3/librpc/rpc/dcerpc.c +++ b/source3/librpc/rpc/dcerpc.c @@ -117,6 +117,10 @@ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) return NT_STATUS_OK; } +#if 0 + +Completely unfinished and unused -- vl :-) + /** * Connect to a DCE/RPC interface. * @@ -178,3 +182,5 @@ _PUBLIC_ NTSTATUS dcerpc_pipe_connect(TALLOC_CTX *parent_ctx, struct dcerpc_pipe return nt_status; } + +#endif diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index d371e057e3..fd2fe930f8 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -218,6 +218,118 @@ static bool find_andx_cmd_ofs(char *buf, size_t *pofs) } /** + * @brief Do the smb chaining at a buffer level + * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified + * @param[in] smb_command The command that we want to issue + * @param[in] wct How many words? + * @param[in] vwv The words, already in network order + * @param[in] bytes_alignment How shall we align "bytes"? + * @param[in] num_bytes How many bytes? + * @param[in] bytes The data the request ships + * + * smb_splice_chain() adds the vwv and bytes to the request already present in + * *poutbuf. + */ + +bool smb_splice_chain(char **poutbuf, uint8_t smb_command, + uint8_t wct, const uint16_t *vwv, + size_t bytes_alignment, + uint16_t num_bytes, const uint8_t *bytes) +{ + char *outbuf; + size_t old_size, new_size; + size_t ofs; + size_t chain_padding = 0; + size_t bytes_padding = 0; + bool first_request; + + old_size = talloc_get_size(*poutbuf); + + /* + * old_size == smb_wct means we're pushing the first request in for + * libsmb/ + */ + + first_request = (old_size == smb_wct); + + if (!first_request && ((old_size % 4) != 0)) { + /* + * Align the wct field of subsequent requests to a 4-byte + * boundary + */ + chain_padding = 4 - (old_size % 4); + } + + /* + * After the old request comes the new wct field (1 byte), the vwv's + * and the num_bytes field. After at we might need to align the bytes + * given to us to "bytes_alignment", increasing the num_bytes value. + */ + + new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2; + + if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) { + bytes_padding = bytes_alignment + (new_size % bytes_alignment); + } + + new_size += bytes_padding + num_bytes; + + if (new_size > 0xffff) { + DEBUG(1, ("splice_chain: %u bytes won't fit\n", + (unsigned)new_size)); + return false; + } + + outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, char, new_size); + if (outbuf == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + *poutbuf = outbuf; + + if (first_request) { + SCVAL(outbuf, smb_com, smb_command); + } else { + size_t andx_cmd_ofs; + + if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) { + DEBUG(1, ("invalid command chain\n")); + *poutbuf = TALLOC_REALLOC_ARRAY( + NULL, *poutbuf, char, old_size); + return false; + } + + if (chain_padding != 0) { + memset(outbuf + old_size, 0, chain_padding); + old_size += chain_padding; + } + + SCVAL(outbuf, andx_cmd_ofs, smb_command); + SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4); + } + + ofs = old_size; + + SCVAL(outbuf, ofs, wct); + ofs += 1; + + memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct); + ofs += sizeof(uint16_t) * wct; + + SSVAL(outbuf, ofs, num_bytes + bytes_padding); + ofs += sizeof(uint16_t); + + if (bytes_padding != 0) { + memset(outbuf + ofs, 0, bytes_padding); + ofs += bytes_padding; + } + + memcpy(outbuf + ofs, bytes, num_bytes); + + return true; +} + +/** * @brief Destroy an async_req that is the visible part of a cli_request * @param[in] req The request to kill * @retval Return 0 to make talloc happy @@ -286,10 +398,7 @@ static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx, const uint8_t *bytes) { struct async_req **tmp_reqs; - char *tmp_buf; struct cli_request *req; - size_t old_size, new_size; - size_t ofs; req = cli->chain_accumulator; @@ -313,52 +422,11 @@ static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx, talloc_set_destructor(req->async[req->num_async-1], cli_async_req_destructor); - old_size = talloc_get_size(req->outbuf); - - /* - * We need space for the wct field, the words, the byte count field - * and the bytes themselves. - */ - new_size = old_size + 1 + wct * sizeof(uint16_t) + 2 + num_bytes; - - if (new_size > 0xffff) { - DEBUG(1, ("cli_request_chain: %u bytes won't fit\n", - (unsigned)new_size)); + if (!smb_splice_chain(&req->outbuf, smb_command, wct, vwv, + 0, num_bytes, bytes)) { goto fail; } - tmp_buf = TALLOC_REALLOC_ARRAY(NULL, req->outbuf, char, new_size); - if (tmp_buf == NULL) { - DEBUG(0, ("talloc failed\n")); - goto fail; - } - req->outbuf = tmp_buf; - - if (old_size == smb_wct) { - SCVAL(req->outbuf, smb_com, smb_command); - } else { - size_t andx_cmd_ofs; - if (!find_andx_cmd_ofs(req->outbuf, &andx_cmd_ofs)) { - DEBUG(1, ("invalid command chain\n")); - goto fail; - } - SCVAL(req->outbuf, andx_cmd_ofs, smb_command); - SSVAL(req->outbuf, andx_cmd_ofs + 2, old_size - 4); - } - - ofs = old_size; - - SCVAL(req->outbuf, ofs, wct); - ofs += 1; - - memcpy(req->outbuf + ofs, vwv, sizeof(uint16_t) * wct); - ofs += sizeof(uint16_t) * wct; - - SSVAL(req->outbuf, ofs, num_bytes); - ofs += sizeof(uint16_t); - - memcpy(req->outbuf + ofs, bytes, num_bytes); - return req->async[req->num_async-1]; fail: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 8b7ac7d718..125345fccb 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -22,22 +22,21 @@ static const struct { int prot; - const char *name; -} prots[] = { - {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"}, - {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"}, - {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"}, - {PROTOCOL_LANMAN1,"LANMAN1.0"}, - {PROTOCOL_LANMAN2,"LM1.2X002"}, - {PROTOCOL_LANMAN2,"DOS LANMAN2.1"}, - {PROTOCOL_LANMAN2,"LANMAN2.1"}, - {PROTOCOL_LANMAN2,"Samba"}, - {PROTOCOL_NT1,"NT LANMAN 1.0"}, - {PROTOCOL_NT1,"NT LM 0.12"}, - {-1,NULL} + const char name[24]; +} prots[10] = { + {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"}, + {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"}, + {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"}, + {PROTOCOL_LANMAN1, "LANMAN1.0"}, + {PROTOCOL_LANMAN2, "LM1.2X002"}, + {PROTOCOL_LANMAN2, "DOS LANMAN2.1"}, + {PROTOCOL_LANMAN2, "LANMAN2.1"}, + {PROTOCOL_LANMAN2, "Samba"}, + {PROTOCOL_NT1, "NT LANMAN 1.0"}, + {PROTOCOL_NT1, "NT LM 0.12"}, }; -static const char *star_smbserver_name = "*SMBSERVER"; +#define STAR_SMBSERVER "*SMBSERVER" /** * Set the user session key for a connection @@ -748,19 +747,11 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use if (NT_STATUS_IS_OK(nt_status)) { - DATA_BLOB key = data_blob(ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - DATA_BLOB null_blob = data_blob_null; - bool res; - fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - res = cli_simple_set_signing(cli, key, null_blob); - - data_blob_free(&key); - - if (res) { + if (cli_simple_set_signing( + cli, ntlmssp_state->session_key, data_blob_null)) { /* 'resign' the last message, so we get the right sequence numbers for checking the first reply from the server */ @@ -871,7 +862,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, if (principal == NULL && !is_ipaddress(cli->desthost) && - !strequal(star_smbserver_name, + !strequal(STAR_SMBSERVER, cli->desthost)) { char *realm = NULL; char *machine = NULL; @@ -1229,9 +1220,10 @@ void cli_negprot_send(struct cli_state *cli) cli_set_message(cli->outbuf,0,0,True); p = smb_buf(cli->outbuf); - for (numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) { + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } *p++ = 2; p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE); } @@ -1260,18 +1252,23 @@ bool cli_negprot(struct cli_state *cli) memset(cli->outbuf,'\0',smb_size); + plength = 0; + /* setup the protocol strings */ - for (plength=0,numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } plength += strlen(prots[numprots].name)+2; + } cli_set_message(cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); - for (numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) { + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } *p++ = 2; p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE); } @@ -1503,7 +1500,7 @@ NTSTATUS cli_connect(struct cli_state *cli, /* reasonable default hostname */ if (!host) { - host = star_smbserver_name; + host = STAR_SMBSERVER; } fstrcpy(cli->desthost, host); @@ -1623,7 +1620,7 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (dest_ss) { ss = *dest_ss; } else { - zero_addr(&ss); + zero_sockaddr(&ss); } again: @@ -1651,8 +1648,8 @@ again: *p = 0; goto again; } - if (strcmp(called.name, star_smbserver_name)) { - make_nmb_name(&called , star_smbserver_name, 0x20); + if (strcmp(called.name, STAR_SMBSERVER)) { + make_nmb_name(&called , STAR_SMBSERVER, 0x20); goto again; } return NT_STATUS_BAD_NETWORK_NAME; @@ -1782,7 +1779,7 @@ bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho */ if(is_ipaddress(desthost)) { - make_nmb_name(&called, star_smbserver_name, 0x20); + make_nmb_name(&called, STAR_SMBSERVER, 0x20); } else { make_nmb_name(&called, desthost, 0x20); } @@ -1791,7 +1788,7 @@ bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho NTSTATUS status; struct nmb_name smbservername; - make_nmb_name(&smbservername, star_smbserver_name, 0x20); + make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20); /* * If the name wasn't *SMBSERVER then diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 7b63f9535e..f0ac39fed0 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -144,13 +144,13 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); make_nmb_name(&calling, global_myname(), 0x0); make_nmb_name(&called , server, name_type); again: - zero_addr(&ss); + zero_sockaddr(&ss); if (have_ip) ss = dest_ss; @@ -471,18 +471,19 @@ static void cm_set_password(const char *newpass) /**************************************************************************** ****************************************************************************/ -void cli_cm_set_credentials(void) +void cli_cm_set_credentials(struct user_auth_info *auth_info) { SAFE_FREE(cm_creds.username); - cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username()); + cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username( + auth_info)); - if (get_cmdline_auth_info_got_pass()) { - cm_set_password(get_cmdline_auth_info_password()); + if (get_cmdline_auth_info_got_pass(auth_info)) { + cm_set_password(get_cmdline_auth_info_password(auth_info)); } - cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(); + cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info); cm_creds.fallback_after_kerberos = false; - cm_creds.signing_state = get_cmdline_auth_info_signing_state(); + cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info); } /**************************************************************************** diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 8a5aedfde5..d94427809c 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -732,12 +732,7 @@ struct async_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct event_context *ev, NTSTATUS cli_echo_recv(struct async_req *req) { - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; - } - - return NT_STATUS_OK; + return async_req_simple_recv(req); } /** diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index a9e81082ea..733abb6510 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -908,9 +908,8 @@ NTSTATUS cli_open_recv(struct async_req *req, int *fnum) uint8_t *bytes; NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); @@ -985,10 +984,10 @@ NTSTATUS cli_close_recv(struct async_req *req) uint16_t *vwv; uint16_t num_bytes; uint8_t *bytes; + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } return cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 50918458b0..cebafc6919 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -417,7 +417,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, } SAFE_FREE(mask); - if (ff_searchcount > 0) { + if (ff_searchcount > 0 && ff_eos == 0 && finfo.name) { mask = SMB_STRDUP(finfo.name); } else { mask = SMB_STRDUP(""); diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index cc982683d0..1c2a0d56c4 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -109,12 +109,12 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, uint16_t *vwv; uint16_t num_bytes; uint8_t *bytes; + uint8_t *buf; NTSTATUS status; size_t size; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); @@ -137,6 +137,24 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, return NT_STATUS_UNEXPECTED_IO_ERROR; } + /* + * bcc field must be valid for small reads, for large reads the 16-bit + * bcc field can't be correct. + */ + + if ((size < 0xffff) && (size > num_bytes)) { + DEBUG(5, ("server announced more bytes than sent\n")); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + buf = (uint8_t *)smb_base(cli_req->inbuf) + SVAL(vwv+6, 0); + + if (trans_oob(smb_len(cli_req->inbuf), SVAL(vwv+6, 0), size) + || (buf < bytes)) { + DEBUG(5, ("server returned invalid read&x data offset\n")); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + *rcvbuf = (uint8_t *)(smb_base(cli_req->inbuf) + SVAL(vwv + 6, 0)); *received = size; return NT_STATUS_OK; @@ -405,10 +423,10 @@ NTSTATUS cli_pull_recv(struct async_req *req, SMB_OFF_T *received) { struct cli_pull_state *state = talloc_get_type_abort( req->private_data, struct cli_pull_state); + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } *received = state->pushed; return NT_STATUS_OK; diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index bbdfb75fcd..120b6c0e29 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -1316,10 +1316,10 @@ NTSTATUS cli_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, req->private_data, struct cli_request); struct cli_trans_state *state = talloc_get_type_abort( cli_req->recv_helper.priv, struct cli_trans_state); + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } if (setup != NULL) { diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index d8c2b70175..3491544175 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -1119,6 +1119,27 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx, num_dcs, info); } +static bool is_closest_site(struct netr_DsRGetDCNameInfo *info) +{ + if (info->dc_flags & DS_SERVER_CLOSEST) { + return true; + } + + if (!info->client_site_name) { + return true; + } + + if (!info->dc_site_name) { + return false; + } + + if (strcmp(info->client_site_name, info->dc_site_name) == 0) { + return true; + } + + return false; +} + /******************************************************************** dsgetdcname. @@ -1136,6 +1157,8 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct netr_DsRGetDCNameInfo *myinfo = NULL; char *query_site = NULL; + bool first = true; + struct netr_DsRGetDCNameInfo *first_info = NULL; DEBUG(10,("dsgetdcname: domain_name: %s, " "domain_guid: %s, site_name: %s, flags: 0x%08x\n", @@ -1163,7 +1186,6 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid, flags, query_site, &myinfo); if (NT_STATUS_IS_OK(status)) { - *info = myinfo; goto done; } @@ -1176,12 +1198,27 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, domain_guid, flags, query_site, &myinfo); - if (NT_STATUS_IS_OK(status)) { - *info = myinfo; - } - done: SAFE_FREE(query_site); - return status; + if (!NT_STATUS_IS_OK(status)) { + if (!first) { + *info = first_info; + return NT_STATUS_OK; + } + return status; + } + + if (!first) { + TALLOC_FREE(first_info); + } else if (!is_closest_site(myinfo)) { + first = false; + first_info = myinfo; + /* TODO: may use the next_closest_site here */ + query_site = SMB_STRDUP(myinfo->client_site_name); + goto rediscover; + } + + *info = myinfo; + return NT_STATUS_OK; } diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 19843383de..becee17f65 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -633,13 +633,19 @@ smbc_set_credentials(char *workgroup, smbc_bool use_kerberos, char *signing_state) { - - set_cmdline_auth_info_username(user); - set_cmdline_auth_info_password(password); - set_cmdline_auth_info_use_kerberos(use_kerberos); - if (! set_cmdline_auth_info_signing_state(signing_state)) { + struct user_auth_info *auth_info; + + auth_info = user_auth_info_init(talloc_tos()); + if (auth_info == NULL) { + return; + } + set_cmdline_auth_info_username(auth_info, user); + set_cmdline_auth_info_password(auth_info, password); + set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); + if (! set_cmdline_auth_info_signing_state(auth_info, signing_state)) { DEBUG(0, ("Invalid signing state: %s", signing_state)); } set_global_myworkgroup(workgroup); - cli_cm_set_credentials(); + cli_cm_set_credentials(auth_info); + TALLOC_FREE(auth_info); } diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index aa313f2c05..d12e7487f6 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -1193,8 +1193,6 @@ SMBC_mkdir_ctx(SMBCCTX *context, * Our list function simply checks to see if a directory is not empty */ -static int smbc_rmdir_dirempty = True; - static void rmdir_list_fn(const char *mnt, file_info *finfo, @@ -1203,7 +1201,8 @@ rmdir_list_fn(const char *mnt, { if (strncmp(finfo->name, ".", 1) != 0 && strncmp(finfo->name, "..", 2) != 0) { - smbc_rmdir_dirempty = False; + bool *smbc_rmdir_dirempty = (bool *)state; + *smbc_rmdir_dirempty = false; } } @@ -1292,8 +1291,7 @@ SMBC_rmdir_ctx(SMBCCTX *context, /* Local storage to avoid buffer overflows */ char *lpath; - - smbc_rmdir_dirempty = True; /* Make this so ... */ + bool smbc_rmdir_dirempty = true; lpath = talloc_asprintf(frame, "%s\\*", targetpath); @@ -1305,7 +1303,8 @@ SMBC_rmdir_ctx(SMBCCTX *context, if (cli_list(targetcli, lpath, aDIR | aSYSTEM | aHIDDEN, - rmdir_list_fn, NULL) < 0) { + rmdir_list_fn, + &smbc_rmdir_dirempty) < 0) { /* Fix errno to ignore latest error ... */ DEBUG(5, ("smbc_rmdir: " diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index aeec255350..5e37871deb 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -248,7 +248,7 @@ SMBC_server(TALLOC_CTX *ctx, const char *username_used; NTSTATUS status; - zero_addr(&ss); + zero_sockaddr(&ss); ZERO_STRUCT(c); if (server[0] == 0) { @@ -348,7 +348,7 @@ SMBC_server(TALLOC_CTX *ctx, again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if ((c = cli_initialise()) == NULL) { @@ -595,7 +595,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } - zero_addr(&ss); + zero_sockaddr(&ss); nt_status = cli_full_connection(&ipc_cli, global_myname(), server, &ss, 0, "IPC$", "?????", diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index e6eed8289e..05679570d4 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -34,6 +34,8 @@ bool global_in_nmbd = False; ****************************************************************************/ #define SAFKEY_FMT "SAF/DOMAIN/%s" #define SAF_TTL 900 +#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s" +#define SAFJOIN_TTL 3600 static char *saf_key(const char *domain) { @@ -44,6 +46,15 @@ static char *saf_key(const char *domain) return keystr; } +static char *saf_join_key(const char *domain) +{ + char *keystr; + + asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain); + + return keystr; +} + /**************************************************************************** ****************************************************************************/ @@ -69,7 +80,7 @@ bool saf_store( const char *domain, const char *servername ) return False; key = saf_key( domain ); - expire = time( NULL ) + SAF_TTL; + expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL); DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n", domain, servername, (unsigned int)expire )); @@ -81,6 +92,38 @@ bool saf_store( const char *domain, const char *servername ) return ret; } +bool saf_join_store( const char *domain, const char *servername ) +{ + char *key; + time_t expire; + bool ret = False; + + if ( !domain || !servername ) { + DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n")); + return False; + } + + if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) { + DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n")); + return False; + } + + if ( !gencache_init() ) + return False; + + key = saf_join_key( domain ); + expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL); + + DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n", + domain, servername, (unsigned int)expire )); + + ret = gencache_set( key, servername, expire ); + + SAFE_FREE( key ); + + return ret; +} + bool saf_delete( const char *domain ) { char *key; @@ -94,15 +137,22 @@ bool saf_delete( const char *domain ) if ( !gencache_init() ) return False; + key = saf_join_key(domain); + ret = gencache_del(key); + SAFE_FREE(key); + + if (ret) { + DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain )); + } + key = saf_key(domain); ret = gencache_del(key); + SAFE_FREE(key); if (ret) { DEBUG(10,("saf_delete: domain = [%s]\n", domain )); } - SAFE_FREE( key ); - return ret; } @@ -124,6 +174,18 @@ char *saf_fetch( const char *domain ) if ( !gencache_init() ) return False; + key = saf_join_key( domain ); + + ret = gencache_get( key, &server, &timeout ); + + SAFE_FREE( key ); + + if ( ret ) { + DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n", + server, domain )); + return server; + } + key = saf_key( domain ); ret = gencache_get( key, &server, &timeout ); @@ -331,7 +393,7 @@ bool name_status_find(const char *q_name, if (!interpret_string_addr(&ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&ss); + zero_sockaddr(&ss); } sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True); @@ -526,9 +588,9 @@ static int remove_duplicate_addrs2(struct ip_service *iplist, int count ) } for ( j=i+1; j<count; j++ ) { - if (addr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) && + if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) && iplist[i].port == iplist[j].port) { - zero_addr(&iplist[j].ss); + zero_sockaddr(&iplist[j].ss); } } } @@ -954,7 +1016,7 @@ NTSTATUS name_resolve_bcast(const char *name, if (!interpret_string_addr(&ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&ss); + zero_sockaddr(&ss); } sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true ); @@ -1042,7 +1104,7 @@ NTSTATUS resolve_wins(const char *name, /* the address we will be sending from */ if (!interpret_string_addr(&src_ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&src_ss); + zero_sockaddr(&src_ss); } if (src_ss.ss_family != AF_INET) { @@ -2098,6 +2160,15 @@ NTSTATUS get_sorted_dc_list( const char *domain, status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered); + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) + && sitename) { + DEBUG(3,("get_sorted_dc_list: no server for name %s available" + " in site %s, fallback to all servers\n", + domain, sitename)); + status = get_dc_list(domain, NULL, ip_list, + count, lookup_type, &ordered); + } + if (!NT_STATUS_IS_OK(status)) { SAFE_FREE(*ip_list); *count = 0; diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 306f720a02..7b0748f86b 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -134,7 +134,7 @@ static bool ads_dc_name(const char *domain, #ifdef HAVE_ADS *dc_ss = ads->ldap.ss; #else - zero_addr(dc_ss); + zero_sockaddr(dc_ss); #endif ads_destroy(&ads); @@ -217,7 +217,7 @@ bool get_dc_name(const char *domain, bool ret; bool our_domain = False; - zero_addr(&dc_ss); + zero_sockaddr(&dc_ss); ret = False; diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index a81ae9afd5..795c8bc14c 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -388,10 +388,17 @@ void common_free_encryption_state(struct smb_trans_enc_state **pp_es) void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) { + uint16_t enc_ctx_num; + if (!common_encryption_on(es)) { return; } + if (!NT_STATUS_IS_OK(get_enc_ctx_num((const uint8_t *)buf, + &enc_ctx_num))) { + return; + } + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { SAFE_FREE(buf); return; diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 33717f1bb9..a70f9d20fe 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1067,13 +1067,10 @@ static void add_share_mode_entry(struct share_mode_lock *lck, } void set_share_mode(struct share_mode_lock *lck, files_struct *fsp, - uid_t uid, uint16 mid, uint16 op_type, bool initial_delete_on_close_allowed) + uid_t uid, uint16 mid, uint16 op_type) { struct share_mode_entry entry; fill_share_mode_entry(&entry, fsp, uid, mid, op_type); - if (initial_delete_on_close_allowed) { - entry.flags |= SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } add_share_mode_entry(lck, &entry); } @@ -1271,22 +1268,6 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close, return NT_STATUS_OK; } -/**************************************************************************** - Do we have an open file handle that created this entry ? -****************************************************************************/ - -bool can_set_initial_delete_on_close(const struct share_mode_lock *lck) -{ - int i; - - for (i=0; i<lck->num_share_modes; i++) { - if (lck->share_modes[i].flags & SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE) { - return True; - } - } - return False; -} - /************************************************************************* Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail. (Should this be in locking.c.... ?). @@ -1380,31 +1361,6 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKE return True; } -/**************************************************************************** - Sets the allow initial delete on close flag for this share mode. -****************************************************************************/ - -bool set_allow_initial_delete_on_close(struct share_mode_lock *lck, files_struct *fsp, bool delete_on_close) -{ - struct share_mode_entry entry, *e; - - /* Don't care about the pid owner being correct here - just a search. */ - fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK); - - e = find_share_mode_entry(lck, &entry); - if (e == NULL) { - return False; - } - - if (delete_on_close) { - e->flags |= SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } else { - e->flags &= ~SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } - lck->modified = True; - return True; -} - bool set_sticky_write_time(struct file_id fileid, struct timespec write_time) { struct share_mode_lock *lck; diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c index 4e76b97ccf..16599005b9 100644 --- a/source3/modules/gpfs.c +++ b/source3/modules/gpfs.c @@ -31,6 +31,8 @@ static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny); static int (*gpfs_set_lease_fn)(int fd, unsigned int leaseType); static int (*gpfs_getacl_fn)(char *pathname, int flags, void *acl); static int (*gpfs_putacl_fn)(char *pathname, int flags, void *acl); +static int (*gpfs_get_realfilename_path_fn)(char *pathname, char *filenamep, + int *buflen); bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, @@ -43,7 +45,7 @@ bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, if (!gpfs_share_modes) { return True; } - + if (gpfs_set_share_fn == NULL) { return False; } @@ -104,7 +106,7 @@ int set_gpfs_lease(int fd, int leasetype) if (leasetype == F_WRLCK) { gpfs_type = GPFS_LEASE_WRITE; } - + /* we unconditionally set CAP_LEASE, rather than looking for -1/EACCES as there is a bug in some versions of libgpfs_gpl.so which results in a leaked fd on /dev/ss0 @@ -134,6 +136,17 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return gpfs_putacl_fn(pathname, flags, acl); } +int smbd_gpfs_get_realfilename_path(char *pathname, char *filenamep, + int *buflen) +{ + if (gpfs_get_realfilename_path_fn == NULL) { + errno = ENOSYS; + return -1; + } + + return gpfs_get_realfilename_path_fn(pathname, filenamep, buflen); +} + static bool init_gpfs_function_lib(void *plibhandle_pointer, const char *libname, void *pfn_pointer, const char *fn_name) @@ -142,6 +155,9 @@ static bool init_gpfs_function_lib(void *plibhandle_pointer, void **libhandle_pointer = (void **)plibhandle_pointer; void **fn_pointer = (void **)pfn_pointer; + DEBUG(10, ("trying to load name %s from %s\n", + fn_name, libname)); + if (*libhandle_pointer == NULL) { *libhandle_pointer = dlopen(libname, RTLD_LAZY); did_open_here = true; @@ -187,6 +203,8 @@ void init_gpfs(void) init_gpfs_function(&gpfs_set_lease_fn, "gpfs_set_lease"); init_gpfs_function(&gpfs_getacl_fn, "gpfs_getacl"); init_gpfs_function(&gpfs_putacl_fn, "gpfs_putacl"); + init_gpfs_function(&gpfs_get_realfilename_path_fn, + "gpfs_get_realfilename_path"); gpfs_share_modes = lp_parm_bool(-1, "gpfs", "sharemodes", True); gpfs_leases = lp_parm_bool(-1, "gpfs", "leases", True); @@ -226,6 +244,13 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return -1; } +int smbd_gpfs_get_realfilename_path(char *pathname, char *fileamep, + int *buflen) +{ + errno = ENOSYS; + return -1; +} + void init_gpfs(void) { return; diff --git a/source3/modules/onefs.h b/source3/modules/onefs.h index 965f39509a..8d0f45abdb 100644 --- a/source3/modules/onefs.h +++ b/source3/modules/onefs.h @@ -21,6 +21,10 @@ #ifndef _ONEFS_H #define _ONEFS_H +#include "includes.h" + +#include <sys/isi_acl.h> + /* OneFS Module smb.conf parameters and defaults */ /** @@ -34,13 +38,6 @@ enum onefs_acl_wire_format ACL_FORMAT_ALWAYS /**< Always canonicalize */ }; -const struct enum_list enum_onefs_acl_wire_format[] = { - {ACL_FORMAT_RAW, "No Format"}, - {ACL_FORMAT_WINDOWS_SD, "Format Windows SD"}, - {ACL_FORMAT_ALWAYS, "Always Format SD"}, - {-1, NULL} -}; - #define PARM_ONEFS_TYPE "onefs" #define PARM_ACL_WIRE_FORMAT "acl wire format" #define PARM_ACL_WIRE_FORMAT_DEFAULT ACL_FORMAT_WINDOWS_SD @@ -49,4 +46,61 @@ const struct enum_list enum_onefs_acl_wire_format[] = { #define PARM_CREATOR_OWNER_GETS_FULL_CONTROL "creator owner gets full control" #define PARM_CREATOR_OWNER_GETS_FULL_CONTROL_DEFAULT true +/* + * vfs interface handlers + */ +NTSTATUS onefs_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + +NTSTATUS onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info, SEC_DESC **ppdesc); + +NTSTATUS onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, + uint32 security_info, SEC_DESC **ppdesc); + +NTSTATUS onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, SEC_DESC *psd); + + +/* + * Utility functions + */ +NTSTATUS onefs_setup_sd(uint32 security_info_sent, SEC_DESC *psd, + struct ifs_security_descriptor *sd); + +/* + * System Interfaces + */ +int onefs_sys_create_file(connection_struct *conn, + int base_fd, + const char *path, + uint32_t access_mask, + uint32_t open_access_mask, + uint32_t share_access, + uint32_t create_options, + int flags, + mode_t mode, + int oplock_request, + uint64_t id, + struct security_descriptor *sd, + uint32_t ntfs_flags, + int *granted_oplock); + + + #endif /* _ONEFS_H */ diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 3a692c95ab..5351118a87 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -19,20 +19,23 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ -#include "includes.h" +#include "onefs.h" -#include <sys/isi_acl.h> #include <isi_acl/isi_acl_util.h> -#include <sys/isi_oplock.h> #include <ifs/ifs_syscalls.h> -#include "onefs.h" +const struct enum_list enum_onefs_acl_wire_format[] = { + {ACL_FORMAT_RAW, "No Format"}, + {ACL_FORMAT_WINDOWS_SD, "Format Windows SD"}, + {ACL_FORMAT_ALWAYS, "Always Format SD"}, + {-1, NULL} +}; /** * Turn SID into UID/GID and setup a struct ifs_identity */ static bool -onefs_sid_to_identity(DOM_SID *sid, struct ifs_identity *id, bool is_group) +onefs_sid_to_identity(const DOM_SID *sid, struct ifs_identity *id, bool is_group) { enum ifs_identity_type type = IFS_ID_TYPE_LAST+1; uid_t uid = 0; @@ -514,15 +517,22 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, if (security_info & SACL_SECURITY_INFORMATION) desired_access |= IFS_RTS_SACL_ACCESS; - if ((fsp->fh->fd = ifs_createfile(-1, - fsp->fsp_name, - desired_access, - 0, 0, - OPLOCK_NONE, - 0, NULL, 0, - NULL, 0, NULL)) == -1) { - DEBUG(0, ("Error opening file %s. errno=%d\n", - fsp->fsp_name, errno)); + if ((fsp->fh->fd = onefs_sys_create_file(handle->conn, + -1, + fsp->fsp_name, + desired_access, + desired_access, + 0, + 0, + 0, + 0, + INTERNAL_OPEN_ONLY, + 0, + NULL, + 0, + NULL)) == -1) { + DEBUG(0, ("Error opening file %s. errno=%d (%s)\n", + fsp->fsp_name, errno, strerror(errno))); status = map_nt_error_from_unix(errno); goto out; } @@ -679,22 +689,18 @@ onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, } /** - * Isilon-specific function for setting an NTFS ACL on an open file. + * Isilon-specific function for setting up an ifs_security_descriptor, given a + * samba SEC_DESC. * - * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off - * errno on syscall errors + * @param[out] sd ifs_security_descriptor to fill in + * + * @return NTSTATUS_OK if successful */ -NTSTATUS -onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS onefs_setup_sd(uint32 security_info_sent, SEC_DESC *psd, + struct ifs_security_descriptor *sd) { - struct ifs_security_descriptor sd = {}; struct ifs_security_acl dacl, sacl, *daclp, *saclp; struct ifs_identity owner, group, *ownerp, *groupp; - int fd; - bool fopened = false; - - DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name )); ownerp = NULL; groupp = NULL; @@ -759,10 +765,37 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, /* Setup ifs_security_descriptor */ DEBUG(5,("Setting up SD\n")); - if (aclu_initialize_sd(&sd, psd->type, ownerp, groupp, - (daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false)) + if (aclu_initialize_sd(sd, psd->type, ownerp, groupp, + (daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false)) return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_OK; +} + +/** + * Isilon-specific function for setting an NTFS ACL on an open file. + * + * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off + * errno on syscall errors + */ +NTSTATUS +onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, SEC_DESC *psd) +{ + struct ifs_security_descriptor sd = {}; + int fd; + bool fopened = false; + NTSTATUS status; + + DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name )); + + status = onefs_setup_sd(security_info_sent, psd, &sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("SD initialization failure: %s", nt_errstr(status))); + return status; + } + fd = fsp->fh->fd; if (fd == -1) { enum ifs_ace_rights desired_access = 0; @@ -775,16 +808,24 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, if (security_info_sent & SACL_SECURITY_INFORMATION) desired_access |= IFS_RTS_SACL_ACCESS; - if ((fd = ifs_createfile(-1, - fsp->fsp_name, - desired_access, - 0, 0, - OPLOCK_NONE, - 0, NULL, 0, - NULL, 0, NULL)) == -1) { - DEBUG(0, ("Error opening file %s. errno=%d\n", - fsp->fsp_name, errno)); - return map_nt_error_from_unix(errno); + if ((fd = onefs_sys_create_file(handle->conn, + -1, + fsp->fsp_name, + desired_access, + desired_access, + 0, + 0, + 0, + 0, + INTERNAL_OPEN_ONLY, + 0, + NULL, + 0, + NULL)) == -1) { + DEBUG(0, ("Error opening file %s. errno=%d (%s)\n", + fsp->fsp_name, errno, strerror(errno))); + status = map_nt_error_from_unix(errno); + goto out; } fopened = true; } @@ -792,10 +833,12 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, errno = 0; if (ifs_set_security_descriptor(fd, security_info_sent, &sd)) { DEBUG(0, ("Error setting security descriptor = %d\n", errno)); + status = map_nt_error_from_unix(errno); goto out; } DEBUG(5, ("Security descriptor set correctly!\n")); + status = NT_STATUS_OK; /* FALLTHROUGH */ out: @@ -803,5 +846,5 @@ out: close(fd); aclu_free_sd(&sd, false); - return errno ? map_nt_error_from_unix(errno) : NT_STATUS_OK; + return status; } diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c new file mode 100644 index 0000000000..d0310d0174 --- /dev/null +++ b/source3/modules/onefs_open.c @@ -0,0 +1,2153 @@ +/* + * Unix SMB/CIFS implementation. + * + * This file began with some code from source3/smbd/open.c and modified it to + * work with ifs_createfile. + * + * ifs_createfile is a CIFS-specific syscall for opening/files and + * directories. It adds support for: + * - Full in-kernel access checks using a windows access_mask + * - Cluster-coherent share mode locks + * - Cluster-coherent oplocks + * - Streams + * - Setting security descriptors at create time + * - Setting dos_attributes at create time + * + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Jeremy Allison 2001-2004 + * Copyright (C) Volker Lendecke 2005 + * Copyright (C) Tim Prouty, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "onefs.h" + +extern const struct generic_mapping file_generic_mapping; +extern bool global_client_failed_oplock_break; + +struct deferred_open_record { + bool delayed_for_oplocks; + bool failed; /* added for onefs_oplocks */ + struct file_id id; +}; + +static NTSTATUS onefs_create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + +/**************************************************************************** + Open a file. +****************************************************************************/ + +static NTSTATUS onefs_open_file(files_struct *fsp, + connection_struct *conn, + struct smb_request *req, + const char *parent_dir, + const char *name, + const char *path, + SMB_STRUCT_STAT *psbuf, + int flags, + mode_t unx_mode, + uint32 access_mask, + uint32 open_access_mask, + int oplock_request, + uint64 id, + uint32 share_access, + uint32 create_options, + uint32_t new_dos_attributes, + struct security_descriptor *sd, + int *granted_oplock) +{ + NTSTATUS status = NT_STATUS_OK; + int accmode = (flags & O_ACCMODE); + int local_flags = flags; + bool file_existed = VALID_STAT(*psbuf); + const char *wild; + + fsp->fh->fd = -1; + errno = EPERM; + + /* Check permissions */ + + /* + * This code was changed after seeing a client open request + * containing the open mode of (DENY_WRITE/read-only) with + * the 'create if not exist' bit set. The previous code + * would fail to open the file read only on a read-only share + * as it was checking the flags parameter directly against O_RDONLY, + * this was failing as the flags parameter was set to O_RDONLY|O_CREAT. + * JRA. + */ + + if (!CAN_WRITE(conn)) { + /* It's a read-only share - fail if we wanted to write. */ + if(accmode != O_RDONLY) { + DEBUG(3,("Permission denied opening %s\n", path)); + return NT_STATUS_ACCESS_DENIED; + } else if(flags & O_CREAT) { + /* We don't want to write - but we must make sure that + O_CREAT doesn't create the file if we have write + access into the directory. + */ + flags &= ~O_CREAT; + local_flags &= ~O_CREAT; + } + } + + /* + * This little piece of insanity is inspired by the + * fact that an NT client can open a file for O_RDONLY, + * but set the create disposition to FILE_EXISTS_TRUNCATE. + * If the client *can* write to the file, then it expects to + * truncate the file, even though it is opening for readonly. + * Quicken uses this stupid trick in backup file creation... + * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net> + * for helping track this one down. It didn't bite us in 2.0.x + * as we always opened files read-write in that release. JRA. + */ + + if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) { + DEBUG(10,("onefs_open_file: truncate requested on read-only " + "open for file %s\n", path)); + local_flags = (flags & ~O_ACCMODE)|O_RDWR; + } + +#if defined(O_NONBLOCK) && defined(S_ISFIFO) + /* + * We would block on opening a FIFO with no one else on the + * other end. Do what we used to do and add O_NONBLOCK to the + * open flags. JRA. + */ + + if (file_existed && S_ISFIFO(psbuf->st_mode)) { + local_flags |= O_NONBLOCK; + } +#endif + + /* Don't create files with Microsoft wildcard characters. */ + if (fsp->base_fsp) { + /* + * wildcard characters are allowed in stream names + * only test the basefilename + */ + wild = fsp->base_fsp->fsp_name; + } else { + wild = path; + } + if ((local_flags & O_CREAT) && !file_existed && + ms_has_wild(wild)) { + /* + * XXX: may need to remvoe this return... + * + * We dont think this check needs to exist. All it does is + * block creating files with Microsoft wildcards, which is + * fine if the creation originated from NFS or locally and + * then was copied via Samba. + */ + DEBUG(1, ("onefs_open_file: creating file with wildcard: %s\n", + path)); + return NT_STATUS_OBJECT_NAME_INVALID; + } + + /* Actually do the open */ + +#ifdef O_NOFOLLOW + /* + * Never follow symlinks on a POSIX client. The + * client should be doing this. + */ + + if (fsp->posix_open || !lp_symlinks(SNUM(conn))) { + flags |= O_NOFOLLOW; + } +#endif + /* Don't request an oplock if oplocks are turned off for the + * share. */ + if (!lp_oplocks(SNUM(conn))) + oplock_request = 0; + + fsp->fh->fd = onefs_sys_create_file(conn, + -1, + path, + access_mask, + open_access_mask, + share_access, + create_options, + flags, + unx_mode, + oplock_request, + id, + sd, + new_dos_attributes, + granted_oplock); + + if (fsp->fh->fd == -1) { + if (errno == EMFILE) { + static time_t last_warned = 0L; + + if (time((time_t *) NULL) > last_warned) { + DEBUG(0, ("Too many open files, unable " + "to open more! smbd's max " + "open files = %d, also check " + "sysctl kern.maxfiles and " + "sysctl kern.maxfilesperproc\n", + lp_max_open_files())); + last_warned = time((time_t *) NULL); + } + } + + status = map_nt_error_from_unix(errno); + DEBUG(3,("Error opening file %s (%s) (local_flags=%d) " + "(flags=%d)\n", + path,nt_errstr(status),local_flags,flags)); + return status; + } + + if ((local_flags & O_CREAT) && !file_existed) { + + /* Inherit the ACL if required */ + if (lp_inherit_perms(SNUM(conn))) { + inherit_access_posix_acl(conn, parent_dir, path, + unx_mode); + } + + /* Change the owner if required. */ + if (lp_inherit_owner(SNUM(conn))) { + change_file_owner_to_parent(conn, parent_dir, + fsp); + } + + notify_fname(conn, NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_FILE_NAME, path); + } + + if (!file_existed) { + int ret; + + if (fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(conn, path, psbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, psbuf); + /* If we have an fd, this stat should succeed. */ + if (ret == -1) { + DEBUG(0,("Error doing fstat on open file %s " + "(%s)\n", path,strerror(errno) )); + } + } + + /* For a non-io open, this stat failing means file not found. JRA */ + if (ret == -1) { + status = map_nt_error_from_unix(errno); + fd_close(fsp); + return status; + } + } + + /* + * POSIX allows read-only opens of directories. We don't + * want to do this (we use a different code path for this) + * so catch a directory open and return an EISDIR. JRA. + */ + + if(S_ISDIR(psbuf->st_mode)) { + fd_close(fsp); + errno = EISDIR; + return NT_STATUS_FILE_IS_A_DIRECTORY; + } + + fsp->mode = psbuf->st_mode; + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->vuid = req ? req->vuid : UID_FIELD_INVALID; + fsp->file_pid = req ? req->smbpid : 0; + fsp->can_lock = True; + fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; + if (!CAN_WRITE(conn)) { + fsp->can_write = False; + } else { + fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? + True : False; + } + fsp->print_file = False; + fsp->modified = False; + fsp->sent_oplock_break = NO_BREAK_SENT; + fsp->is_directory = False; + if (conn->aio_write_behind_list && + is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) { + fsp->aio_write_behind = True; + } + + string_set(&fsp->fsp_name, path); + fsp->wcp = NULL; /* Write cache pointer. */ + + DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n", + conn->server_info->unix_name, + fsp->fsp_name, + BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), + conn->num_files_open)); + + errno = 0; + return NT_STATUS_OK; +} + +/**************************************************************************** + Handle the 1 second delay in returning a SHARING_VIOLATION error. +****************************************************************************/ + +static void defer_open(struct share_mode_lock *lck, + struct timeval request_time, + struct timeval timeout, + struct smb_request *req, + struct deferred_open_record *state) +{ + int i; + + /* Paranoia check */ + + for (i=0; i<lck->num_share_modes; i++) { + struct share_mode_entry *e = &lck->share_modes[i]; + + if (!is_deferred_open_entry(e)) { + continue; + } + + if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) { + DEBUG(0, ("Trying to defer an already deferred " + "request: mid=%d, exiting\n", req->mid)); + exit_server("attempt to defer a deferred request"); + } + } + + /* End paranoia check */ + + DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred " + "open entry for mid %u\n", + (unsigned int)request_time.tv_sec, + (unsigned int)request_time.tv_usec, + (unsigned int)req->mid)); + + if (!push_deferred_smb_message(req, request_time, timeout, + (char *)state, sizeof(*state))) { + exit_server("push_deferred_smb_message failed"); + } + add_deferred_open(lck, req->mid, request_time, state->id); + + /* + * Push the MID of this packet on the signing queue. + * We only do this once, the first time we push the packet + * onto the deferred open queue, as this has a side effect + * of incrementing the response sequence number. + */ + + srv_defer_sign_response(req->mid); +} + +static void schedule_defer_open(struct share_mode_lock *lck, + struct timeval request_time, + struct smb_request *req) +{ + struct deferred_open_record state; + + /* This is a relative time, added to the absolute + request_time value to get the absolute timeout time. + Note that if this is the second or greater time we enter + this codepath for this particular request mid then + request_time is left as the absolute time of the *first* + time this request mid was processed. This is what allows + the request to eventually time out. */ + + struct timeval timeout; + + /* Normally the smbd we asked should respond within + * OPLOCK_BREAK_TIMEOUT seconds regardless of whether + * the client did, give twice the timeout as a safety + * measure here in case the other smbd is stuck + * somewhere else. */ + + timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0); + + /* Nothing actually uses state.delayed_for_oplocks + but it's handy to differentiate in debug messages + between a 30 second delay due to oplock break, and + a 1 second delay for share mode conflicts. */ + + state.delayed_for_oplocks = True; + state.failed = False; + state.id = lck->id; + + if (!request_timed_out(request_time, timeout)) { + defer_open(lck, request_time, timeout, req, &state); + } +} + +/**************************************************************************** + Open a file with a share mode. Passed in an already created files_struct. +****************************************************************************/ +NTSTATUS onefs_open_file_ntcreate(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 new_dos_attributes, + int oplock_request, + struct security_descriptor *sd, + files_struct *fsp, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + int flags=0; + int flags2=0; + bool file_existed = VALID_STAT(*psbuf); + bool def_acl = False; + bool posix_open = False; + bool new_file_created = False; + struct file_id id; + mode_t new_unx_mode = (mode_t)0; + mode_t unx_mode = (mode_t)0; + int info; + uint32 existing_dos_attributes = 0; + struct pending_message_list *pml = NULL; + struct timeval request_time = timeval_zero(); + struct share_mode_lock *lck = NULL; + uint32 open_access_mask = access_mask; + NTSTATUS status; + int ret_flock; + char *parent_dir; + const char *newname; + int granted_oplock; + uint64 oplock_waiter; + uint32 createfile_attributes = 0; + + ZERO_STRUCT(id); + + if (conn->printer) { + /* + * Printers are handled completely differently. + * Most of the passed parameters are ignored. + */ + + if (pinfo) { + *pinfo = FILE_WAS_CREATED; + } + + DEBUG(10, ("onefs_open_file_ntcreate: printer open fname=%s\n", + fname)); + + return print_fsp_open(req, conn, fname, req->vuid, fsp); + } + + if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, + &newname)) { + return NT_STATUS_NO_MEMORY; + } + + if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) { + posix_open = True; + unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS); + new_dos_attributes = 0; + } else { + /* We add aARCH to this as this mode is only used if the file is + * created new. */ + unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname, + parent_dir); + } + + DEBUG(10,("onefs_open_file_ntcreate: fname=%s, dos_attrs=0x%x " + "access_mask=0x%x share_access=0x%x " + "create_disposition = 0x%x create_options=0x%x " + "unix mode=0%o oplock_request=0x%x\n", + fname, new_dos_attributes, access_mask, share_access, + create_disposition, create_options, unx_mode, + oplock_request)); + + if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) { + DEBUG(0, ("No smb request but not an internal only open!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + /* + * Only non-internal opens can be deferred at all + */ + + if ((req != NULL) + && ((pml = get_open_deferred_message(req->mid)) != NULL)) { + struct deferred_open_record *state = + (struct deferred_open_record *)pml->private_data.data; + + /* Remember the absolute time of the original + request with this mid. We'll use it later to + see if this has timed out. */ + + request_time = pml->request_time; + + /* Remove the deferred open entry under lock. */ + lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL, + NULL); + if (lck == NULL) { + DEBUG(0, ("could not get share mode lock\n")); + } else { + del_deferred_open_entry(lck, req->mid); + TALLOC_FREE(lck); + } + + /* Ensure we don't reprocess this message. */ + remove_deferred_open_smb_message(req->mid); + + /* + * When receiving a semlock_async_failure message, the + * deferred open will be marked as "failed". Returning + * INTERNAL_ERROR. + */ + if (state->failed) { + DEBUG(0, ("onefs_open_file_ntcreate: " + "semlock_async_failure detected!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + } + + status = check_name(conn, fname); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!posix_open) { + new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; + if (file_existed) { + existing_dos_attributes = dos_mode(conn, fname, psbuf); + } + } + + /* Setup dos_attributes to be set by ifs_createfile */ + if (lp_store_dos_attributes(SNUM(conn))) { + createfile_attributes = (new_dos_attributes | aARCH) & + ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED); + } + + /* Ignore oplock requests if oplocks are disabled. */ + if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break || + IS_VETO_OPLOCK_PATH(conn, fname)) { + /* Mask off everything except the private Samba bits. */ + oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK; + } + + /* this is for OS/2 long file names - say we don't support them */ + if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) { + /* OS/2 Workplace shell fix may be main code stream in a later + * release. */ + DEBUG(5,("onefs_open_file_ntcreate: OS/2 long filenames are " + "not supported.\n")); + if (use_nt_status()) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return NT_STATUS_DOS(ERRDOS, ERRcannotopen); + } + + switch( create_disposition ) { + /* + * Currently we're using FILE_SUPERSEDE as the same as + * FILE_OVERWRITE_IF but they really are + * different. FILE_SUPERSEDE deletes an existing file + * (requiring delete access) then recreates it. + */ + case FILE_SUPERSEDE: + /* If file exists replace/overwrite. If file doesn't + * exist create. */ + /** + * @todo: Clear all file attributes? + * http://www.osronline.com/article.cfm?article=302 + * create if not exist, trunc if exist + * + * If file exists replace/overwrite. If file doesn't + * exist create. + */ + flags2 |= (O_CREAT | O_TRUNC); + break; + + case FILE_OVERWRITE_IF: + /* If file exists replace/overwrite. If file doesn't + * exist create. */ + flags2 |= (O_CREAT | O_TRUNC); + break; + + case FILE_OPEN: + /* If file exists open. If file doesn't exist error. */ + if (!file_existed) { + DEBUG(5,("onefs_open_file_ntcreate: FILE_OPEN " + "requested for file %s and file " + "doesn't exist.\n", fname )); + errno = ENOENT; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + break; + + case FILE_OVERWRITE: + /* If file exists overwrite. If file doesn't exist + * error. */ + if (!file_existed) { + DEBUG(5, ("onefs_open_file_ntcreate: " + "FILE_OVERWRITE requested for file " + "%s and file doesn't exist.\n", + fname)); + errno = ENOENT; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + flags2 |= O_TRUNC; + break; + + case FILE_CREATE: + /* If file exists error. If file doesn't exist + * create. */ + if (file_existed) { + DEBUG(5, ("onefs_open_file_ntcreate: " + "FILE_CREATE requested for file %s " + "and file already exists.\n", + fname)); + if (S_ISDIR(psbuf->st_mode)) { + errno = EISDIR; + } else { + errno = EEXIST; + } + return map_nt_error_from_unix(errno); + } + flags2 |= (O_CREAT|O_EXCL); + break; + + case FILE_OPEN_IF: + /* If file exists open. If file doesn't exist + * create. */ + flags2 |= O_CREAT; + break; + + default: + return NT_STATUS_INVALID_PARAMETER; + } + + /* Match attributes on file exists and overwrite. */ + if (!posix_open && file_existed && + ((create_disposition == FILE_OVERWRITE) || + (create_disposition == FILE_OVERWRITE_IF))) { + if (!open_match_attributes(conn, fname, + existing_dos_attributes, + new_dos_attributes, psbuf->st_mode, + unx_mode, &new_unx_mode)) { + DEBUG(5, ("onefs_open_file_ntcreate: attributes " + "missmatch for file %s (%x %x) (0%o, 0%o)\n", + fname, existing_dos_attributes, + new_dos_attributes, + (unsigned int)psbuf->st_mode, + (unsigned int)unx_mode )); + errno = EACCES; + return NT_STATUS_ACCESS_DENIED; + } + } + + /* + * OneFS understands MAXIMUM_ALLOWED_ACCESS, so only hack the + * access_mask, but leave the MAA for the actual open in + * open_access_mask. + */ + open_access_mask = access_mask; + if (open_access_mask & MAXIMUM_ALLOWED_ACCESS) { + access_mask |= FILE_GENERIC_ALL; + } + + /* Convert GENERIC bits to specific bits. */ + se_map_generic(&access_mask, &file_generic_mapping); + se_map_generic(&open_access_mask, &file_generic_mapping); + + if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) { + /* This will cause oplock breaks. */ + open_access_mask |= FILE_WRITE_DATA; + } + + DEBUG(10, ("onefs_open_file_ntcreate: fname=%s, after mapping " + "open_access_mask=%#x, access_mask=0x%x\n", + fname, open_access_mask, access_mask)); + + /* + * Note that we ignore the append flag as append does not + * mean the same thing under DOS and Unix. + */ + + if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) || + (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) { + + /* + * DENY_DOS opens are always underlying read-write on the + * file handle, no matter what the requested access mask + * says. Stock samba just sets the flags, but since + * ifs_createfile uses the access_mask, it must be updated as + * well. This allows BASE-DENY* to pass. + */ + if (create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) { + + DEBUG(10,("onefs_open_file_ntcreate: deny_dos: " + "Adding O_RDWR to flags " + "(0x%x) and some READ bits to " + "open_access_mask (0x%x)\n", + flags, open_access_mask)); + + flags = O_RDWR; + open_access_mask |= (FILE_READ_ATTRIBUTES | + FILE_READ_DATA | FILE_READ_EA | FILE_EXECUTE); + + } else if (access_mask & (FILE_READ_ATTRIBUTES | + FILE_READ_DATA | + FILE_READ_EA | + FILE_EXECUTE)) { + flags = O_RDWR; + } else { + flags = O_WRONLY; + } + } else { + flags = O_RDONLY; + } + + /* Currently we only look at FILE_WRITE_THROUGH for create options. */ +#if defined(O_SYNC) + if ((create_options & FILE_WRITE_THROUGH) && + lp_strict_sync(SNUM(conn))) { + flags2 |= O_SYNC; + } +#endif /* O_SYNC */ + + if (posix_open && (access_mask & FILE_APPEND_DATA)) { + flags2 |= O_APPEND; + } + + if (!posix_open && !CAN_WRITE(conn)) { + /* + * We should really return a permission denied error if either + * O_CREAT or O_TRUNC are set, but for compatibility with + * older versions of Samba we just AND them out. + */ + flags2 &= ~(O_CREAT|O_TRUNC); + + /** + * XXX: TODO + * Apparently this is necessary because we ship with + * lp_acl_check_permissions = no. It is set to no because our + * ifs_createfile does the access check correctly. This check + * was added in the last merge, and the question is why is it + * necessary? Check out Bug 25547 and Bug 14596. The key is + * to figure out what case this is covering, and do some + * testing to see if it's actually necessary. If it is, maybe + * it should go upstream in open.c. + */ + if (!lp_acl_check_permissions(SNUM(conn)) && + (access_mask & DELETE_ACCESS)) { + return map_nt_error_from_unix(EACCES); + } + } + + /* Ensure we can't write on a read-only share or file. */ + if (flags != O_RDONLY && file_existed && + (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) { + DEBUG(5, ("onefs_open_file_ntcreate: write access requested " + "for file %s on read only %s\n", + fname, !CAN_WRITE(conn) ? "share" : "file" )); + errno = EACCES; + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(10, ("fsp = %p\n", fsp)); + + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + fsp->access_mask = open_access_mask; /* We change this to the + * requested access_mask after + * the open is done. */ + fsp->posix_open = posix_open; + + /* Ensure no SAMBA_PRIVATE bits can be set. */ + fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK); + + if (timeval_is_zero(&request_time)) { + request_time = fsp->open_time; + } + + if (file_existed) { + struct timespec old_write_time = get_mtimespec(psbuf); + id = vfs_file_id_from_sbuf(conn, psbuf); + + lck = get_share_mode_lock(talloc_tos(), id, + conn->connectpath, + fname, &old_write_time); + + if (lck == NULL) { + DEBUG(0, ("Could not get share mode lock\n")); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + /* DELETE_PENDING is not deferred for a second */ + TALLOC_FREE(lck); + return NT_STATUS_DELETE_PENDING; + } + } + + SMB_ASSERT(!file_existed || (lck != NULL)); + + /* + * Ensure we pay attention to default ACLs on directories. May be + * neccessary depending on ACL policies. + */ + if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) && + (def_acl = directory_has_default_acl(conn, parent_dir))) { + unx_mode = 0777; + } + + DEBUG(4,("calling onefs_open_file with flags=0x%X flags2=0x%X " + "mode=0%o, access_mask = 0x%x, open_access_mask = 0x%x\n", + (unsigned int)flags, (unsigned int)flags2, + (unsigned int)unx_mode, (unsigned int)access_mask, + (unsigned int)open_access_mask)); + + oplock_waiter = 1; //ifs_oplock_wait_record(mid); + + if (oplock_waiter == 0) { + return NT_STATUS_NO_MEMORY; + } + + /* Do the open. */ + status = onefs_open_file(fsp, + conn, + req, + parent_dir, + newname, + fname, + psbuf, + flags|flags2, + unx_mode, + access_mask, + open_access_mask, + fsp->oplock_type, + oplock_waiter, + share_access, + create_options, + createfile_attributes, + sd, + &granted_oplock); + + if (!NT_STATUS_IS_OK(status)) { + + /* OneFS Oplock Handling */ + if (errno == EINPROGRESS) { + + if (lck == NULL) { + + struct deferred_open_record state; + struct timespec old_write_time; + + old_write_time = get_mtimespec(psbuf); + + DEBUG(3, ("Someone created file %s with an " + "oplock after we looked: Retrying\n", + fname)); + /* + * We hit the race that when we did the stat + * on the file it did not exist, and someone + * has created it in between the stat and the + * open_file() call. Just retry immediately. + */ + id = vfs_file_id_from_sbuf(conn, psbuf); + if (!(lck = get_share_mode_lock(talloc_tos(), + id, conn->connectpath, fname, + &old_write_time))) { + /* + * Emergency exit + */ + DEBUG(0, ("onefs_open_file_ntcreate: " + "Could not get share mode " + "lock for %s\n", fname)); + status = NT_STATUS_SHARING_VIOLATION; + goto cleanup_destroy; + } + + state.delayed_for_oplocks = False; + state.id = id; + + if (req != NULL) { + defer_open(lck, request_time, + timeval_zero(), req, &state); + } + goto cleanup_destroy; + } + /* Waiting for an oplock */ + SMB_ASSERT(req); + schedule_defer_open(lck, request_time, req); + goto cleanup; + } + + /* Check for a sharing violation */ + if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) { + uint32 can_access_mask; + bool can_access = True; + + /* Check if this can be done with the deny_dos and fcb + * calls. */ + + /* Try to find dup fsp if possible. */ + if (create_options & + (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS| + NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) { + + if (req == NULL) { + DEBUG(0, ("DOS open without an SMB " + "request!\n")); + status = NT_STATUS_INTERNAL_ERROR; + goto cleanup_destroy; + } + + /* Use the client requested access mask here, + * not the one we open with. */ + status = fcb_or_dos_open(req, + conn, + fsp, + fname, + id, + req->smbpid, + req->vuid, + access_mask, + share_access, + create_options); + + if (NT_STATUS_IS_OK(status)) { + TALLOC_FREE(lck); + if (pinfo) { + *pinfo = FILE_WAS_OPENED; + } + status = NT_STATUS_OK; + goto cleanup; + } + } + + /* + * This next line is a subtlety we need for + * MS-Access. If a file open will fail due to share + * permissions and also for security (access) reasons, + * we need to return the access failed error, not the + * share error. We can't open the file due to kernel + * oplock deadlock (it's possible we failed above on + * the open_mode_check()) so use a userspace check. + */ + + if (flags & O_RDWR) { + can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA; + } else if (flags & O_WRONLY) { + can_access_mask = FILE_WRITE_DATA; + } else { + can_access_mask = FILE_READ_DATA; + } + + if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) || + !can_access_file_data(conn,fname,psbuf,can_access_mask)) { + can_access = False; + } + + /* + * If we're returning a share violation, ensure we + * cope with the braindead 1 second delay. + */ + if (!(oplock_request & INTERNAL_OPEN_ONLY) && + lp_defer_sharing_violations()) { + struct timeval timeout; + struct deferred_open_record state; + int timeout_usecs; + + /* this is a hack to speed up torture tests + in 'make test' */ + timeout_usecs = lp_parm_int(SNUM(conn), + "smbd","sharedelay", + SHARING_VIOLATION_USEC_WAIT); + + /* This is a relative time, added to the + absolute request_time value to get the + absolute timeout time. Note that if this + is the second or greater time we enter this + codepath for this particular request mid + then request_time is left as the absolute + time of the *first* time this request mid + was processed. This is what allows the + request to eventually time out. */ + + timeout = timeval_set(0, timeout_usecs); + + /* Nothing actually uses + state.delayed_for_oplocks but it's handy to + differentiate in debug messages between a + 30 second delay due to oplock break, and a + 1 second delay for share mode conflicts. */ + + state.delayed_for_oplocks = False; + state.id = id; + state.failed = false; + + if ((req != NULL) + && !request_timed_out(request_time, + timeout)) { + defer_open(lck, request_time, timeout, + req, &state); + } + } + + if (can_access) { + /* + * We have detected a sharing violation here + * so return the correct error code + */ + status = NT_STATUS_SHARING_VIOLATION; + } else { + status = NT_STATUS_ACCESS_DENIED; + } + + goto cleanup_destroy; + } + + /* + * Normal error, for example EACCES + */ + cleanup_destroy: + //destroy_ifs_callback_record(oplock_waiter); + cleanup: + TALLOC_FREE(lck); + return status; + } + + fsp->oplock_type = granted_oplock; + + /* XXX uncomment for oplocks */ + //ifs_set_oplock_callback(oplock_waiter, fsp); + //fsp->oplock_callback_id = oplock_waiter; + + if (!file_existed) { + struct timespec old_write_time = get_mtimespec(psbuf); + /* + * Deal with the race condition where two smbd's detect the + * file doesn't exist and do the create at the same time. One + * of them will win and set a share mode, the other (ie. this + * one) should check if the requested share mode for this + * create is allowed. + */ + + /* + * Now the file exists and fsp is successfully opened, + * fsp->dev and fsp->inode are valid and should replace the + * dev=0,inode=0 from a non existent file. Spotted by + * Nadav Danieli <nadavd@exanet.com>. JRA. + */ + + id = fsp->file_id; + + lck = get_share_mode_lock(talloc_tos(), id, + conn->connectpath, + fname, &old_write_time); + + if (lck == NULL) { + DEBUG(0, ("onefs_open_file_ntcreate: Could not get " + "share mode lock for %s\n", fname)); + fd_close(fsp); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + status = NT_STATUS_DELETE_PENDING; + } + + if (!NT_STATUS_IS_OK(status)) { + struct deferred_open_record state; + + fd_close(fsp); + + state.delayed_for_oplocks = False; + state.id = id; + + /* Do it all over again immediately. In the second + * round we will find that the file existed and handle + * the DELETE_PENDING and FCB cases correctly. No need + * to duplicate the code here. Essentially this is a + * "goto top of this function", but don't tell + * anybody... */ + + if (req != NULL) { + defer_open(lck, request_time, timeval_zero(), + req, &state); + } + TALLOC_FREE(lck); + return status; + } + + /* + * We exit this block with the share entry *locked*..... + */ + + } + + SMB_ASSERT(lck != NULL); + + /* note that we ignore failure for the following. It is + basically a hack for NFS, and NFS will never set one of + these only read them. Nobody but Samba can ever set a deny + mode and we have already checked our more authoritative + locking database for permission to set this deny mode. If + the kernel refuses the operations then the kernel is wrong. + note that GPFS supports it as well - jmcd */ + + if (fsp->fh->fd != -1) { + ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access); + if(ret_flock == -1 ){ + + TALLOC_FREE(lck); + fd_close(fsp); + return NT_STATUS_SHARING_VIOLATION; + } + } + + /* + * At this point onwards, we can guarentee that the share entry + * is locked, whether we created the file or not, and that the + * deny mode is compatible with all current opens. + */ + + /* Record the options we were opened with. */ + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; + + if (file_existed) { + /* stat opens on existing files don't get oplocks. */ + if (is_stat_open(open_access_mask)) { + fsp->oplock_type = NO_OPLOCK; + } + + if (!(flags2 & O_TRUNC)) { + info = FILE_WAS_OPENED; + } else { + info = FILE_WAS_OVERWRITTEN; + } + } else { + info = FILE_WAS_CREATED; + } + + if (pinfo) { + *pinfo = info; + } + + /* + * Setup the oplock info in both the shared memory and + * file structs. + */ + + if ((fsp->oplock_type != NO_OPLOCK) && + (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) { + if (!set_file_oplock(fsp, fsp->oplock_type)) { + /* Could not get the kernel oplock */ + fsp->oplock_type = NO_OPLOCK; + } + } + + if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || + info == FILE_WAS_SUPERSEDED) { + new_file_created = True; + } + + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, + fsp->oplock_type); + + /* Handle strange delete on close create semantics. */ + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, new_dos_attributes); + + if (!NT_STATUS_IS_OK(status)) { + /* Remember to delete the mode we just added. */ + del_share_mode(lck, fsp); + TALLOC_FREE(lck); + fd_close(fsp); + return status; + } + /* Note that here we set the *inital* delete on close flag, + not the regular one. The magic gets handled in close. */ + fsp->initial_delete_on_close = True; + } + + /* + * Take care of inherited ACLs on created files - if default ACL not + * selected. + * May be necessary depending on acl policies. + */ + if (!posix_open && !file_existed && !def_acl && !(VALID_STAT(*psbuf) + && (psbuf->st_flags & SF_HASNTFSACL))) { + + int saved_errno = errno; /* We might get ENOSYS in the next + * call.. */ + + if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 && + errno == ENOSYS) { + errno = saved_errno; /* Ignore ENOSYS */ + } + + } else if (new_unx_mode) { + + int ret = -1; + + /* Attributes need changing. File already existed. */ + + { + int saved_errno = errno; /* We might get ENOSYS in the + * next call.. */ + ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode); + + if (ret == -1 && errno == ENOSYS) { + errno = saved_errno; /* Ignore ENOSYS */ + } else { + DEBUG(5, ("onefs_open_file_ntcreate: reset " + "attributes of file %s to 0%o\n", + fname, (unsigned int)new_unx_mode)); + ret = 0; /* Don't do the fchmod below. */ + } + } + + if ((ret == -1) && + (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1)) + DEBUG(5, ("onefs_open_file_ntcreate: failed to reset " + "attributes of file %s to 0%o\n", + fname, (unsigned int)new_unx_mode)); + } + + /* If this is a successful open, we must remove any deferred open + * records. */ + if (req != NULL) { + del_deferred_open_entry(lck, req->mid); + } + TALLOC_FREE(lck); + + return NT_STATUS_OK; +} + + +/**************************************************************************** + Open a directory from an NT SMB call. +****************************************************************************/ +static NTSTATUS onefs_open_directory(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 file_attributes, + struct security_descriptor *sd, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + files_struct *fsp = NULL; + struct share_mode_lock *lck = NULL; + NTSTATUS status; + struct timespec mtimespec; + int info = 0; + char *parent_dir; + const char *dirname; + bool posix_open = false; + uint32 create_flags = 0; + uint32 mode = lp_dir_mask(SNUM(conn)); + + DEBUG(5, ("onefs_open_directory: opening directory %s, " + "access_mask = 0x%x, " + "share_access = 0x%x create_options = 0x%x, " + "create_disposition = 0x%x, file_attributes = 0x%x\n", + fname, (unsigned int)access_mask, (unsigned int)share_access, + (unsigned int)create_options, (unsigned int)create_disposition, + (unsigned int)file_attributes)); + + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (conn->fs_capabilities & FILE_NAMED_STREAMS) && + is_ntfs_stream_name(fname)) { + DEBUG(2, ("onefs_open_directory: %s is a stream name!\n", fname)); + return NT_STATUS_NOT_A_DIRECTORY; + } + + switch (create_disposition) { + case FILE_OPEN: + /* If directory exists open. If directory doesn't + * exist error. */ + create_flags = 0; + info = FILE_WAS_OPENED; + break; + case FILE_CREATE: + /* If directory exists error. If directory doesn't + * exist create. */ + create_flags = O_CREAT | O_EXCL; + info = FILE_WAS_CREATED; + break; + case FILE_OPEN_IF: + /* If directory exists open. If directory doesn't + * exist create. */ + + /* Note: in order to return whether the directory was + * opened or created, we first try to open and then try + * to create. */ + create_flags = 0; + info = FILE_WAS_OPENED; + break; + case FILE_SUPERSEDE: + case FILE_OVERWRITE: + case FILE_OVERWRITE_IF: + default: + DEBUG(5, ("onefs_open_directory: invalid " + "create_disposition 0x%x for directory %s\n", + (unsigned int)create_disposition, fname)); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Check for write access to the share. Done in mkdir_internal() in + * mainline samba. + */ + if (!CAN_WRITE(conn) && (create_flags & O_CREAT)) { + return NT_STATUS_ACCESS_DENIED; + } + + /* Get parent dirname */ + if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, + &dirname)) { + return NT_STATUS_NO_MEMORY; + } + + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + posix_open = true; + mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS); + file_attributes = 0; + } else { + mode = unix_mode(conn, aDIR, fname, parent_dir); + } + + /* + * The NONINDEXED and COMPRESSED bits seem to always be cleared on + * directories, no matter if you specify that they should be set. + */ + file_attributes &= + ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED); + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + return status; + } + + /* + * Actual open with retry magic to handle FILE_OPEN_IF which is + * unique because the kernel won't tell us if the file was opened or + * created. + */ + retry_open: + fsp->fh->fd = onefs_sys_create_file(conn, + -1, + fname, + access_mask, + access_mask, + share_access, + create_options, + create_flags | O_DIRECTORY, + mode, + 0, + 0, + sd, + file_attributes, + NULL); + + if (fsp->fh->fd == -1) { + DEBUG(3, ("Error opening %s. Errno=%d (%s).\n", fname, errno, + strerror(errno))); + SMB_ASSERT(errno != EINPROGRESS); + + if (create_disposition == FILE_OPEN_IF) { + if (errno == ENOENT) { + /* Try again, creating it this time. */ + create_flags = O_CREAT | O_EXCL; + info = FILE_WAS_CREATED; + goto retry_open; + } else if (errno == EEXIST) { + /* Uggh. Try again again. */ + create_flags = 0; + info = FILE_WAS_OPENED; + goto retry_open; + } + } + + /* Error cases below: */ + file_free(req, fsp); + + if ((errno == ENOENT) && (create_disposition == FILE_OPEN)) { + DEBUG(5,("onefs_open_directory: FILE_OPEN requested " + "for directory %s and it doesn't " + "exist.\n", fname )); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } else if ((errno == EEXIST) && + (create_disposition == FILE_CREATE)) { + DEBUG(5,("onefs_open_directory: FILE_CREATE " + "requested for directory %s and it " + "already exists.\n", fname )); + return NT_STATUS_OBJECT_NAME_COLLISION; + } else if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) { + /* Catch sharing violations. */ + return NT_STATUS_SHARING_VIOLATION; + } + + return map_nt_error_from_unix(errno); + } + + if (info == FILE_WAS_CREATED) { + + /* Pulled from mkdir_internal() */ + if (SMB_VFS_LSTAT(conn, fname, psbuf) == -1) { + DEBUG(2, ("Could not stat directory '%s' just " + "created: %s\n",fname, strerror(errno))); + return map_nt_error_from_unix(errno); + } + + if (!S_ISDIR(psbuf->st_mode)) { + DEBUG(0, ("Directory just '%s' created is not a " + "directory\n", fname)); + return NT_STATUS_ACCESS_DENIED; + } + + if (!posix_open) { + /* + * Check if high bits should have been set, then (if + * bits are missing): add them. Consider bits + * automagically set by UNIX, i.e. SGID bit from + * parent dir. + */ + if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && + (mode & ~psbuf->st_mode)) { + SMB_VFS_CHMOD(conn, fname, (psbuf->st_mode | + (mode & ~psbuf->st_mode))); + } + } + + /* Change the owner if required. */ + if (lp_inherit_owner(SNUM(conn))) { + change_dir_owner_to_parent(conn, parent_dir, fname, + psbuf); + } + + notify_fname(conn, NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_DIR_NAME, fname); + } + + /* Stat the fd for Samba bookkeeping. */ + if(SMB_VFS_FSTAT(fsp, psbuf) != 0) { + fd_close(fsp); + file_free(req, fsp); + return map_nt_error_from_unix(errno); + } + + /* Setup the files_struct for it. */ + fsp->mode = psbuf->st_mode; + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->vuid = req ? req->vuid : UID_FIELD_INVALID; + fsp->file_pid = req ? req->smbpid : 0; + fsp->can_lock = False; + fsp->can_read = False; + fsp->can_write = False; + + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; + fsp->print_file = False; + fsp->modified = False; + fsp->oplock_type = NO_OPLOCK; + fsp->sent_oplock_break = NO_BREAK_SENT; + fsp->is_directory = True; + fsp->posix_open = posix_open; + + string_set(&fsp->fsp_name,fname); + + mtimespec = get_mtimespec(psbuf); + + /* + * Still set the samba share mode lock for correct delete-on-close + * semantics and to make smbstatus more useful. + */ + lck = get_share_mode_lock(talloc_tos(), fsp->file_id, + conn->connectpath, + fname, &mtimespec); + + if (lck == NULL) { + DEBUG(0, ("onefs_open_directory: Could not get share mode " + "lock for %s\n", fname)); + fd_close(fsp); + file_free(req, fsp); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + TALLOC_FREE(lck); + fd_close(fsp); + file_free(req, fsp); + return NT_STATUS_DELETE_PENDING; + } + + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); + + /* + * For directories the delete on close bit at open time seems + * always to be honored on close... See test 19 in Samba4 BASE-DELETE. + */ + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, 0); + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) { + TALLOC_FREE(lck); + fd_close(fsp); + file_free(req, fsp); + return status; + } + + if (NT_STATUS_IS_OK(status)) { + /* Note that here we set the *inital* delete on close flag, + not the regular one. The magic gets handled in close. */ + fsp->initial_delete_on_close = True; + } + } + + TALLOC_FREE(lck); + + if (pinfo) { + *pinfo = info; + } + + *result = fsp; + return NT_STATUS_OK; +} + +/* + * If a main file is opened for delete, all streams need to be checked for + * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS. + * If that works, delete them all by setting the delete on close and close. + */ + +static NTSTATUS open_streams_for_delete(connection_struct *conn, + const char *fname) +{ + struct stream_struct *stream_info; + files_struct **streams; + int i; + unsigned int num_streams; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; + + status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) + || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + DEBUG(10, ("no streams around\n")); + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n", + nt_errstr(status))); + goto fail; + } + + DEBUG(10, ("open_streams_for_delete found %d streams\n", + num_streams)); + + if (num_streams == 0) { + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + + streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams); + if (streams == NULL) { + DEBUG(0, ("talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_streams; i++) { + char *streamname; + + if (strequal(stream_info[i].name, "::$DATA")) { + streams[i] = NULL; + continue; + } + + streamname = talloc_asprintf(talloc_tos(), "%s%s", fname, + stream_info[i].name); + + if (streamname == NULL) { + DEBUG(0, ("talloc_aprintf failed\n")); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + status = onefs_create_file_unixpath + (conn, /* conn */ + NULL, /* req */ + streamname, /* fname */ + DELETE_ACCESS, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE + | FILE_SHARE_DELETE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &streams[i], /* result */ + NULL, /* pinfo */ + NULL); /* psbuf */ + + TALLOC_FREE(streamname); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("Could not open stream %s: %s\n", + streamname, nt_errstr(status))); + break; + } + } + + /* + * don't touch the variable "status" beyond this point :-) + */ + + for (i -= 1 ; i >= 0; i--) { + if (streams[i] == NULL) { + continue; + } + + DEBUG(10, ("Closing stream # %d, %s\n", i, + streams[i]->fsp_name)); + close_file(NULL, streams[i], NORMAL_CLOSE); + } + + fail: + TALLOC_FREE(frame); + return status; +} + +/* + * Wrapper around onefs_open_file_ntcreate and onefs_open_directory. + */ +static NTSTATUS onefs_create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + SMB_STRUCT_STAT sbuf; + int info = FILE_WAS_OPENED; + files_struct *base_fsp = NULL; + files_struct *fsp = NULL; + NTSTATUS status; + + DEBUG(10,("onefs_create_file_unixpath: access_mask = 0x%x " + "file_attributes = 0x%x, share_access = 0x%x, " + "create_disposition = 0x%x create_options = 0x%x " + "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, " + "fname = %s\n", + (unsigned int)access_mask, + (unsigned int)file_attributes, + (unsigned int)share_access, + (unsigned int)create_disposition, + (unsigned int)create_options, + (unsigned int)oplock_request, + ea_list, sd, fname)); + + if (create_options & FILE_OPEN_BY_FILE_ID) { + status = NT_STATUS_NOT_SUPPORTED; + goto fail; + } + + if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + if (req == NULL) { + oplock_request |= INTERNAL_OPEN_ONLY; + } + + if (psbuf != NULL) { + sbuf = *psbuf; + } + else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && (access_mask & DELETE_ACCESS) + && !is_ntfs_stream_name(fname)) { + /* + * We can't open a file with DELETE access if any of the + * streams is open without FILE_SHARE_DELETE + */ + status = open_streams_for_delete(conn, fname); + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + } + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && is_ntfs_stream_name(fname) + && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) { + char *base; + uint32 base_create_disposition; + + if (create_options & FILE_DIRECTORY_FILE) { + status = NT_STATUS_NOT_A_DIRECTORY; + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), fname, + &base, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("onefs_create_file_unixpath: " + "split_ntfs_stream_name failed: %s\n", + nt_errstr(status))); + goto fail; + } + + SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */ + + switch (create_disposition) { + case FILE_OPEN: + base_create_disposition = FILE_OPEN; + break; + default: + base_create_disposition = FILE_OPEN_IF; + break; + } + + status = onefs_create_file_unixpath( + conn, /* conn */ + NULL, /* req */ + base, /* fname */ + 0, /* access_mask */ + (FILE_SHARE_READ | + FILE_SHARE_WRITE | + FILE_SHARE_DELETE), /* share_access */ + base_create_disposition, /* create_disposition*/ + 0, /* create_options */ + 0, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &base_fsp, /* result */ + NULL, /* pinfo */ + NULL); /* psbuf */ + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("onefs_create_file_unixpath for base %s " + "failed: %s\n", base, nt_errstr(status))); + goto fail; + } + /* + * we don't need to low level fd: This might conflict with + * OneFS streams. + */ + fd_close(base_fsp); + } + + /* Covert generic bits in the security descriptor. */ + if (sd != NULL) { + security_acl_map_generic(sd->dacl, &file_generic_mapping); + security_acl_map_generic(sd->sacl, &file_generic_mapping); + } + + /* + * If it's a request for a directory open, deal with it separately. + */ + + if (create_options & FILE_DIRECTORY_FILE) { + + if (create_options & FILE_NON_DIRECTORY_FILE) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + /* Can't open a temp directory. IFS kit test. */ + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + /* + * We will get a create directory here if the Win32 + * app specified a security descriptor in the + * CreateDirectory() call. + */ + + status = onefs_open_directory( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + sd, /* sd */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + } else { + + /* + * Ordinary file case. + */ + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + + /* + * We're opening the stream element of a base_fsp + * we already opened. Set up the base_fsp pointer. + */ + if (base_fsp) { + fsp->base_fsp = base_fsp; + } + + status = onefs_open_file_ntcreate( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + sd, /* sd */ + fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { + + /* A stream open never opens a directory */ + + if (base_fsp) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + + /* + * Fail the open if it was explicitly a non-directory + * file. + */ + + if (create_options & FILE_NON_DIRECTORY_FILE) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + + create_options |= FILE_DIRECTORY_FILE; + + status = onefs_open_directory( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + sd, /* sd */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + } + } + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fsp->base_fsp = base_fsp; + + SMB_ASSERT(fsp); + + if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) { + status = set_ea(conn, fsp, fname, ea_list); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + } + + if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) { + status = NT_STATUS_ACCESS_DENIED; + goto fail; + } + + /* Save the requested allocation size. */ + if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) { + if (allocation_size + && (allocation_size > sbuf.st_size)) { + fsp->initial_allocation_size = smb_roundup( + fsp->conn, allocation_size); + if (fsp->is_directory) { + /* Can't set allocation size on a directory. */ + status = NT_STATUS_ACCESS_DENIED; + goto fail; + } + if (vfs_allocate_file_space( + fsp, fsp->initial_allocation_size) == -1) { + status = NT_STATUS_DISK_FULL; + goto fail; + } + } else { + fsp->initial_allocation_size = smb_roundup( + fsp->conn, (uint64_t)sbuf.st_size); + } + } + + DEBUG(10, ("onefs_create_file_unixpath: info=%d\n", info)); + + *result = fsp; + if (pinfo != NULL) { + *pinfo = info; + } + if (psbuf != NULL) { + if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) { + *psbuf = sbuf; + } + else { + SMB_VFS_FSTAT(fsp, psbuf); + } + } + return NT_STATUS_OK; + + fail: + DEBUG(10, ("onefs_create_file_unixpath: %s\n", nt_errstr(status))); + + if (fsp != NULL) { + if (base_fsp && fsp->base_fsp == base_fsp) { + /* + * The close_file below will close + * fsp->base_fsp. + */ + base_fsp = NULL; + } + close_file(req, fsp, ERROR_CLOSE); + fsp = NULL; + } + if (base_fsp != NULL) { + close_file(req, base_fsp, ERROR_CLOSE); + base_fsp = NULL; + } + return status; +} + +/** + * SMB_VFS_CREATE_FILE interface to onefs. + */ +NTSTATUS onefs_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + connection_struct *conn = handle->conn; + struct case_semantics_state *case_state = NULL; + SMB_STRUCT_STAT sbuf; + int info = FILE_WAS_OPENED; + files_struct *fsp = NULL; + NTSTATUS status; + + DEBUG(10,("onefs_create_file: access_mask = 0x%x " + "file_attributes = 0x%x, share_access = 0x%x, " + "create_disposition = 0x%x create_options = 0x%x " + "oplock_request = 0x%x " + "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, " + "create_file_flags = 0x%x, fname = %s\n", + (unsigned int)access_mask, + (unsigned int)file_attributes, + (unsigned int)share_access, + (unsigned int)create_disposition, + (unsigned int)create_options, + (unsigned int)oplock_request, + (unsigned int)root_dir_fid, + ea_list, sd, create_file_flags, fname)); + + /* Get the file name if root_dir_fid was specified. */ + if (root_dir_fid != 0) { + char *new_fname; + + status = get_relative_fid_filename(conn, req, root_dir_fid, + fname, &new_fname); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fname = new_fname; + } + + /* Resolve the file name if this was a DFS pathname. */ + if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) { + char *resolved_fname; + + status = resolve_dfspath(talloc_tos(), conn, true, fname, + &resolved_fname); + + if (!NT_STATUS_IS_OK(status)) { + /* + * For PATH_NOT_COVERED we had + * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, + * ERRSRV, ERRbadpath); + * Need to fix in callers + */ + goto fail; + } + fname = resolved_fname; + } + + /* Check if POSIX semantics are wanted. */ + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + case_state = set_posix_case_semantics(talloc_tos(), conn); + } + + /* Convert dos path to unix path if it hasn't already been done. */ + if (create_file_flags & CFF_DOS_PATH) { + char *converted_fname; + + SET_STAT_INVALID(sbuf); + + status = unix_convert(talloc_tos(), conn, fname, False, + &converted_fname, NULL, &sbuf); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + fname = converted_fname; + } else { + if (psbuf != NULL) { + sbuf = *psbuf; + } else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + + } + + TALLOC_FREE(case_state); + + /* All file access must go through check_name() */ + status = check_name(conn, fname); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + status = onefs_create_file_unixpath( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + DEBUG(10, ("onefs_create_file: info=%d\n", info)); + + *result = fsp; + if (pinfo != NULL) { + *pinfo = info; + } + if (psbuf != NULL) { + *psbuf = sbuf; + } + return NT_STATUS_OK; + + fail: + DEBUG(10, ("onefs_create_file: %s\n", nt_errstr(status))); + + if (fsp != NULL) { + close_file(req, fsp, ERROR_CLOSE); + fsp = NULL; + } + return status; +} diff --git a/source3/modules/onefs_system.c b/source3/modules/onefs_system.c new file mode 100644 index 0000000000..485e7f56ac --- /dev/null +++ b/source3/modules/onefs_system.c @@ -0,0 +1,214 @@ +/* + * Unix SMB/CIFS implementation. + * Support for OneFS system interfaces. + * + * Copyright (C) Tim Prouty, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "onefs.h" + +#include <ifs/ifs_syscalls.h> +#include <isi_acl/isi_acl_util.h> + +/* + * Initialize the sm_lock struct before passing it to ifs_createfile. + */ +static void smlock_init(connection_struct *conn, struct sm_lock *sml, + bool isexe, uint32_t access_mask, uint32_t share_access, + uint32_t create_options) +{ + sml->sm_type.doc = false; + sml->sm_type.isexe = isexe; + sml->sm_type.statonly = is_stat_open(access_mask); + sml->sm_type.access_mask = access_mask; + sml->sm_type.share_access = share_access; + + /* + * private_options was previously used for DENY_DOS/DENY_FCB checks in + * the kernel, but are now properly handled by fcb_or_dos_open. In + * these cases, ifs_createfile will return a sharing violation, which + * gives fcb_or_dos_open the chance to open a duplicate file handle. + */ + sml->sm_type.private_options = 0; + + /* 1 second delay is handled in onefs_open.c by deferring the open */ + sml->sm_timeout = timeval_set(0, 0); +} + +static void smlock_dump(int debuglevel, const struct sm_lock *sml) +{ + if (sml == NULL) { + DEBUG(debuglevel, ("sml == NULL\n")); + return; + } + + DEBUG(debuglevel, + ("smlock: doc=%s, isexec=%s, statonly=%s, access_mask=0x%x, " + "share_access=0x%x, private_options=0x%x timeout=%d/%d\n", + sml->sm_type.doc ? "True" : "False", + sml->sm_type.isexe ? "True" : "False", + sml->sm_type.statonly ? "True" : "False", + sml->sm_type.access_mask, + sml->sm_type.share_access, + sml->sm_type.private_options, + (int)sml->sm_timeout.tv_sec, + (int)sml->sm_timeout.tv_usec)); +} + +/* + * Return string value of onefs oplock types. + */ +static const char *onefs_oplock_str(enum oplock_type onefs_oplock_type) +{ + switch (onefs_oplock_type) { + case OPLOCK_NONE: + return "OPLOCK_NONE"; + case OPLOCK_EXCLUSIVE: + return "OPLOCK_EXCLUSIVE"; + case OPLOCK_BATCH: + return "OPLOCK_BATCH"; + case OPLOCK_SHARED: + return "OPLOCK_SHARED"; + default: + break; + } + return "UNKNOWN"; +} + +/* + * Convert from onefs to samba oplock. + */ +static int onefs_to_samba_oplock(enum oplock_type onefs_oplock) +{ + switch (onefs_oplock) { + case OPLOCK_NONE: + return NO_OPLOCK; + case OPLOCK_EXCLUSIVE: + return EXCLUSIVE_OPLOCK; + case OPLOCK_BATCH: + return BATCH_OPLOCK; + case OPLOCK_SHARED: + return LEVEL_II_OPLOCK; + default: + DEBUG(0, ("unknown oplock type %d found\n", onefs_oplock)); + break; + } + return NO_OPLOCK; +} + +/* + * Convert from samba to onefs oplock. + */ +static enum oplock_type samba_to_onefs_oplock(int samba_oplock_type) +{ + if (BATCH_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_BATCH; + if (EXCLUSIVE_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_EXCLUSIVE; + if (LEVEL_II_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_SHARED; + return OPLOCK_NONE; +} + +/** + * External interface to ifs_createfile + */ +int onefs_sys_create_file(connection_struct *conn, + int base_fd, + const char *path, + uint32_t access_mask, + uint32_t open_access_mask, + uint32_t share_access, + uint32_t create_options, + int flags, + mode_t mode, + int oplock_request, + uint64_t id, + struct security_descriptor *sd, + uint32_t dos_flags, + int *granted_oplock) +{ + struct sm_lock sml, *psml = NULL; + enum oplock_type onefs_oplock; + enum oplock_type onefs_granted_oplock = OPLOCK_NONE; + struct ifs_security_descriptor ifs_sd = {}, *pifs_sd = NULL; + int secinfo = 0; + int ret_fd = -1; + uint32_t onefs_dos_attributes; + + /* Setup security descriptor and get secinfo. */ + if (sd != NULL) { + NTSTATUS status; + + secinfo = (get_sec_info(sd) & IFS_SEC_INFO_KNOWN_MASK); + + status = onefs_setup_sd(secinfo, sd, &ifs_sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("SD initialization failure: %s", + nt_errstr(status))); + errno = EINVAL; + goto out; + } + + pifs_sd = &ifs_sd; + } + + onefs_oplock = samba_to_onefs_oplock(oplock_request); + + /* Temporary until oplock work is added to vfs_onefs */ + onefs_oplock = OPLOCK_NONE; + + /* Convert samba dos flags to UF_DOS_* attributes. */ + onefs_dos_attributes = dos_attributes_to_stat_dos_flags(dos_flags); + + DEBUG(10,("onefs_sys_create_file: base_fd = %d, " + "open_access_mask = 0x%x, flags = 0x%x, mode = 0x%x, " + "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, " + "dos_attributes = 0x%x, path = %s\n", base_fd, + (unsigned int)open_access_mask, + (unsigned int)flags, + (unsigned int)mode, + onefs_oplock_str(onefs_oplock), + (unsigned int)id, + (unsigned int)secinfo, sd, + (unsigned int)onefs_dos_attributes, path)); + + /* Initialize smlock struct for files/dirs but not internal opens */ + if (!(oplock_request & INTERNAL_OPEN_ONLY)) { + smlock_init(conn, &sml, is_executable(path), access_mask, + share_access, create_options); + psml = &sml; + } + + smlock_dump(10, psml); + + ret_fd = ifs_createfile(base_fd, path, + (enum ifs_ace_rights)open_access_mask, flags & ~O_ACCMODE, mode, + onefs_oplock, id, psml, secinfo, pifs_sd, onefs_dos_attributes, + &onefs_granted_oplock); + + DEBUG(10,("onefs_sys_create_file(%s): ret_fd = %d, " + "onefs_granted_oplock = %s\n", + ret_fd < 0 ? strerror(errno) : "success", ret_fd, + onefs_oplock_str(onefs_granted_oplock))); + + if (granted_oplock) { + *granted_oplock = onefs_to_samba_oplock(onefs_granted_oplock); + } + + out: + aclu_free_sd(pifs_sd, false); + + return ret_fd; +} diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index d972828ba9..8fa8f6ae06 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -208,6 +208,32 @@ static int vfswrap_open(vfs_handle_struct *handle, const char *fname, return result; } +static NTSTATUS vfswrap_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + return create_file_default(handle->conn, req, root_dir_fid, fname, + create_file_flags, access_mask, share_access, + create_disposition, create_options, + file_attributes, oplock_request, + allocation_size, sd, ea_list, result, pinfo, + psbuf); +} + static int vfswrap_close(vfs_handle_struct *handle, files_struct *fsp) { int result; @@ -1012,6 +1038,16 @@ static NTSTATUS vfswrap_streaminfo(vfs_handle_struct *handle, return NT_STATUS_OK; } +static int vfswrap_get_real_filename(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + return get_real_filename(handle->conn, path, name, mem_ctx, + found_name); +} + static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) @@ -1359,6 +1395,8 @@ static vfs_op_tuple vfs_default_ops[] = { {SMB_VFS_OP(vfswrap_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(vfswrap_create_file), SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_read), SMB_VFS_OP_READ, @@ -1431,6 +1469,8 @@ static vfs_op_tuple vfs_default_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(vfswrap_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME, + SMB_VFS_LAYER_OPAQUE}, /* NT ACL operations. */ diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 6342c4a14e..7970bf2644 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -109,6 +109,23 @@ static int smb_full_audit_closedir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp); static int smb_full_audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode); +static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp); static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp, void *data, size_t n); @@ -353,6 +370,8 @@ static vfs_op_tuple audit_op_tuples[] = { {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ, @@ -1087,6 +1106,51 @@ static int smb_full_audit_open(vfs_handle_struct *handle, return result; } +static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result_fsp, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_CREATE_FILE( + handle, /* handle */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + create_file_flags, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + result_fsp, /* result */ + pinfo, /* pinfo */ + psbuf); /* psbuf */ + + do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s", + access_mask, fname); + + return result; +} + static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp) { int result; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index fa0b4e97a5..1d7cdba014 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1,26 +1,24 @@ /* Unix SMB/CIFS implementation. Wrap gpfs calls in vfs functions. - + Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006 - + Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com> and Gomati Mohanan <gomati.mohanan@in.ibm.com> - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. - - */ #include "includes.h" @@ -55,14 +53,14 @@ static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp, int leasetype) { int ret; - + START_PROFILE(syscall_linux_setlease); - + if ( linux_set_lease_sighandler(fsp->fh->fd) == -1) return -1; ret = set_gpfs_lease(fsp->fh->fd,leasetype); - + if ( ret < 0 ) { /* This must have come from GPFS not being available */ /* or some other error, hence call the default */ @@ -74,7 +72,64 @@ static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp, return ret; } +static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + int result; + char *full_path; + char real_pathname[PATH_MAX+1]; + int buflen; + + full_path = talloc_asprintf(talloc_tos(), "%s/%s", path, name); + if (full_path == NULL) { + errno = ENOMEM; + return -1; + } + + buflen = sizeof(real_pathname) - 1; + + result = smbd_gpfs_get_realfilename_path(full_path, real_pathname, + &buflen); + + TALLOC_FREE(full_path); + + if (result == -1) { + DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n", + strerror(errno))); + return -1; + } + + /* + * GPFS does not necessarily null-terminate the returned path + * but instead returns the buffer length in buflen. + */ + + if (buflen < sizeof(real_pathname)) { + real_pathname[buflen] = '\0'; + } else { + real_pathname[sizeof(real_pathname)-1] = '\0'; + } + + DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n", + path, name, real_pathname)); + + name = strrchr_m(real_pathname, '/'); + if (name == NULL) { + errno = ENOENT; + return -1; + } + + *found_name = talloc_strdup(mem_ctx, name+1); + if (*found_name == NULL) { + errno = ENOMEM; + return -1; + } + return 0; +} static void gpfs_dumpacl(int level, struct gpfs_acl *gacl) { @@ -301,13 +356,13 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) gace->aceType = aceprop->aceType; gace->aceFlags = aceprop->aceFlags; gace->aceMask = aceprop->aceMask; - + /* * GPFS can't distinguish between WRITE and APPEND on * files, so one being set without the other is an * error. Sorry for the many ()'s :-) */ - + if (!fsp->is_directory && ((((gace->aceMask & ACE4_MASK_WRITE) == 0) @@ -323,9 +378,9 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) fsp->fsp_name)); gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND; } - + gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0; - + if (aceprop->flags&SMB_ACE4_ID_SPECIAL) { switch(aceprop->who.special_id) @@ -478,7 +533,7 @@ static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type) errno = EINVAL; goto done; } - + DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n", pacl->acl_len, pacl->acl_level, pacl->acl_version, pacl->acl_nace)); @@ -497,7 +552,6 @@ static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type) } SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle, - const char *path_p, SMB_ACL_TYPE_T type) { @@ -557,7 +611,7 @@ static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl, for (i=0; i<pacl->count; i++) { const struct smb_acl_entry *ace = &pacl->acl[i]; struct gpfs_ace_v1 *g_ace = &result->ace_v1[i]; - + DEBUG(10, ("Converting type %d perm %x\n", (int)ace->a_type, (int)ace->a_perm)); @@ -612,7 +666,6 @@ static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl, } int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle, - const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T theacl) @@ -639,7 +692,6 @@ int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle, } int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle, - const char *path) { errno = ENOTSUP; @@ -661,11 +713,11 @@ static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx) uint32_t posix_mask = 0x01; uint32_t posix_bit; uint32_t nfs4_bits; - + for(i=0; i<3; i++) { nfs4_bits = posix_nfs4map[i]; posix_bit = rwx & posix_mask; - + if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) { if (posix_bit) aceMask |= nfs4_bits; @@ -678,10 +730,10 @@ static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx) else aceMask &= ~nfs4_bits; } /* other ace types are unexpected */ - + posix_mask <<= 1; } - + return aceMask; } @@ -693,30 +745,30 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) int i; files_struct fake_fsp; /* TODO: rationalize parametrization */ SMB4ACE_T *smbace; - + DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode)); - + result = gpfs_get_nfs4_acl(path, &pacl); if (result) return result; - + if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) { DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path)); } - + for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) { SMB_ACE4PROP_T *ace = smb_get_ace4(smbace); uint32_t specid = ace->who.special_id; - + if (ace->flags&SMB_ACE4_ID_SPECIAL && ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE && specid <= SMB_ACE4_WHO_EVERYONE) { - + uint32_t newMask; - + if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) haveAllowEntry[specid] = True; - + /* mode >> 6 for @owner, mode >> 3 for @group, * mode >> 0 for @everyone */ newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask, @@ -735,35 +787,35 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) */ for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) { SMB_ACE4PROP_T ace; - + if (haveAllowEntry[i]==True) continue; - + ZERO_STRUCT(ace); ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; ace.flags |= SMB_ACE4_ID_SPECIAL; ace.who.special_id = i; - + if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */ ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; - + ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask, mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3)); - + /* don't add unnecessary aces */ if (!ace.aceMask) continue; - + /* we add it to the END - as windows expects allow aces */ smb_add_ace4(pacl, &ace); DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n", path, mode, i, ace.aceMask)); } - + /* don't add complementary DENY ACEs here */ ZERO_STRUCT(fake_fsp); fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */ - + /* put the acl */ if (gpfsacl_process_smbacl(&fake_fsp, pacl) == False) return -1; @@ -774,11 +826,11 @@ static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mo { SMB_STRUCT_STAT st; int rc; - + if (SMB_VFS_NEXT_STAT(handle, path, &st) != 0) { return -1; } - + /* avoid chmod() if possible, to preserve acls */ if ((st.st_mode & ~S_IFMT) == mode) { return 0; @@ -794,7 +846,7 @@ static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t { SMB_STRUCT_STAT st; int rc; - + if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) { return -1; } @@ -813,51 +865,55 @@ static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t /* VFS operations structure */ static vfs_op_tuple gpfs_op_tuples[] = { - + { SMB_VFS_OP(vfs_gpfs_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK, SMB_VFS_LAYER_OPAQUE }, - + { SMB_VFS_OP(vfs_gpfs_setlease), SMB_VFS_OP_LINUX_SETLEASE, SMB_VFS_LAYER_OPAQUE }, - + + { SMB_VFS_OP(vfs_gpfs_get_real_filename), + SMB_VFS_OP_GET_REAL_FILENAME, + SMB_VFS_LAYER_OPAQUE }, + { SMB_VFS_OP(gpfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(vfs_gpfs_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(vfs_gpfs_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_TRANSPARENT }, @@ -871,7 +927,7 @@ NTSTATUS vfs_gpfs_init(void); NTSTATUS vfs_gpfs_init(void) { init_gpfs(); - + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs", gpfs_op_tuples); } diff --git a/source3/modules/vfs_onefs.c b/source3/modules/vfs_onefs.c index 193a986cf6..b51858fbae 100644 --- a/source3/modules/vfs_onefs.c +++ b/source3/modules/vfs_onefs.c @@ -1,4 +1,5 @@ /* + * Unix SMB/CIFS implementation. * Support for OneFS * * Copyright (C) Tim Prouty, 2008 @@ -18,20 +19,32 @@ */ #include "includes.h" +#include "onefs.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS -NTSTATUS onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info, SEC_DESC **ppdesc); - -NTSTATUS onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, - uint32 security_info, SEC_DESC **ppdesc); +static int onefs_mkdir(vfs_handle_struct *handle, const char *path, + mode_t mode) +{ + DEBUG(0, ("SMB_VFS_MKDIR should never be called in vfs_onefs")); + return SMB_VFS_NEXT_MKDIR(handle, path, mode); +} -NTSTATUS onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd); +static int onefs_open(vfs_handle_struct *handle, const char *fname, + files_struct *fsp, int flags, mode_t mode) +{ + DEBUG(0, ("SMB_VFS_OPEN should never be called in vfs_onefs")); + return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); +} static vfs_op_tuple onefs_ops[] = { + {SMB_VFS_OP(onefs_mkdir), SMB_VFS_OP_MKDIR, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(onefs_open), SMB_VFS_OP_OPEN, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(onefs_create_file), SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(onefs_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(onefs_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, diff --git a/source3/modules/vfs_prealloc.c b/source3/modules/vfs_prealloc.c index 2a06e3d81b..5a339dbf8d 100644 --- a/source3/modules/vfs_prealloc.c +++ b/source3/modules/vfs_prealloc.c @@ -56,9 +56,9 @@ static int module_debug; static int preallocate_space(int fd, SMB_OFF_T size) { + int err; #ifndef HAVE_GPFS lock_type fl = {0}; - int err; if (size <= 0) { return 0; diff --git a/source3/nsswitch/libwbclient/wbc_guid.c b/source3/nsswitch/libwbclient/wbc_guid.c index 0cb33e9868..c343e24351 100644 --- a/source3/nsswitch/libwbclient/wbc_guid.c +++ b/source3/nsswitch/libwbclient/wbc_guid.c @@ -24,14 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a binary GUID to a character string - * - * @param guid Binary Guid - * @param **guid_string Resulting character string - * - * @return #wbcErr - **/ - +/* Convert a binary GUID to a character string */ wbcErr wbcGuidToString(const struct wbcGuid *guid, char **guid_string) { @@ -59,14 +52,7 @@ done: return wbc_status; } -/** @brief Convert a character string to a binary GUID - * - * @param *str Character string - * @param guid Resulting binary GUID - * - * @return #wbcErr - **/ - +/* @brief Convert a character string to a binary GUID */ wbcErr wbcStringToGuid(const char *str, struct wbcGuid *guid) { diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 81b369c87c..5b2ab875f6 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -24,15 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a Windows SID to a Unix uid, allocating an uid if needed - * - * @param *sid Pointer to the domain SID to be resolved - * @param *puid Pointer to the resolved uid_t value - * - * @return #wbcErr - * - **/ - +/* Convert a Windows SID to a Unix uid, allocating an uid if needed */ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) { struct winbindd_request request; @@ -71,30 +63,14 @@ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) return wbc_status; } -/** @brief Convert a Windows SID to a Unix uid if there already is a mapping - * - * @param *sid Pointer to the domain SID to be resolved - * @param *puid Pointer to the resolved uid_t value - * - * @return #wbcErr - * - **/ - +/* Convert a Windows SID to a Unix uid if there already is a mapping */ wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, uid_t *puid) { return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Convert a Unix uid to a Windows SID, allocating a SID if needed - * - * @param uid Unix uid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix uid to a Windows SID, allocating a SID if needed */ wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -127,15 +103,7 @@ done: return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID if there already is a mapping - * - * @param uid Unix uid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix uid to a Windows SID if there already is a mapping */ wbcErr wbcQueryUidToSid(uid_t uid, struct wbcDomainSid *sid) { @@ -189,14 +157,7 @@ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) return wbc_status; } -/** @brief Convert a Windows SID to a Unix gid if there already is a mapping - * - * @param *sid Pointer to the domain SID to be resolved - * @param *pgid Pointer to the resolved gid_t value - * - * @return #wbcErr - * - **/ +/* Convert a Windows SID to a Unix gid if there already is a mapping */ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, gid_t *pgid) @@ -204,15 +165,7 @@ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Convert a Unix gid to a Windows SID, allocating a SID if needed - * - * @param gid Unix gid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix gid to a Windows SID, allocating a SID if needed */ wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid) { struct winbindd_request request; @@ -245,28 +198,14 @@ done: return wbc_status; } -/** @brief Convert a Unix gid to a Windows SID if there already is a mapping - * - * @param gid Unix gid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix gid to a Windows SID if there already is a mapping */ wbcErr wbcQueryGidToSid(gid_t gid, struct wbcDomainSid *sid) { return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Obtain a new uid from Winbind - * - * @param *puid *pointer to the allocated uid - * - * @return #wbcErr - **/ - +/* Obtain a new uid from Winbind */ wbcErr wbcAllocateUid(uid_t *puid) { struct winbindd_request request; @@ -296,13 +235,7 @@ wbcErr wbcAllocateUid(uid_t *puid) return wbc_status; } -/** @brief Obtain a new gid from Winbind - * - * @param *pgid Pointer to the allocated gid - * - * @return #wbcErr - **/ - +/* Obtain a new gid from Winbind */ wbcErr wbcAllocateGid(gid_t *pgid) { struct winbindd_request request; @@ -336,13 +269,7 @@ wbcErr wbcAllocateGid(gid_t *pgid) #define _ID_TYPE_UID 1 #define _ID_TYPE_GID 2 -/** @brief Set an user id mapping - * - * @param uid Uid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. - * - * @return #wbcErr - **/ +/* Set an user id mapping */ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -379,13 +306,7 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Set a group id mapping - * - * @param gid Gid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. - * - * @return #wbcErr - **/ +/* Set a group id mapping */ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -422,13 +343,7 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Remove a user id mapping - * - * @param uid Uid of the mapping to remove. - * @param *sid Pointer to the sid of the mapping to remove. - * - * @return #wbcErr - **/ +/* Remove a user id mapping */ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -465,13 +380,7 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Remove a group id mapping - * - * @param gid Gid of the mapping to remove. - * @param *sid Pointer to the sid of the mapping to remove. - * - * @return #wbcErr - **/ +/* Remove a group id mapping */ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -508,12 +417,7 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Set the highwater mark for allocated uids. - * - * @param uid_hwm The new uid highwater mark value - * - * @return #wbcErr - **/ +/* Set the highwater mark for allocated uids. */ wbcErr wbcSetUidHwm(uid_t uid_hwm) { struct winbindd_request request; @@ -538,12 +442,7 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) return wbc_status; } -/** @brief Set the highwater mark for allocated gids. - * - * @param gid_hwm The new gid highwater mark value - * - * @return #wbcErr - **/ +/* Set the highwater mark for allocated gids. */ wbcErr wbcSetGidHwm(gid_t gid_hwm) { struct winbindd_request request; diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 401d2ad2c3..92c6643631 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -24,14 +24,7 @@ #include "libwbclient.h" -/** @brief Authenticate a username/password pair - * - * @param username Name of user to authenticate - * @param password Clear text password os user - * - * @return #wbcErr - **/ - +/* Authenticate a username/password pair */ wbcErr wbcAuthenticateUser(const char *username, const char *password) { @@ -305,16 +298,7 @@ done: return wbc_status; } -/** @brief Authenticate with more detailed information - * - * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH - * is not supported yet - * @param info Output details on WBC_ERR_SUCCESS - * @param error Output details on WBC_ERR_AUTH_ERROR - * - * @return #wbcErr - **/ - +/* Authenticate with more detailed information */ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error) @@ -496,16 +480,7 @@ done: return wbc_status; } -/** @brief Trigger a verification of the trust credentials of a specific domain - * - * @param *domain The name of the domain, only NULL for the default domain is - * supported yet. Other values than NULL will result in - * WBC_ERR_NOT_IMPLEMENTED. - * @param error Output details on WBC_ERR_AUTH_ERROR - * - * @return #wbcErr - * - **/ +/* Trigger a verification of the trust credentials of a specific domain */ wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error) { @@ -547,15 +522,7 @@ wbcErr wbcCheckTrustCredentials(const char *domain, return wbc_status; } -/** @brief Trigger an extended logoff notification to Winbind for a specific user - * - * @param params A wbcLogoffUserParams structure - * @param error User output details on error - * - * @return #wbcErr - * - **/ - +/* Trigger an extended logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error) { @@ -642,18 +609,7 @@ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, return wbc_status; } -/** @brief Trigger a logoff notification to Winbind for a specific user - * - * @param username Name of user to remove from Winbind's list of - * logged on users. - * @param uid Uid assigned to the username - * @param ccfilename Absolute path to the Krb5 credentials cache to - * be removed - * - * @return #wbcErr - * - **/ - +/* Trigger a logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename) @@ -693,16 +649,7 @@ wbcErr wbcLogoffUser(const char *username, return wbc_status; } -/** @brief Change a password for a user with more detailed information upon - * failure - * @param params Input parameters - * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED - * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED - * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED - * - * @return #wbcErr - **/ - +/* Change a password for a user with more detailed information upon failure */ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, struct wbcAuthErrorInfo **error, enum wbcPasswordChangeRejectReason *reject_reason, @@ -907,15 +854,7 @@ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, return wbc_status; } -/** @brief Change a password for a user - * - * @param username Name of user to authenticate - * @param old_password Old clear text password of user - * @param new_password New clear text password of user - * - * @return #wbcErr - **/ - +/* Change a password for a user */ wbcErr wbcChangeUserPassword(const char *username, const char *old_password, const char *new_password) @@ -940,17 +879,7 @@ done: return wbc_status; } -/** @brief Logon a User - * - * @param[in] params Pointer to a wbcLogonUserParams structure - * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure - * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure - * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure - * - * @return #wbcErr - * - **/ - +/* Logon a User */ wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, struct wbcLogonUserInfo **info, struct wbcAuthErrorInfo **error, @@ -1096,14 +1025,7 @@ done: return wbc_status; } -/** @brief Authenticate a user with cached credentials - * - * @param *params Pointer to a wbcCredentialCacheParams structure - * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure - * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure - * - * @return #wbcErr - **/ +/* Authenticate a user with cached credentials */ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, struct wbcCredentialCacheInfo **info, struct wbcAuthErrorInfo **error) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index d54a5af4fc..cd945996c8 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -126,15 +126,7 @@ done: return grp; } -/** @brief Fill in a struct passwd* for a domain user based - * on username - * - * @param *name Username to lookup - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -167,15 +159,7 @@ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on uid - * - * @param uid Uid to lookup - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on uid */ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -206,15 +190,7 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on username - * - * @param *name Username to lookup - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetgrnam(const char *name, struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -251,15 +227,7 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on uid - * - * @param gid Uid to lookup - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on uid */ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -309,11 +277,7 @@ static uint32_t pw_cache_idx; */ static struct winbindd_response pw_response; -/** @brief Reset the passwd iterator - * - * @return #wbcErr - **/ - +/* Reset the passwd iterator */ wbcErr wbcSetpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -335,11 +299,7 @@ wbcErr wbcSetpwent(void) return wbc_status; } -/** @brief Close the passwd iterator - * - * @return #wbcErr - **/ - +/* Close the passwd iterator */ wbcErr wbcEndpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -359,13 +319,7 @@ wbcErr wbcEndpwent(void) return wbc_status; } -/** @brief Return the next struct passwd* entry from the pwent iterator - * - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct passwd* entry from the pwent iterator */ wbcErr wbcGetpwent(struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -425,11 +379,7 @@ static uint32_t gr_cache_idx; */ static struct winbindd_response gr_response; -/** @brief Reset the group iterator - * - * @return #wbcErr - **/ - +/* Reset the group iterator */ wbcErr wbcSetgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -451,11 +401,7 @@ wbcErr wbcSetgrent(void) return wbc_status; } -/** @brief Close the group iterator - * - * @return #wbcErr - **/ - +/* Close the group iterator */ wbcErr wbcEndgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -475,13 +421,7 @@ wbcErr wbcEndgrent(void) return wbc_status; } -/** @brief Return the next struct group* entry from the pwent iterator - * - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct group* entry from the pwent iterator */ wbcErr wbcGetgrent(struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -531,15 +471,7 @@ done: return wbc_status; } -/** @brief Return the next struct group* entry from the pwent iterator - * - * This is similar to #wbcGetgrent, just that the member list is empty - * - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct group* entry from the pwent iterator */ wbcErr wbcGetgrlist(struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -584,14 +516,7 @@ done: return wbc_status; } -/** @brief Return the unix group array belonging to the given user - * - * @param *account The given user name - * @param *num_groups Number of elements returned in the groups array - * @param **_groups Pointer to resulting gid_t array. - * - * @return #wbcErr - **/ +/* Return the unix group array belonging to the given user */ wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups) diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index ac929b1dd5..e2157b9609 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -25,14 +25,7 @@ #include "libwbclient.h" -/** @brief Convert a binary SID to a character string - * - * @param sid Binary Security Identifier - * @param **sid_string Resulting character string - * - * @return #wbcErr - **/ - +/* Convert a binary SID to a character string */ wbcErr wbcSidToString(const struct wbcDomainSid *sid, char **sid_string) { @@ -40,22 +33,18 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, uint32_t id_auth; int i; char *tmp = NULL; - TALLOC_CTX *ctx = NULL; if (!sid) { wbc_status = WBC_ERR_INVALID_SID; BAIL_ON_WBC_ERROR(wbc_status); } - ctx = talloc_init("wbcSidToString"); - BAIL_ON_PTR_ERROR(ctx, wbc_status); - id_auth = sid->id_auth[5] + (sid->id_auth[4] << 8) + (sid->id_auth[3] << 16) + (sid->id_auth[2] << 24); - tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth); + tmp = talloc_asprintf(NULL, "S-%d-%d", sid->sid_rev_num, id_auth); BAIL_ON_PTR_ERROR(tmp, wbc_status); for (i=0; i<sid->num_auths; i++) { @@ -66,25 +55,18 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, tmp = tmp2; } - *sid_string=talloc_strdup(NULL, tmp); - BAIL_ON_PTR_ERROR((*sid_string), wbc_status); + *sid_string = tmp; + tmp = NULL; wbc_status = WBC_ERR_SUCCESS; done: - talloc_free(ctx); + talloc_free(tmp); return wbc_status; } -/** @brief Convert a character string to a binary SID - * - * @param *str Character string in the form of S-... - * @param sid Resulting binary SID - * - * @return #wbcErr - **/ - +/* Convert a character string to a binary SID */ wbcErr wbcStringToSid(const char *str, struct wbcDomainSid *sid) { @@ -167,17 +149,7 @@ done: } -/** @brief Convert a domain and name to SID - * - * @param domain Domain name (possibly "") - * @param name User or group name - * @param *sid Pointer to the resolved domain SID - * @param *name_type Pointer to the SID type - * - * @return #wbcErr - * - **/ - +/* Convert a domain and name to SID */ wbcErr wbcLookupName(const char *domain, const char *name, struct wbcDomainSid *sid, @@ -220,17 +192,7 @@ wbcErr wbcLookupName(const char *domain, return wbc_status; } -/** @brief Convert a SID to a domain and name - * - * @param *sid Pointer to the domain SID to be resolved - * @param pdomain Resolved Domain name (possibly "") - * @param pname Resolved User or group name - * @param *pname_type Pointer to the resolved SID type - * - * @return #wbcErr - * - **/ - +/* Convert a SID to a domain and name */ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, char **pdomain, char **pname, @@ -314,9 +276,7 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, return wbc_status; } -/** @brief Translate a collection of RIDs within a domain to names - * - **/ +/* Translate a collection of RIDs within a domain to names */ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, @@ -452,10 +412,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, return wbc_status; } -/** @brief Get the groups a user belongs to - * - **/ - +/* Get the groups a user belongs to */ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, bool domain_groups_only, uint32_t *num_sids, @@ -534,10 +491,7 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, return wbc_status; } -/** @brief Lists Users - * - **/ - +/* Lists Users */ wbcErr wbcListUsers(const char *domain_name, uint32_t *_num_users, const char ***_users) @@ -605,10 +559,7 @@ wbcErr wbcListUsers(const char *domain_name, return wbc_status; } -/** @brief Lists Groups - * - **/ - +/* Lists Groups */ wbcErr wbcListGroups(const char *domain_name, uint32_t *_num_groups, const char ***_groups) diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index b4868748ae..7cfb64b87e 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -119,16 +119,7 @@ done: } -/** @brief Lookup the current status of a trusted domain - * - * @param domain Domain to query - * @param *dinfo Pointer to returned domain_info struct - * - * @return #wbcErr - * - **/ - - +/* Lookup the current status of a trusted domain */ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) { struct winbindd_request request; @@ -189,14 +180,7 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) } -/** @brief Resolve a NetbiosName via WINS - * - * @param name Name to resolve - * @param *ip Pointer to the ip address string - * - * @return #wbcErr - * - **/ +/* Resolve a NetbiosName via WINS */ wbcErr wbcResolveWinsByName(const char *name, char **ip) { struct winbindd_request request; @@ -229,14 +213,7 @@ wbcErr wbcResolveWinsByName(const char *name, char **ip) return wbc_status; } -/** @brief Resolve an IP address via WINS into a NetbiosName - * - * @param ip The ip address string - * @param *name Pointer to the name - * - * @return #wbcErr - * - **/ +/* Resolve an IP address via WINS into a NetbiosName */ wbcErr wbcResolveWinsByIP(const char *ip, char **name) { struct winbindd_request request; @@ -401,14 +378,7 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx, return wbc_status; } -/** @brief Enumerate the domain trusts known by Winbind - * - * @param **domains Pointer to the allocated domain list array - * @param *num_domains Pointer to number of domains returned - * - * @return #wbcErr - * - **/ +/* Enumerate the domain trusts known by Winbind */ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) { struct winbindd_response response; @@ -493,18 +463,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) return wbc_status; } -/** @brief Enumerate the domain trusts known by Winbind - * - * @param domain Name of the domain to query for a DC - * @param flags Bit flags used to control the domain location query - * @param *dc_info Pointer to the returned domain controller information - * - * @return #wbcErr - * - **/ - - - +/* Enumerate the domain trusts known by Winbind */ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcDomainControllerInfo **dc_info) @@ -617,18 +576,7 @@ done: return wbc_status; } -/** @brief Get extended domain controller information - * - * @param domain Name of the domain to query for a DC - * @param guid Guid of the domain to query for a DC - * @param site Site of the domain to query for a DC - * @param flags Bit flags used to control the domain location query - * @param *dc_info Pointer to the returned extended domain controller information - * - * @return #wbcErr - * - **/ - +/* Get extended domain controller information */ wbcErr wbcLookupDomainControllerEx(const char *domain, struct wbcGuid *guid, const char *site, @@ -690,19 +638,7 @@ done: return wbc_status; } -/** @brief Initialize a named blob and add to list of blobs - * - * @param[in,out] num_blobs Pointer to the number of blobs - * @param[in,out] blobs Pointer to an array of blobs - * @param[in] name Name of the new named blob - * @param[in] flags Flags of the new named blob - * @param[in] data Blob data of new blob - * @param[in] length Blob data length of new blob - * - * @return #wbcErr - * - **/ - +/* Initialize a named blob and add to list of blobs */ wbcErr wbcAddNamedBlob(size_t *num_blobs, struct wbcNamedBlob **blobs, const char *name, diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index c0b7e0675a..3a9afad15d 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -123,13 +123,7 @@ const char *wbcErrorString(wbcErr error) return "unknown wbcErr value"; } -/** @brief Free library allocated memory - * - * @param *p Pointer to free - * - * @return void - **/ - +/* Free library allocated memory */ void wbcFreeMemory(void *p) { if (p) diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index cb31360407..fcad3ff69b 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -486,10 +486,17 @@ struct wbcDomainControllerInfoEx { const char *client_site_name; }; -/* +/********************************************************** * Memory Management - */ + **********************************************************/ +/** + * @brief Free library allocated memory + * + * @param *p Pointer to free + * + * @return void + **/ void wbcFreeMemory(void*); @@ -497,9 +504,25 @@ void wbcFreeMemory(void*); * Utility functions for dealing with SIDs */ +/** + * @brief Convert a binary SID to a character string + * + * @param sid Binary Security Identifier + * @param **sid_string Resulting character string + * + * @return #wbcErr + **/ wbcErr wbcSidToString(const struct wbcDomainSid *sid, char **sid_string); +/** + * @brief Convert a character string to a binary SID + * + * @param *str Character string in the form of S-... + * @param sid Resulting binary SID + * + * @return #wbcErr + **/ wbcErr wbcStringToSid(const char *sid_string, struct wbcDomainSid *sid); @@ -507,32 +530,76 @@ wbcErr wbcStringToSid(const char *sid_string, * Utility functions for dealing with GUIDs */ +/** + * @brief Convert a binary GUID to a character string + * + * @param guid Binary Guid + * @param **guid_string Resulting character string + * + * @return #wbcErr + **/ wbcErr wbcGuidToString(const struct wbcGuid *guid, char **guid_string); +/** + * @brief Convert a character string to a binary GUID + * + * @param *str Character string + * @param guid Resulting binary GUID + * + * @return #wbcErr + **/ wbcErr wbcStringToGuid(const char *guid_string, struct wbcGuid *guid); +/** + * @brief Ping winbindd to see if the daemon is running + * + * @return #wbcErr + **/ wbcErr wbcPing(void); wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); -/* +/********************************************************** * Name/SID conversion - */ + **********************************************************/ +/** + * @brief Convert a domain and name to SID + * + * @param domain Domain name (possibly "") + * @param name User or group name + * @param *sid Pointer to the resolved domain SID + * @param *name_type Pointer to the SID type + * + * @return #wbcErr + **/ wbcErr wbcLookupName(const char *dom_name, const char *name, struct wbcDomainSid *sid, enum wbcSidType *name_type); +/** + * @brief Convert a SID to a domain and name + * + * @param *sid Pointer to the domain SID to be resolved + * @param pdomain Resolved Domain name (possibly "") + * @param pname Resolved User or group name + * @param *pname_type Pointer to the resolved SID type + * + * @return #wbcErr + **/ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, char **domain, char **name, enum wbcSidType *name_type); +/** + * @brief Translate a collection of RIDs within a domain to names + */ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, uint32_t *rids, @@ -540,15 +607,24 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, const char ***names, enum wbcSidType **types); +/* + * @brief Get the groups a user belongs to + **/ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, bool domain_groups_only, uint32_t *num_sids, struct wbcDomainSid **sids); +/** + * @brief Lists Users + **/ wbcErr wbcListUsers(const char *domain_name, uint32_t *num_users, const char ***users); +/** + * @brief Lists Groups + **/ wbcErr wbcListGroups(const char *domain_name, uint32_t *num_groups, const char ***groups); @@ -558,88 +634,324 @@ wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, char **pfullname, enum wbcSidType *pname_type); -/* +/********************************************************** * SID/uid/gid Mappings - */ + **********************************************************/ +/** + * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid); +/** + * @brief Convert a Windows SID to a Unix uid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, uid_t *puid); +/** + * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid); +/** + * @brief Convert a Unix uid to a Windows SID if there already is a mapping + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcQueryUidToSid(uid_t uid, struct wbcDomainSid *sid); +/** + * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +/** + * @brief Convert a Windows SID to a Unix gid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +/** + * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid); +/** + * @brief Convert a Unix gid to a Windows SID if there already is a mapping + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcQueryGidToSid(gid_t gid, struct wbcDomainSid *sid); +/** + * @brief Obtain a new uid from Winbind + * + * @param *puid *pointer to the allocated uid + * + * @return #wbcErr + **/ wbcErr wbcAllocateUid(uid_t *puid); +/** + * @brief Obtain a new gid from Winbind + * + * @param *pgid Pointer to the allocated gid + * + * @return #wbcErr + **/ wbcErr wbcAllocateGid(gid_t *pgid); +/** + * @brief Set an user id mapping + * + * @param uid Uid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); +/** + * @brief Set a group id mapping + * + * @param gid Gid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); +/** + * @brief Remove a user id mapping + * + * @param uid Uid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); +/** + * @brief Remove a group id mapping + * + * @param gid Gid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); +/** + * @brief Set the highwater mark for allocated uids. + * + * @param uid_hwm The new uid highwater mark value + * + * @return #wbcErr + **/ wbcErr wbcSetUidHwm(uid_t uid_hwm); +/** + * @brief Set the highwater mark for allocated gids. + * + * @param gid_hwm The new gid highwater mark value + * + * @return #wbcErr + **/ wbcErr wbcSetGidHwm(gid_t gid_hwm); -/* +/********************************************************** * NSS Lookup User/Group details - */ + **********************************************************/ +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param uid Uid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrnam(const char *name, struct group **grp); +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param gid Uid to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrgid(gid_t gid, struct group **grp); +/** + * @brief Reset the passwd iterator + * + * @return #wbcErr + **/ wbcErr wbcSetpwent(void); +/** + * @brief Close the passwd iterator + * + * @return #wbcErr + **/ wbcErr wbcEndpwent(void); +/** + * @brief Return the next struct passwd* entry from the pwent iterator + * + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwent(struct passwd **pwd); +/** + * @brief Reset the group iterator + * + * @return #wbcErr + **/ wbcErr wbcSetgrent(void); +/** + * @brief Close the group iterator + * + * @return #wbcErr + **/ wbcErr wbcEndgrent(void); +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrent(struct group **grp); +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrlist(struct group **grp); +/** + * @brief Return the unix group array belonging to the given user + * + * @param *account The given user name + * @param *num_groups Number of elements returned in the groups array + * @param **_groups Pointer to resulting gid_t array. + * + * @return #wbcErr + **/ wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups); -/* +/********************************************************** * Lookup Domain information - */ + **********************************************************/ +/** + * @brief Lookup the current status of a trusted domain + * + * @param domain Domain to query + * @param *dinfo Pointer to returned domain_info struct + * + * @return #wbcErr + **/ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **info); +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param **domains Pointer to the allocated domain list array + * @param *num_domains Pointer to number of domains returned + * + * @return #wbcErr + **/ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains); @@ -665,66 +977,206 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, #define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 #define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + **/ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcDomainControllerInfo **dc_info); +/** + * @brief Get extended domain controller information + * + * @param domain Name of the domain to query for a DC + * @param guid Guid of the domain to query for a DC + * @param site Site of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned extended domain controller information + * + * @return #wbcErr + **/ wbcErr wbcLookupDomainControllerEx(const char *domain, struct wbcGuid *guid, const char *site, uint32_t flags, struct wbcDomainControllerInfoEx **dc_info); -/* +/********************************************************** * Athenticate functions - */ + **********************************************************/ +/** + * @brief Authenticate a username/password pair + * + * @param username Name of user to authenticate + * @param password Clear text password os user + * + * @return #wbcErr + **/ wbcErr wbcAuthenticateUser(const char *username, const char *password); +/** + * @brief Authenticate with more detailed information + * + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet + * @param info Output details on WBC_ERR_SUCCESS + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +/** + * @brief Logon a User + * + * @param[in] params Pointer to a wbcLogonUserParams structure + * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure + * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure + * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure + * + * @return #wbcErr + **/ wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, struct wbcLogonUserInfo **info, struct wbcAuthErrorInfo **error, struct wbcUserPasswordPolicyInfo **policy); +/** + * @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + **/ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename); +/** + * @brief Trigger an extended logoff notification to Winbind for a specific user + * + * @param params A wbcLogoffUserParams structure + * @param error User output details on error + * + * @return #wbcErr + **/ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error); +/** + * @brief Change a password for a user + * + * @param username Name of user to authenticate + * @param old_password Old clear text password of user + * @param new_password New clear text password of user + * + * @return #wbcErr + **/ wbcErr wbcChangeUserPassword(const char *username, const char *old_password, const char *new_password); +/** + * @brief Change a password for a user with more detailed information upon + * failure + * + * @param params Input parameters + * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED + * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED + * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED + * + * @return #wbcErr + **/ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, struct wbcAuthErrorInfo **error, enum wbcPasswordChangeRejectReason *reject_reason, struct wbcUserPasswordPolicyInfo **policy); +/** + * @brief Authenticate a user with cached credentials + * + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, struct wbcCredentialCacheInfo **info, struct wbcAuthErrorInfo **error); -/* +/********************************************************** * Resolve functions - */ + **********************************************************/ + +/** + * @brief Resolve a NetbiosName via WINS + * + * @param name Name to resolve + * @param *ip Pointer to the ip address string + * + * @return #wbcErr + **/ wbcErr wbcResolveWinsByName(const char *name, char **ip); + +/** + * @brief Resolve an IP address via WINS into a NetbiosName + * + * @param ip The ip address string + * @param *name Pointer to the name + * + * @return #wbcErr + * + **/ wbcErr wbcResolveWinsByIP(const char *ip, char **name); -/* +/********************************************************** * Trusted domain functions - */ + **********************************************************/ + +/** + * @brief Trigger a verification of the trust credentials of a specific domain + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); -/* + +/********************************************************** * Helper functions - */ + **********************************************************/ + +/** + * @brief Initialize a named blob and add to list of blobs + * + * @param[in,out] num_blobs Pointer to the number of blobs + * @param[in,out] blobs Pointer to an array of blobs + * @param[in] name Name of the new named blob + * @param[in] flags Flags of the new named blob + * @param[in] data Blob data of new blob + * @param[in] length Blob data length of new blob + * + * @return #wbcErr + **/ wbcErr wbcAddNamedBlob(size_t *num_blobs, struct wbcNamedBlob **blobs, const char *name, diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index be22ff3f5e..d049bdb1e7 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -93,8 +93,8 @@ static const char *_pam_error_code_str(int err) return "PAM_CONV_ERR"; case PAM_AUTHTOK_ERR: return "PAM_AUTHTOK_ERR"; - case PAM_AUTHTOK_RECOVERY_ERR: - return "PAM_AUTHTOK_RECOVERY_ERR"; + case PAM_AUTHTOK_RECOVER_ERR: + return "PAM_AUTHTOK_RECOVER_ERR"; case PAM_AUTHTOK_LOCK_BUSY: return "PAM_AUTHTOK_LOCK_BUSY"; case PAM_AUTHTOK_DISABLE_AGING: diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index d14cfe94b7..c85e210cc0 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -146,8 +146,8 @@ static bool parse_mapping_arg(char *arg, int *id, char **sid) return false; /* Because atoi() can return 0 on invalid input, which would be a valid - * UID/GID we must use strtol() and do error checking */ - *id = strtol(tmp, &endptr, 10); + * UID/GID we must use strtoul() and do error checking */ + *id = strtoul(tmp, &endptr, 10); if (endptr[0] != '\0') return false; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 217957ab37..9a55067b01 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -425,6 +425,7 @@ struct service { bool bHideUnReadable; bool bHideUnWriteableFiles; bool bBrowseable; + bool bAccessBasedShareEnum; bool bAvailable; bool bRead_only; bool bNo_set_dir; @@ -568,6 +569,7 @@ static struct service sDefault = { False, /* bHideUnReadable */ False, /* bHideUnWriteableFiles */ True, /* bBrowseable */ + False, /* bAccessBasedShareEnum */ True, /* bAvailable */ True, /* bRead_only */ True, /* bNo_set_dir */ @@ -669,6 +671,8 @@ static void set_server_role(void); static void set_default_server_announce_type(void); static void set_allowed_client_auth(void); +static void *lp_local_ptr(struct service *service, void *ptr); + static const struct enum_list enum_protocol[] = { {PROTOCOL_NT1, "NT1"}, {PROTOCOL_LANMAN2, "LANMAN2"}, @@ -3304,6 +3308,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, }, { + .label = "access based share enum", + .type = P_BOOL, + .p_class = P_LOCAL, + .ptr = &sDefault.bAccessBasedShareEnum, + .special = NULL, + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE + }, + { .label = "browsable", .type = P_BOOL, .p_class = P_LOCAL, @@ -4573,9 +4586,56 @@ static void init_printer_values(struct service *pService) } /** - * Free the allocated data for one parameter for a given share. + * Common part of freeing allocated data for one parameter. */ -static void free_parameter(int snum, struct parm_struct parm) +static void free_one_parameter_common(void *parm_ptr, + struct parm_struct parm) +{ + if ((parm.type == P_STRING) || + (parm.type == P_USTRING)) + { + string_free((char**)parm_ptr); + } else if (parm.type == P_LIST) { + TALLOC_FREE(*((char***)parm_ptr)); + } +} + +/** + * Free the allocated data for one parameter for a share + * given as a service struct. + */ +static void free_one_parameter(struct service *service, + struct parm_struct parm) +{ + void *parm_ptr; + + if (parm.p_class != P_LOCAL) { + return; + } + + parm_ptr = lp_local_ptr(service, parm.ptr); + + free_one_parameter_common(parm_ptr, parm); +} + +/** + * Free the allocated parameter data of a share given + * as a service struct. + */ +static void free_parameters(struct service *service) +{ + uint32_t i; + + for (i=0; parm_table[i].label; i++) { + free_one_parameter(service, parm_table[i]); + } +} + +/** + * Free the allocated data for one parameter for a given share + * specified by an snum. + */ +static void free_one_parameter_by_snum(int snum, struct parm_struct parm) { void *parm_ptr; @@ -4588,27 +4648,22 @@ static void free_parameter(int snum, struct parm_struct parm) } else if (parm.p_class != P_LOCAL) { return; } else { - parm_ptr = lp_local_ptr(snum, parm.ptr); + parm_ptr = lp_local_ptr_by_snum(snum, parm.ptr); } - if ((parm.type == P_STRING) || - (parm.type == P_USTRING)) - { - string_free((char**)parm_ptr); - } else if (parm.type == P_LIST) { - TALLOC_FREE(*((char***)parm_ptr)); - } + free_one_parameter_common(parm_ptr, parm); } /** - * Free the allocated parameter data for a share. + * Free the allocated parameter data for a share specified + * by an snum. */ -static void free_parameters(int snum) +static void free_parameters_by_snum(int snum) { uint32_t i; for (i=0; parm_table[i].label; i++) { - free_parameter(snum, parm_table[i]); + free_one_parameter_by_snum(snum, parm_table[i]); } } @@ -4617,7 +4672,7 @@ static void free_parameters(int snum) */ static void free_global_parameters(void) { - free_parameters(GLOBAL_SECTION_SNUM); + free_parameters_by_snum(GLOBAL_SECTION_SNUM); } /*************************************************************************** @@ -5063,7 +5118,6 @@ FN_GLOBAL_STRING(lp_remote_announce, &Globals.szRemoteAnnounce) FN_GLOBAL_STRING(lp_remote_browse_sync, &Globals.szRemoteBrowseSync) FN_GLOBAL_LIST(lp_wins_server_list, &Globals.szWINSservers) FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces) -FN_GLOBAL_STRING(lp_socket_address, &Globals.szSocketAddress) FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) @@ -5332,6 +5386,7 @@ FN_LOCAL_BOOL(lp_hide_special_files, bHideSpecialFiles) FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable) FN_LOCAL_BOOL(lp_hideunwriteable_files, bHideUnWriteableFiles) FN_LOCAL_BOOL(lp_browseable, bBrowseable) +FN_LOCAL_BOOL(lp_access_based_share_enum, bAccessBasedShareEnum) FN_LOCAL_BOOL(lp_readonly, bRead_only) FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir) FN_LOCAL_BOOL(lp_guest_ok, bGuest_ok) @@ -5728,7 +5783,7 @@ static void free_service(struct service *pservice) DEBUG(5, ("free_service: Freeing service %s\n", pservice->szService)); - free_parameters(getservicebyname(pservice->szService, NULL)); + free_parameters(pservice); string_free(&pservice->szService); bitmap_free(pservice->copymap); @@ -5926,6 +5981,7 @@ bool lp_add_home(const char *pszHomename, int iDefaultService, /* set the browseable flag from the global default */ ServicePtrs[i]->bBrowseable = sDefault.bBrowseable; + ServicePtrs[i]->bAccessBasedShareEnum = sDefault.bAccessBasedShareEnum; ServicePtrs[i]->autoloaded = True; @@ -7155,13 +7211,23 @@ static void init_copymap(struct service *pservice) } /*************************************************************************** + Return the local pointer to a parameter given a service struct and the + pointer into the default structure. +***************************************************************************/ + +static void *lp_local_ptr(struct service *service, void *ptr) +{ + return (void *)(((char *)service) + PTR_DIFF(ptr, &sDefault)); +} + +/*************************************************************************** Return the local pointer to a parameter given the service number and the pointer into the default structure. ***************************************************************************/ -void *lp_local_ptr(int snum, void *ptr) +void *lp_local_ptr_by_snum(int snum, void *ptr) { - return (void *)(((char *)ServicePtrs[snum]) + PTR_DIFF(ptr, &sDefault)); + return lp_local_ptr(ServicePtrs[snum], ptr); } /*************************************************************************** @@ -7213,7 +7279,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue pszParmName)); return (True); } - parm_ptr = lp_local_ptr(snum, def_ptr); + parm_ptr = lp_local_ptr_by_snum(snum, def_ptr); } if (snum >= 0) { @@ -9468,3 +9534,18 @@ int lp_min_receive_file_size(void) } return MIN(Globals.iminreceivefile, BUFFER_SIZE); } + +/******************************************************************* + If socket address is an empty character string, it is necessary to + define it as "0.0.0.0". +********************************************************************/ + +const char *lp_socket_address(void) +{ + char *sock_addr = Globals.szSocketAddress; + + if (sock_addr[0] == '\0'){ + string_set(&Globals.szSocketAddress, "0.0.0.0"); + } + return Globals.szSocketAddress; +} diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index ddbb53a9b9..95e9a01ba3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2014,7 +2014,7 @@ static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods, newname_lower, true, true); - if (rename_script) { + if (!rename_script) { return NT_STATUS_NO_MEMORY; } rename_script = realloc_string_sub2(rename_script, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 244b3aee03..ba1fb4352c 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1344,14 +1344,24 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr goto error_exit; } - status = open_file_ntcreate(conn, NULL, filepath, &stat_buf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + filepath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &stat_buf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* Old file not found, so by definition new file is in fact newer */ @@ -1385,14 +1395,24 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr goto error_exit; } - status = open_file_ntcreate(conn, NULL, filepath, &stat_buf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + filepath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &stat_buf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* New file not found, this shouldn't occur if the caller did its job */ @@ -1528,14 +1548,24 @@ static uint32 get_correct_cversion(struct pipes_struct *p, goto error_exit; } - status = open_file_ntcreate(conn, NULL, driverpath, &st, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + driverpath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &st); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = %d\n", diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 3c8c60f0e0..ba88f8ee56 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -335,7 +335,7 @@ static struct printjob *print_job_find(const char *sharename, uint32 jobid) uint32_t tmp; TDB_DATA ret; struct tdb_print_db *pdb = get_print_db_byname(sharename); - + DEBUG(10,("print_job_find: looking up job %u for share %s\n", (unsigned int)jobid, sharename )); @@ -350,19 +350,19 @@ static struct printjob *print_job_find(const char *sharename, uint32 jobid) DEBUG(10,("print_job_find: failed to find jobid %u.\n", (unsigned int)jobid )); return NULL; } - + if ( pjob.nt_devmode ) { free_nt_devicemode( &pjob.nt_devmode ); } - + ZERO_STRUCT( pjob ); - + if ( unpack_pjob( ret.dptr, ret.dsize, &pjob ) == -1 ) { DEBUG(10,("print_job_find: failed to unpack jobid %u.\n", (unsigned int)jobid )); SAFE_FREE(ret.dptr); return NULL; } - + SAFE_FREE(ret.dptr); DEBUG(10,("print_job_find: returning system job %d for jobid %u.\n", @@ -1394,7 +1394,19 @@ main thread of the background lpq updater ****************************************************************************/ void start_background_queue(void) { + /* Use local variables for this as we don't + * need to save the parent side of this, just + * ensure it closes when the process exits. + */ + int pause_pipe[2]; + DEBUG(3,("start_background_queue: Starting background LPQ thread\n")); + + if (pipe(pause_pipe) == -1) { + DEBUG(5,("start_background_queue: cannot create pipe. %s\n", strerror(errno) )); + exit(1); + } + background_lpq_updater_pid = sys_fork(); if (background_lpq_updater_pid == -1) { @@ -1406,6 +1418,9 @@ void start_background_queue(void) /* Child. */ DEBUG(5,("start_background_queue: background LPQ thread started\n")); + close(pause_pipe[0]); + pause_pipe[0] = -1; + if (!reinit_after_fork(smbd_messaging_context(), true)) { DEBUG(0,("reinit_after_fork() failed\n")); smb_panic("reinit_after_fork() failed"); @@ -1420,13 +1435,23 @@ void start_background_queue(void) messaging_register(smbd_messaging_context(), NULL, MSG_PRINTER_UPDATE, print_queue_receive); - + DEBUG(5,("start_background_queue: background LPQ thread waiting for messages\n")); while (1) { - pause(); - + fd_set pause_fds; + int pause_select; + + FD_ZERO(&pause_fds); + FD_SET(pause_pipe[1], &pause_fds); + pause_select = sys_select(pause_pipe[1]+1, &pause_fds, NULL, NULL, NULL); + /* If pause_pipe[0] is closed it means the parent smbd + * and children exited or aborted. */ + if (pause_select == 1) { + exit_server_cleanly(NULL); + } + /* check for some essential signals first */ - + if (got_sig_term) { exit_server_cleanly(NULL); } @@ -1437,9 +1462,9 @@ void start_background_queue(void) reload_services(False); reload_after_sighup = 0; } - + /* now check for messages */ - + DEBUG(10,("start_background_queue: background LPQ thread got a message\n")); message_dispatch(smbd_messaging_context()); @@ -1449,6 +1474,8 @@ void start_background_queue(void) 0); } } + + close(pause_pipe[1]); } /**************************************************************************** diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f0c2f6709e..a2d334230d 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2979,6 +2979,9 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, auth->user_name = talloc_strdup(auth, cli->user_name); auth->domain = talloc_strdup(auth, cli->domain); + auth->user_session_key = data_blob_talloc(auth, + cli->user_session_key.data, + cli->user_session_key.length); if ((auth->user_name == NULL) || (auth->domain == NULL)) { TALLOC_FREE(result); @@ -3443,6 +3446,10 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, cli->auth->a_u.kerberos_auth->session_key.length); break; case PIPE_AUTH_TYPE_NONE: + *session_key = data_blob_talloc(mem_ctx, + cli->auth->user_session_key.data, + cli->auth->user_session_key.length); + break; default: return NT_STATUS_NO_USER_SESSION_KEY; } diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 6a9e6d1682..a6e4ad8a33 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -341,7 +341,8 @@ void init_samr_user_info16(struct samr_UserInfo16 *r, void init_samr_user_info18(struct samr_UserInfo18 *r, const uint8 lm_pwd[16], - const uint8 nt_pwd[16]) + const uint8 nt_pwd[16], + uint8_t password_expired) { DEBUG(5, ("init_samr_user_info18\n")); @@ -349,6 +350,7 @@ void init_samr_user_info18(struct samr_UserInfo18 *r, memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false; r->nt_pwd_active = memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false; + r->password_expired = password_expired; } /******************************************************************* @@ -391,8 +393,8 @@ void init_samr_user_info21(struct samr_UserInfo21 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired) { r->last_logon = last_logon; @@ -420,8 +422,8 @@ void init_samr_user_info21(struct samr_UserInfo21 *r, r->logon_count = logon_count; r->country_code = country_code; r->code_page = code_page; - r->nt_password_set = nt_password_set; r->lm_password_set = lm_password_set; + r->nt_password_set = nt_password_set; r->password_expired = password_expired; } @@ -455,8 +457,8 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired, struct samr_CryptPassword *pwd_buf) { @@ -487,8 +489,8 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, logon_count, country_code, code_page, - nt_password_set, lm_password_set, + nt_password_set, password_expired); r->password = *pwd_buf; @@ -538,8 +540,8 @@ void init_samr_user_info25(struct samr_UserInfo25 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired, struct samr_CryptPasswordEx *pwd_buf) { @@ -572,8 +574,8 @@ void init_samr_user_info25(struct samr_UserInfo25 *r, logon_count, country_code, code_page, - nt_password_set, lm_password_set, + nt_password_set, password_expired); r->password = *pwd_buf; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 45acd3ed48..038690d0f1 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1402,10 +1402,10 @@ NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, /**************************************************************** ****************************************************************/ -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, - struct netr_NETRSERVERGETTRUSTINFO *r) +NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, + struct netr_ServerGetTrustInfo *r) { p->rng_fault_state = true; - return WERR_NOT_SUPPORTED; + return NT_STATUS_NOT_IMPLEMENTED; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index cbcd4de60c..342f432c4e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2079,7 +2079,7 @@ NTSTATUS _samr_LookupRids(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(acc_granted, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, + 0, /* Don't know the acc_bits yet */ "_samr_LookupRids"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -2430,8 +2430,10 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCOUNT_DISABLED; } - init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass), - pdb_get_nt_passwd(smbpass)); + init_samr_user_info18(r, + pdb_get_lanman_passwd(smbpass), + pdb_get_nt_passwd(smbpass), + 0 /* FIXME */); TALLOC_FREE(smbpass); @@ -2607,8 +2609,8 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, pdb_get_logon_count(pw), 0, /* country_code */ 0, /* code_page */ - 0, /* nt_password_set */ 0, /* lm_password_set */ + 0, /* nt_password_set */ password_expired); return NT_STATUS_OK; @@ -2634,7 +2636,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, + SAMR_USER_ACCESS_GET_ATTRIBUTES, "_samr_QueryUserInfo"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3699,29 +3701,62 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16, set_user_info_18 ********************************************************************/ -static bool set_user_info_18(struct samr_UserInfo18 *id18, - struct samu *pwd) +static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18, + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + struct samu *pwd) { if (id18 == NULL) { DEBUG(2, ("set_user_info_18: id18 is NULL\n")); - return False; + return NT_STATUS_INVALID_PARAMETER; } - if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) { - return False; + if (id18->nt_pwd_active || id18->lm_pwd_active) { + if (!session_key->length) { + return NT_STATUS_NO_USER_SESSION_KEY; + } } - if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) { - return False; + + if (id18->nt_pwd_active) { + + DATA_BLOB in, out; + + in = data_blob_const(id18->nt_pwd.hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, session_key, false); + + if (!pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED)) { + return NT_STATUS_ACCESS_DENIED; + } + + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); } - if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) { - return False; + + if (id18->lm_pwd_active) { + + DATA_BLOB in, out; + + in = data_blob_const(id18->lm_pwd.hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, session_key, false); + + if (!pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED)) { + return NT_STATUS_ACCESS_DENIED; + } + + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); } - if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - return False; - } + if (id18->password_expired) { + pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED); + } else { + /* FIXME */ + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); + } - return True; + return pdb_update_sam_account(pwd); } /******************************************************************* @@ -3856,8 +3891,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCESS_DENIED; } - if ((id23->info.fields_present & SAMR_FIELD_PASSWORD) || - (id23->info.fields_present & SAMR_FIELD_PASSWORD2)) { + if ((id23->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (id23->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) { DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", pdb_get_username(pwd))); @@ -4178,9 +4213,10 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, case 18: /* Used by AS/U JRA. */ - if (!set_user_info_18(&info->info18, pwd)) { - status = NT_STATUS_ACCESS_DENIED; - } + status = set_user_info_18(&info->info18, + p->mem_ctx, + &p->server_info->user_session_key, + pwd); break; case 20: diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index bf3669022d..15af963c4c 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -493,6 +493,19 @@ static bool is_hidden_share(int snum) } /******************************************************************* + Verify user is allowed to view share, access based enumeration +********************************************************************/ +static bool is_enumeration_allowed(pipes_struct *p, + int snum) +{ + if (!lp_access_based_share_enum(snum)) + return true; + + return share_access_check(p->server_info->ptok, lp_servicename(snum), + FILE_READ_DATA); +} + +/******************************************************************* Fill in a share info structure. ********************************************************************/ @@ -509,6 +522,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, TALLOC_CTX *ctx = p->mem_ctx; int i = 0; int valid_share_count = 0; + bool *allowed = 0; union srvsvc_NetShareCtr ctr; uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0; @@ -521,15 +535,21 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, num_services = lp_numservices(); unbecome_root(); - /* Count the number of entries. */ - for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { - DEBUG(10, ("counting service %s\n", lp_servicename(snum))); - num_entries++; - } else { - DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum))); - } - } + allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services); + W_ERROR_HAVE_NO_MEMORY(allowed); + + /* Count the number of entries. */ + for (snum = 0; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && + is_enumeration_allowed(p, snum) && + (all_shares || !is_hidden_share(snum)) ) { + DEBUG(10, ("counting service %s\n", lp_servicename(snum))); + allowed[snum] = true; + num_entries++; + } else { + DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum))); + } + } if (!num_entries || (resume_handle >= num_entries)) { return WERR_OK; @@ -547,7 +567,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum); } @@ -564,7 +584,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum); } @@ -581,7 +601,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum); } @@ -598,7 +618,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum); } @@ -615,7 +635,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum); } @@ -632,7 +652,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum); } @@ -649,7 +669,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum); } @@ -666,7 +686,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum); } @@ -683,7 +703,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum); } @@ -700,7 +720,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum); } @@ -2048,11 +2068,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, goto error_exit; } - nt_status = create_file( + nt_status = SMB_VFS_CREATE_FILE( conn, /* conn */ NULL, /* req */ 0, /* root_dir_fid */ r->in.file, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ FILE_READ_ATTRIBUTES, /* access_mask */ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */ FILE_OPEN, /* create_disposition*/ @@ -2162,11 +2183,12 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } - nt_status = create_file( + nt_status = SMB_VFS_CREATE_FILE( conn, /* conn */ NULL, /* req */ 0, /* root_dir_fid */ r->in.file, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ FILE_WRITE_ATTRIBUTES, /* access_mask */ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */ FILE_OPEN, /* create_disposition*/ diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index eaf5adbfa5..426e7e9744 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -219,9 +219,8 @@ static void display_sam_dom_info_13(struct samr_DomInfo13 *info13) printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num); printf("Domain Create Time:\t%s\n", http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time))); - printf("Unknown1:\t%d\n", info13->unknown1); - printf("Unknown2:\t%d\n", info13->unknown2); - + printf("Sequence No at last promotion:\t%llu\n", + (unsigned long long)info13->modified_count_at_last_promotion); } static void display_sam_info_1(struct samr_DispEntryGeneral *r) @@ -264,6 +263,35 @@ static void display_sam_info_5(struct samr_DispEntryAscii *r) printf("Account: %s\n", r->account_name.string); } +/**************************************************************************** + ****************************************************************************/ + +static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *sam, + struct policy_handle *connect_pol, + uint32_t access_mask, + struct dom_sid *_domain_sid, + struct policy_handle *domain_pol) +{ + + if (StrCaseCmp(sam, "domain") == 0) { + return rpccli_samr_OpenDomain(cli, mem_ctx, + connect_pol, + access_mask, + _domain_sid, + domain_pol); + } else if (StrCaseCmp(sam, "builtin") == 0) { + return rpccli_samr_OpenDomain(cli, mem_ctx, + connect_pol, + access_mask, + CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), + domain_pol); + } + + return NT_STATUS_INVALID_PARAMETER; +} + /********************************************************************** * Query user information */ @@ -649,21 +677,11 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else { - printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]); - return NT_STATUS_INVALID_PARAMETER; - } + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -955,20 +973,11 @@ static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli, /* Get domain policy handle */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1107,20 +1116,11 @@ static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1197,25 +1197,11 @@ static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (strequal(argv[1], "domain")) { - - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - SEC_FLAG_MAXIMUM_ALLOWED, - &domain_sid, - &domain_pol); - - } else if (strequal(argv[1], "builtin")) { - - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - SEC_FLAG_MAXIMUM_ALLOWED, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - - } else { - return NT_STATUS_OK; - } + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + SEC_FLAG_MAXIMUM_ALLOWED, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1294,20 +1280,11 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_INVALID_PARAMETER; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1890,20 +1867,11 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1973,20 +1941,11 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -2658,6 +2617,241 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli, return result; } +static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv, + int opcode) +{ + POLICY_HND connect_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + const char *user, *param; + uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS; + uint32_t level; + uint32_t user_rid; + union samr_UserInfo info; + struct samr_CryptPassword pwd_buf; + struct samr_CryptPasswordEx pwd_buf_ex; + uint8_t nt_hash[16]; + uint8_t lm_hash[16]; + DATA_BLOB session_key; + uint8_t password_expired = 0; + + if (argc < 4) { + printf("Usage: %s username level password [password_expired]\n", + argv[0]); + return NT_STATUS_INVALID_PARAMETER; + } + + user = argv[1]; + level = atoi(argv[2]); + param = argv[3]; + + if (argc >= 5) { + password_expired = atoi(argv[4]); + } + + status = cli_get_session_key(mem_ctx, cli, &session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + init_samr_CryptPassword(param, &session_key, &pwd_buf); + init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex); + nt_lm_owf_gen(param, nt_hash, lm_hash); + + switch (level) { + case 18: + { + DATA_BLOB in,out; + in = data_blob_const(nt_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(nt_hash, out.data, out.length); + } + { + DATA_BLOB in,out; + in = data_blob_const(lm_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(lm_hash, out.data, out.length); + } + + init_samr_user_info18(&info.info18, + lm_hash, + nt_hash, + password_expired); + break; + case 21: + ZERO_STRUCT(info.info21); + + info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info21.password_expired = password_expired; + } + + info.info21.lm_password_set = true; + info.info21.lm_owf_password.length = 16; + info.info21.lm_owf_password.size = 16; + + info.info21.nt_password_set = true; + info.info21.nt_owf_password.length = 16; + info.info21.nt_owf_password.size = 16; + + { + DATA_BLOB in,out; + in = data_blob_const(nt_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + info.info21.nt_owf_password.array = + (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + } + { + DATA_BLOB in,out; + in = data_blob_const(lm_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + info.info21.lm_owf_password.array = + (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + } + + break; + case 23: + ZERO_STRUCT(info.info23); + + info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info23.info.password_expired = password_expired; + } + + info.info23.password = pwd_buf; + + break; + case 24: + init_samr_user_info24(&info.info24, + &pwd_buf, + password_expired); + break; + case 25: + ZERO_STRUCT(info.info25); + + info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info25.info.password_expired = password_expired; + } + + info.info25.password = pwd_buf_ex; + + break; + case 26: + init_samr_user_info26(&info.info26, + &pwd_buf_ex, + password_expired); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* Get sam policy handle */ + + status = rpccli_try_samr_connects(cli, mem_ctx, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + + if (!NT_STATUS_IS_OK(status)) + goto done; + + /* Get domain policy handle */ + + status = rpccli_samr_OpenDomain(cli, mem_ctx, + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); + + if (!NT_STATUS_IS_OK(status)) + goto done; + + user_rid = strtol(user, NULL, 0); + if (user_rid) { + status = rpccli_samr_OpenUser(cli, mem_ctx, + &domain_pol, + access_mask, + user_rid, + &user_pol); + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) || + (user_rid == 0)) { + + /* Probably this was a user name, try lookupnames */ + struct samr_Ids rids, types; + struct lsa_String lsa_acct_name; + + init_lsa_String(&lsa_acct_name, user); + + status = rpccli_samr_LookupNames(cli, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &types); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_OpenUser(cli, mem_ctx, + &domain_pol, + access_mask, + rids.ids[0], + &user_pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + switch (opcode) { + case NDR_SAMR_SETUSERINFO: + status = rpccli_samr_SetUserInfo(cli, mem_ctx, + &user_pol, + level, + &info); + break; + case NDR_SAMR_SETUSERINFO2: + status = rpccli_samr_SetUserInfo2(cli, mem_ctx, + &user_pol, + level, + &info); + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + done: + return status; +} + +static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv, + NDR_SAMR_SETUSERINFO); +} + +static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv, + NDR_SAMR_SETUSERINFO2); +} + static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -2759,5 +2953,7 @@ struct cmd_set samr_commands[] = { { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" }, { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" }, { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" }, + { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" }, + { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" }, { NULL } }; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 26a73203b9..038acfbcdc 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -2641,6 +2641,8 @@ done: /**************************************************************************** ****************************************************************************/ +extern struct user_auth_info *rpcclient_auth_info; + static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -2671,11 +2673,11 @@ static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli, nt_status = cli_full_connection(&cli_server2, global_myname(), servername2, NULL, 0, "IPC$", "IPC", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(rpcclient_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), - get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, - get_cmdline_auth_info_signing_state(), NULL); + get_cmdline_auth_info_password(rpcclient_auth_info), + get_cmdline_auth_info_use_kerberos(rpcclient_auth_info) ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, + get_cmdline_auth_info_signing_state(rpcclient_auth_info), NULL); if ( !NT_STATUS_IS_OK(nt_status) ) return WERR_GENERAL_FAILURE; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 61d8d7c485..dc125007e3 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -28,6 +28,8 @@ static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; static unsigned int timeout = 0; +struct user_auth_info *rpcclient_auth_info; + /* List to hold groups of commands. * * Commands are defined in a list of arrays: arrays are easy to @@ -560,6 +562,7 @@ static void add_command_set(struct cmd_set *cmd_set) * @param cmd Command to run, as a single string. **/ static NTSTATUS do_cmd(struct cli_state *cli, + struct user_auth_info *auth_info, struct cmd_set *cmd_entry, int argc, char **argv) { @@ -589,8 +592,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, cli, cmd_entry->interface, pipe_default_auth_level, lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), &cmd_entry->rpc_pipe); break; case PIPE_AUTH_TYPE_NTLMSSP: @@ -598,8 +601,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, cli, cmd_entry->interface, pipe_default_auth_level, lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), &cmd_entry->rpc_pipe); break; case PIPE_AUTH_TYPE_SCHANNEL: @@ -687,7 +690,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, * * @returns The NTSTATUS from running the command. **/ -static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) +static NTSTATUS process_cmd(struct user_auth_info *auth_info, + struct cli_state *cli, char *cmd) { struct cmd_list *temp_list; NTSTATUS result = NT_STATUS_OK; @@ -713,7 +717,8 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) goto out_free; } - result = do_cmd(cli, temp_set, argc, argv); + result = do_cmd(cli, auth_info, temp_set, + argc, argv); goto out_free; } @@ -776,7 +781,7 @@ out_free: load_case_tables(); - zero_addr(&server_ss); + zero_sockaddr(&server_ss); setlinebuf(stdout); @@ -784,6 +789,12 @@ out_free: facilities. See lib/debug.c */ setup_logging("rpcclient", True); + rpcclient_auth_info = user_auth_info_init(frame); + if (rpcclient_auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(rpcclient_auth_info); + /* Parse options */ pc = poptGetContext("rpcclient", argc, (const char **) argv, @@ -850,16 +861,16 @@ out_free: * from stdin if necessary */ - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) && + !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) { result = 1; goto done; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(rpcclient_auth_info)) { char *pass = getpass("Password:"); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(rpcclient_auth_info, pass); } } @@ -868,7 +879,7 @@ out_free: server += 2; } - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } @@ -877,11 +888,12 @@ out_free: nt_status = cli_full_connection(&cli, global_myname(), server, opt_ipaddr ? &server_ss : NULL, opt_port, "IPC$", "IPC", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(rpcclient_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(rpcclient_auth_info), flags, - get_cmdline_auth_info_signing_state(),NULL); + get_cmdline_auth_info_signing_state(rpcclient_auth_info), + NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); @@ -889,10 +901,10 @@ out_free: goto done; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) { nt_status = cli_cm_force_encryption(cli, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(rpcclient_auth_info), + get_cmdline_auth_info_password(rpcclient_auth_info), lp_workgroup(), "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { @@ -927,7 +939,7 @@ out_free: result = 0; while((cmd=next_command(&p)) != NULL) { - NTSTATUS cmd_result = process_cmd(cli, cmd); + NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli, cmd); SAFE_FREE(cmd); result = NT_STATUS_IS_ERR(cmd_result); } @@ -946,7 +958,7 @@ out_free: break; if (line[0] != '\n') - process_cmd(cli, line); + process_cmd(rpcclient_auth_info, cli, line); SAFE_FREE(line); } diff --git a/source3/samba4.mk b/source3/samba4.mk index 032a3d9c35..38d1ec2e19 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -161,9 +161,11 @@ modules:: $(PLUGINS) pythonmods:: $(PYTHON_PYS) $(PYTHON_SO) -all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 +all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 pythonmods setup torture:: bin/smbtorture4 everything:: $(patsubst %,%4,$(BINARIES)) +setup: + @ln -sf ../source4/setup setup SELFTEST4 = $(LD_LIBPATH_OVERRIDE) $(PERL) $(selftestdir)/selftest.pl --prefix=st4 \ --builddir=$(builddir) --srcdir=$(samba4srcdir) \ diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ce918ab6a3..f91f1fcf8f 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -694,6 +694,13 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, fsp, NT_STATUS_OK); } + status = fd_close(fsp); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not close dir! fname=%s, fd=%d, err=%d=%s\n", + fsp->fsp_name, fsp->fh->fd, errno, strerror(errno))); + } + /* * Do the code common to files and directories. */ diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 954cd5a4d2..de07482369 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -353,7 +353,7 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT Convert dos attributes (FILE_ATTRIBUTE_*) to dos stat flags (UF_*) ****************************************************************************/ -static int dos_attributes_to_stat_dos_flags(uint32_t dosmode) +int dos_attributes_to_stat_dos_flags(uint32_t dosmode) { uint32_t dos_stat_flags = 0; diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 392264bfc0..d240ecfa64 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -26,8 +26,6 @@ #include "includes.h" -static bool scan_directory(connection_struct *conn, const char *path, - char *name, char **found_name); static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, connection_struct *conn, const char *orig_path, @@ -433,8 +431,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, */ if (name_has_wildcard || - !scan_directory(conn, dirpath, - start, &found_name)) { + (SMB_VFS_GET_REAL_FILENAME( + conn, dirpath, start, + talloc_tos(), &found_name) == -1)) { char *unmangled; if (end) { @@ -768,15 +767,15 @@ static bool fname_equal(const char *name1, const char *name2, If the name looks like a mangled name then try via the mangling functions ****************************************************************************/ -static bool scan_directory(connection_struct *conn, const char *path, - char *name, char **found_name) +int get_real_filename(connection_struct *conn, const char *path, + const char *name, TALLOC_CTX *mem_ctx, + char **found_name) { struct smb_Dir *cur_dir; const char *dname; bool mangled; char *unmangled_name = NULL; long curpos; - TALLOC_CTX *ctx = talloc_tos(); mangled = mangle_is_mangled(name, conn->params); @@ -791,7 +790,7 @@ static bool scan_directory(connection_struct *conn, const char *path, */ if (!mangled && !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) { errno = ENOENT; - return False; + return -1; } /* @@ -810,10 +809,9 @@ static bool scan_directory(connection_struct *conn, const char *path, */ if (mangled && !conn->case_sensitive) { - mangled = !mangle_lookup_name_from_8_3(ctx, - name, - &unmangled_name, - conn->params); + mangled = !mangle_lookup_name_from_8_3(talloc_tos(), name, + &unmangled_name, + conn->params); if (!mangled) { /* Name is now unmangled. */ name = unmangled_name; @@ -824,7 +822,7 @@ static bool scan_directory(connection_struct *conn, const char *path, if (!(cur_dir = OpenDir(talloc_tos(), conn, path, NULL, 0))) { DEBUG(3,("scan dir didn't open dir [%s]\n",path)); TALLOC_FREE(unmangled_name); - return(False); + return -1; } /* now scan for matching names */ @@ -850,21 +848,21 @@ static bool scan_directory(connection_struct *conn, const char *path, if ((mangled && mangled_equal(name,dname,conn->params)) || fname_equal(name, dname, conn->case_sensitive)) { /* we've found the file, change it's name and return */ - *found_name = talloc_strdup(ctx,dname); + *found_name = talloc_strdup(mem_ctx, dname); TALLOC_FREE(unmangled_name); TALLOC_FREE(cur_dir); if (!*found_name) { errno = ENOMEM; - return False; + return -1; } - return(True); + return 0; } } TALLOC_FREE(unmangled_name); TALLOC_FREE(cur_dir); errno = ENOENT; - return False; + return -1; } static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 777073e6ba..24a14a8c1b 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -474,10 +474,24 @@ void reply_ntcreate_and_X(struct smb_request *req) ? BATCH_OPLOCK : 0; } - status = create_file(conn, req, root_dir_fid, fname, - access_mask, share_access, create_disposition, - create_options, file_attributes, oplock_request, - allocation_size, NULL, NULL, &fsp, &info, &sbuf); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -932,10 +946,24 @@ static void call_nt_transact_create(connection_struct *conn, ? BATCH_OPLOCK : 0; } - status = create_file(conn, req, root_dir_fid, fname, - access_mask, share_access, create_disposition, - create_options, file_attributes, oplock_request, - allocation_size, sd, ea_list, &fsp, &info, &sbuf); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if(!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1158,27 +1186,49 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx, DEBUG(10,("copy_internals: doing file copy %s to %s\n", oldname, newname)); - status = open_file_ntcreate(conn, req, oldname, &sbuf1, - FILE_READ_DATA, /* Read-only. */ - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, /* No create options. */ - FILE_ATTRIBUTE_NORMAL, - NO_OPLOCK, - &info, &fsp1); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + oldname, /* fname */ + 0, /* create_file_flags */ + FILE_READ_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp1, /* result */ + &info, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; } - status = open_file_ntcreate(conn, req, newname, &sbuf2, - FILE_WRITE_DATA, /* Read-only. */ - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_CREATE, - 0, /* No create options. */ - fattr, - NO_OPLOCK, - &info, &fsp2); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + newname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_CREATE, /* create_disposition*/ + 0, /* create_options */ + fattr, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp2, /* result */ + &info, /* pinfo */ + &sbuf2); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { close_file(NULL, fsp1, ERROR_CLOSE); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index f98415ee33..d22eda2bb5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -29,6 +29,23 @@ struct deferred_open_record { struct file_id id; }; +static NTSTATUS create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + /**************************************************************************** SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES. ****************************************************************************/ @@ -142,7 +159,7 @@ NTSTATUS fd_close(files_struct *fsp) Do this by fd if possible. ****************************************************************************/ -static void change_file_owner_to_parent(connection_struct *conn, +void change_file_owner_to_parent(connection_struct *conn, const char *inherit_from_dir, files_struct *fsp) { @@ -173,7 +190,7 @@ static void change_file_owner_to_parent(connection_struct *conn, (unsigned int)parent_st.st_uid )); } -static NTSTATUS change_dir_owner_to_parent(connection_struct *conn, +NTSTATUS change_dir_owner_to_parent(connection_struct *conn, const char *inherit_from_dir, const char *fname, SMB_STRUCT_STAT *psbuf) @@ -482,7 +499,7 @@ static NTSTATUS open_file(files_struct *fsp, Return True if the filename is one of the special executable types. ********************************************************************/ -static bool is_executable(const char *fname) +bool is_executable(const char *fname) { if ((fname = strrchr_m(fname,'.'))) { if (strequal(fname,".com") || @@ -644,7 +661,7 @@ static void validate_my_share_entries(int num, } #endif -static bool is_stat_open(uint32 access_mask) +bool is_stat_open(uint32 access_mask) { return (access_mask && ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES| @@ -845,8 +862,8 @@ static bool delay_for_oplocks(struct share_mode_lock *lck, return True; } -static bool request_timed_out(struct timeval request_time, - struct timeval timeout) +bool request_timed_out(struct timeval request_time, + struct timeval timeout) { struct timeval now, end_time; GetTimeOfDay(&now); @@ -911,13 +928,13 @@ static void defer_open(struct share_mode_lock *lck, On overwrite open ensure that the attributes match. ****************************************************************************/ -static bool open_match_attributes(connection_struct *conn, - const char *path, - uint32 old_dos_attr, - uint32 new_dos_attr, - mode_t existing_unx_mode, - mode_t new_unx_mode, - mode_t *returned_unx_mode) +bool open_match_attributes(connection_struct *conn, + const char *path, + uint32 old_dos_attr, + uint32 new_dos_attr, + mode_t existing_unx_mode, + mode_t new_unx_mode, + mode_t *returned_unx_mode) { uint32 noarch_old_dos_attr, noarch_new_dos_attr; @@ -961,7 +978,7 @@ static bool open_match_attributes(connection_struct *conn, Try and find a duplicated file handle. ****************************************************************************/ -static NTSTATUS fcb_or_dos_open(struct smb_request *req, +NTSTATUS fcb_or_dos_open(struct smb_request *req, connection_struct *conn, files_struct *fsp_to_dup_into, const char *fname, @@ -1031,7 +1048,7 @@ bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func uint32 access_mask; uint32 share_mode; uint32 create_disposition; - uint32 create_options = 0; + uint32 create_options = FILE_NON_DIRECTORY_FILE; DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, " "open_func = 0x%x\n", @@ -1260,7 +1277,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, Open a file with a share mode. Passed in an already created files_struct *. ****************************************************************************/ -static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, +static NTSTATUS open_file_ntcreate(connection_struct *conn, struct smb_request *req, const char *fname, SMB_STRUCT_STAT *psbuf, @@ -1964,13 +1981,11 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, } set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, - fsp->oplock_type, new_file_created); + fsp->oplock_type); /* Handle strange delete on close create semantics. */ - if ((create_options & FILE_DELETE_ON_CLOSE) - && (((conn->fs_capabilities & FILE_NAMED_STREAMS) - && is_ntfs_stream_name(fname)) - || can_set_initial_delete_on_close(lck))) { + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, new_dos_attributes); if (!NT_STATUS_IS_OK(status)) { @@ -2056,55 +2071,6 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, return NT_STATUS_OK; } -/**************************************************************************** - Open a file with a share mode. -****************************************************************************/ - -NTSTATUS open_file_ntcreate(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ - uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ - uint32 create_disposition, /* FILE_OPEN_IF etc. */ - uint32 create_options, /* options such as delete on close. */ - uint32 new_dos_attributes, /* attributes used for new file. */ - int oplock_request, /* internal Samba oplock codes. */ - /* Information (FILE_EXISTS etc.) */ - int *pinfo, - files_struct **result) -{ - NTSTATUS status; - files_struct *fsp = NULL; - - *result = NULL; - - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - - status = open_file_ntcreate_internal(conn, - req, - fname, - psbuf, - access_mask, - share_access, - create_disposition, - create_options, - new_dos_attributes, - oplock_request, - pinfo, - fsp); - - if(!NT_STATUS_IS_OK(status)) { - file_free(req, fsp); - return status; - } - - *result = fsp; - return status; -} /**************************************************************************** Open a file for for write to ensure that we can fchmod it. @@ -2126,10 +2092,25 @@ NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, return status; } - /* note! we must use a non-zero desired access or we don't get - a real file descriptor. Oh what a twisted web we weave. */ - status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY, - 0, FILE_WRITE_DATA, FILE_WRITE_DATA); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ /* * This is not a user visible file open. @@ -2250,17 +2231,17 @@ static NTSTATUS mkdir_internal(connection_struct *conn, Open a directory from an NT SMB call. ****************************************************************************/ -NTSTATUS open_directory(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, - uint32 share_access, - uint32 create_disposition, - uint32 create_options, - uint32 file_attributes, - int *pinfo, - files_struct **result) +static NTSTATUS open_directory(connection_struct *conn, + struct smb_request *req, + const char *fname, + SMB_STRUCT_STAT *psbuf, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 file_attributes, + int *pinfo, + files_struct **result) { files_struct *fsp = NULL; bool dir_existed = VALID_STAT(*psbuf) ? True : False; @@ -2438,8 +2419,7 @@ NTSTATUS open_directory(connection_struct *conn, return status; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK, - True); + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ @@ -2476,14 +2456,24 @@ NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, cons SET_STAT_INVALID(sbuf); - status = open_directory(conn, req, directory, &sbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_CREATE, - 0, - FILE_ATTRIBUTE_DIRECTORY, - NULL, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + directory, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_CREATE, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ if (NT_STATUS_IS_OK(status)) { close_file(req, fsp, NORMAL_CLOSE); @@ -2569,8 +2559,8 @@ static int restore_case_semantics(struct case_semantics_state *state) /**************************************************************************** Save case semantics. ****************************************************************************/ -static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, - connection_struct *conn) +struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, + connection_struct *conn) { struct case_semantics_state *result; @@ -2708,22 +2698,22 @@ static NTSTATUS open_streams_for_delete(connection_struct *conn, * Wrapper around open_file_ntcreate and open_directory */ -NTSTATUS create_file_unixpath(connection_struct *conn, - struct smb_request *req, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf) +static NTSTATUS create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) { SMB_STRUCT_STAT sbuf; int info = FILE_WAS_OPENED; @@ -2868,7 +2858,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, } /* Can't open a temp directory. IFS kit test. */ - if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) { + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) { status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -2890,41 +2881,35 @@ NTSTATUS create_file_unixpath(connection_struct *conn, * Ordinary file case. */ - if (base_fsp) { - /* - * We're opening the stream element of a base_fsp - * we already opened. We need to initialize - * the fsp first, and set up the base_fsp pointer. - */ - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - goto fail; - } + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + /* + * We're opening the stream element of a base_fsp + * we already opened. Set up the base_fsp pointer. + */ + if (base_fsp) { fsp->base_fsp = base_fsp; + } - status = open_file_ntcreate_internal(conn, - req, - fname, - &sbuf, - access_mask, - share_access, - create_disposition, - create_options, - file_attributes, - oplock_request, - &info, - fsp); - - if(!NT_STATUS_IS_OK(status)) { - file_free(req, fsp); - fsp = NULL; - } - } else { - status = open_file_ntcreate( - conn, req, fname, &sbuf, access_mask, share_access, - create_disposition, create_options, file_attributes, - oplock_request, &info, &fsp); + status = open_file_ntcreate(conn, + req, + fname, + &sbuf, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + &info, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; } if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { @@ -2975,21 +2960,10 @@ NTSTATUS create_file_unixpath(connection_struct *conn, if ((sd != NULL) && (info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn))) { - uint32_t sec_info_sent = ALL_SECURITY_INFORMATION; + uint32_t sec_info_sent; uint32_t saved_access_mask = fsp->access_mask; - if (sd->owner_sid == NULL) { - sec_info_sent &= ~OWNER_SECURITY_INFORMATION; - } - if (sd->group_sid == NULL) { - sec_info_sent &= ~GROUP_SECURITY_INFORMATION; - } - if (sd->sacl == NULL) { - sec_info_sent &= ~SACL_SECURITY_INFORMATION; - } - if (sd->dacl == NULL) { - sec_info_sent &= ~DACL_SECURITY_INFORMATION; - } + sec_info_sent = get_sec_info(sd); fsp->access_mask = FILE_GENERIC_ALL; @@ -3082,23 +3056,114 @@ NTSTATUS create_file_unixpath(connection_struct *conn, return status; } -NTSTATUS create_file(connection_struct *conn, - struct smb_request *req, - uint16_t root_dir_fid, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf) +/* + * Calculate the full path name given a relative fid. + */ +NTSTATUS get_relative_fid_filename(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, char **new_fname) +{ + files_struct *dir_fsp; + char *parent_fname = NULL; + + if (root_dir_fid == 0 || !fname || !new_fname) { + return NT_STATUS_INTERNAL_ERROR; + } + + dir_fsp = file_fsp(req, root_dir_fid); + + if (dir_fsp == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!dir_fsp->is_directory) { + + /* + * Check to see if this is a mac fork of some kind. + */ + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) && + is_ntfs_stream_name(fname)) { + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + + /* + we need to handle the case when we get a + relative open relative to a file and the + pathname is blank - this is a reopen! + (hint from demyn plantenberg) + */ + + return NT_STATUS_INVALID_HANDLE; + } + + if (ISDOT(dir_fsp->fsp_name)) { + /* + * We're at the toplevel dir, the final file name + * must not contain ./, as this is filtered out + * normally by srvstr_get_path and unix_convert + * explicitly rejects paths containing ./. + */ + parent_fname = talloc_strdup(talloc_tos(), ""); + if (parent_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + size_t dir_name_len = strlen(dir_fsp->fsp_name); + + /* + * Copy in the base directory name. + */ + + parent_fname = TALLOC_ARRAY(talloc_tos(), char, + dir_name_len+2); + if (parent_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + memcpy(parent_fname, dir_fsp->fsp_name, + dir_name_len+1); + + /* + * Ensure it ends in a '/'. + * We used TALLOC_SIZE +2 to add space for the '/'. + */ + + if(dir_name_len + && (parent_fname[dir_name_len-1] != '\\') + && (parent_fname[dir_name_len-1] != '/')) { + parent_fname[dir_name_len] = '/'; + parent_fname[dir_name_len+1] = '\0'; + } + } + + *new_fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname, + fname); + if (*new_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +NTSTATUS create_file_default(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) { struct case_semantics_state *case_state = NULL; SMB_STRUCT_STAT sbuf; @@ -3111,7 +3176,7 @@ NTSTATUS create_file(connection_struct *conn, "create_disposition = 0x%x create_options = 0x%x " "oplock_request = 0x%x " "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, " - "fname = %s\n", + "create_file_flags = 0x%x, fname = %s\n", (unsigned int)access_mask, (unsigned int)file_attributes, (unsigned int)share_access, @@ -3119,94 +3184,22 @@ NTSTATUS create_file(connection_struct *conn, (unsigned int)create_options, (unsigned int)oplock_request, (unsigned int)root_dir_fid, - ea_list, sd, fname)); + ea_list, sd, create_file_flags, fname)); /* - * Get the file name. + * Calculate the filename from the root_dir_if if necessary. */ if (root_dir_fid != 0) { - /* - * This filename is relative to a directory fid. - */ - char *parent_fname = NULL; - files_struct *dir_fsp = file_fsp(req, root_dir_fid); - - if (dir_fsp == NULL) { - status = NT_STATUS_INVALID_HANDLE; - goto fail; - } - - if (!dir_fsp->is_directory) { + char *new_fname; - /* - * Check to see if this is a mac fork of some kind. - */ - - if ((conn->fs_capabilities & FILE_NAMED_STREAMS) && - is_ntfs_stream_name(fname)) { - status = NT_STATUS_OBJECT_PATH_NOT_FOUND; - goto fail; - } - - /* - we need to handle the case when we get a - relative open relative to a file and the - pathname is blank - this is a reopen! - (hint from demyn plantenberg) - */ - - status = NT_STATUS_INVALID_HANDLE; + status = get_relative_fid_filename(conn, req, root_dir_fid, + fname, &new_fname); + if (!NT_STATUS_IS_OK(status)) { goto fail; } - if (ISDOT(dir_fsp->fsp_name)) { - /* - * We're at the toplevel dir, the final file name - * must not contain ./, as this is filtered out - * normally by srvstr_get_path and unix_convert - * explicitly rejects paths containing ./. - */ - parent_fname = talloc_strdup(talloc_tos(), ""); - if (parent_fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - } else { - size_t dir_name_len = strlen(dir_fsp->fsp_name); - - /* - * Copy in the base directory name. - */ - - parent_fname = TALLOC_ARRAY(talloc_tos(), char, - dir_name_len+2); - if (parent_fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - memcpy(parent_fname, dir_fsp->fsp_name, - dir_name_len+1); - - /* - * Ensure it ends in a '/'. - * We used TALLOC_SIZE +2 to add space for the '/'. - */ - - if(dir_name_len - && (parent_fname[dir_name_len-1] != '\\') - && (parent_fname[dir_name_len-1] != '/')) { - parent_fname[dir_name_len] = '/'; - parent_fname[dir_name_len+1] = '\0'; - } - } - - fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname, - fname); - if (fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } + fname = new_fname; } /* @@ -3272,10 +3265,9 @@ NTSTATUS create_file(connection_struct *conn, if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { case_state = set_posix_case_semantics(talloc_tos(), conn); - file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS; } - { + if (create_file_flags & CFF_DOS_PATH) { char *converted_fname; SET_STAT_INVALID(sbuf); @@ -3286,6 +3278,15 @@ NTSTATUS create_file(connection_struct *conn, goto fail; } fname = converted_fname; + } else { + if (psbuf != NULL) { + sbuf = *psbuf; + } else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + } TALLOC_FREE(case_state); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 261f12cb08..faabdd795b 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -43,7 +43,6 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) const char *fname = NULL; char *pipe_name = NULL; files_struct *fsp; - int size=0,fmode=0,mtime=0,rmode=0; TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status; @@ -96,17 +95,12 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) SSVAL(req->outbuf,smb_vwv9,2); SSVAL(req->outbuf,smb_vwv10,0xc700); - if (rmode == 2) { - DEBUG(4,("Resetting open result to open from create.\n")); - rmode = 1; - } - - SSVAL(req->outbuf,smb_vwv2, fsp->fnum); - SSVAL(req->outbuf,smb_vwv3,fmode); - srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime); - SIVAL(req->outbuf,smb_vwv6,size); - SSVAL(req->outbuf,smb_vwv8,rmode); - SSVAL(req->outbuf,smb_vwv11,0x0001); + SSVAL(req->outbuf, smb_vwv2, fsp->fnum); + SSVAL(req->outbuf, smb_vwv3, 0); /* fmode */ + srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0); /* mtime */ + SIVAL(req->outbuf, smb_vwv6, 0); /* size */ + SSVAL(req->outbuf, smb_vwv8, 0); /* rmode */ + SSVAL(req->outbuf, smb_vwv11, 0x0001); chain_reply(req); return; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 97fd3b2bbe..b184279259 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3248,17 +3248,24 @@ NTSTATUS append_parent_acl(files_struct *fsp, return NT_STATUS_NO_MEMORY; } - status = open_directory(fsp->conn, - NULL, - parent_name, - &sbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_OPEN, - 0, - INTERNAL_OPEN_ONLY, - &info, - &parent_fsp); + status = SMB_VFS_CREATE_FILE( + fsp->conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + parent_name, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + 0, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &parent_fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 11c713ab4a..9f7a1896b8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1630,22 +1630,24 @@ void reply_open(struct smb_request *req) return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - dos_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - &info, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + dos_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1774,22 +1776,24 @@ void reply_open_and_X(struct smb_request *req) return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - smb_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - &smb_action, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + smb_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &smb_action, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBopenX); @@ -1972,22 +1976,24 @@ void reply_mknew(struct smb_request *req) create_disposition = FILE_OVERWRITE_IF; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - fattr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - NULL, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + fattr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBcreate); @@ -2117,14 +2123,24 @@ void reply_ctemp(struct smb_request *req) SMB_VFS_STAT(conn,fname,&sbuf); /* We should fail if file does not exist. */ - status = open_file_ntcreate(conn, req, fname, &sbuf, - FILE_GENERIC_READ | FILE_GENERIC_WRITE, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - fattr, - oplock_request, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + fattr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ /* close fd from smb_mkstemp() */ close(tmpfd); @@ -2309,10 +2325,12 @@ static NTSTATUS do_unlink(connection_struct *conn, /* On open checks the open itself will check the share mode, so don't do it here as we'll get it wrong. */ - status = create_file_unixpath + status = SMB_VFS_CREATE_FILE (conn, /* conn */ req, /* req */ + 0, /* root_dir_fid */ fname, /* fname */ + 0, /* create_file_flags */ DELETE_ACCESS, /* access_mask */ FILE_SHARE_NONE, /* share_access */ FILE_OPEN, /* create_disposition*/ @@ -2327,7 +2345,7 @@ static NTSTATUS do_unlink(connection_struct *conn, &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("create_file_unixpath failed: %s\n", + DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n", nt_errstr(status))); return status; } @@ -5565,8 +5583,6 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, * depends on these semantics. JRA. */ - set_allow_initial_delete_on_close(lck, fsp, True); - if (create_options & FILE_DELETE_ON_CLOSE) { status = can_set_delete_on_close(fsp, True, 0); @@ -5623,6 +5639,7 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, struct smb_Dir *dir_hnd = NULL; const char *dname; long offset = 0; + int create_options = 0; ZERO_STRUCT(sbuf1); ZERO_STRUCT(sbuf2); @@ -5736,17 +5753,29 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, ZERO_STRUCT(sbuf1); SMB_VFS_STAT(conn, directory, &sbuf1); - status = S_ISDIR(sbuf1.st_mode) ? - open_directory(conn, req, directory, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, NULL, - &fsp) - : open_file_ntcreate(conn, req, directory, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, 0, NULL, - &fsp); + if (S_ISDIR(sbuf1.st_mode)) { + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + directory, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | /* share_access */ + FILE_SHARE_WRITE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not open rename source %s: %s\n", @@ -5840,20 +5869,34 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, ZERO_STRUCT(sbuf1); SMB_VFS_STAT(conn, fname, &sbuf1); - status = S_ISDIR(sbuf1.st_mode) ? - open_directory(conn, req, fname, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, NULL, - &fsp) - : open_file_ntcreate(conn, req, fname, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, 0, NULL, - &fsp); + create_options = 0; + + if (S_ISDIR(sbuf1.st_mode)) { + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | /* share_access */ + FILE_SHARE_WRITE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { - DEBUG(3,("rename_internals: open_file_ntcreate " + DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE " "returned %s rename %s -> %s\n", nt_errstr(status), directory, newname)); break; @@ -6044,14 +6087,24 @@ NTSTATUS copy_file(TALLOC_CTX *ctx, } } - status = open_file_ntcreate(conn, NULL, src, &src_sbuf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp1); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + src, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp1, /* result */ + NULL, /* pinfo */ + &src_sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(dest); @@ -6063,14 +6116,24 @@ NTSTATUS copy_file(TALLOC_CTX *ctx, ZERO_STRUCTP(&sbuf2); } - status = open_file_ntcreate(conn, NULL, dest, &sbuf2, - FILE_GENERIC_WRITE, - FILE_SHARE_READ|FILE_SHARE_WRITE, - new_create_disposition, - 0, - dosattrs, - INTERNAL_OPEN_ONLY, - NULL, &fsp2); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + dest, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_WRITE, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + new_create_disposition, /* create_disposition*/ + 0, /* create_options */ + dosattrs, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp2, /* result */ + NULL, /* pinfo */ + &sbuf2); /* psbuf */ TALLOC_FREE(dest); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index fff05a3aac..f7bdb58288 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -469,9 +469,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ char *sock_tok; const char *sock_ptr; - if (sock_addr[0] == '\0' || - strequal(sock_addr, "0.0.0.0") || - strequal(sock_addr, "::")) { + if (strequal(sock_addr, "0.0.0.0") || + strequal(sock_addr, "::")) { #if HAVE_IPV6 sock_addr = "::,0.0.0.0"; #else diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 24a201013a..a24843ff64 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -915,7 +915,7 @@ static void reply_spnego_auth(struct smb_request *req, DEBUG(3,("reply_spnego_auth: network " "misconfiguration, client sent us a " "krb5 ticket and kerberos security " - "not enabled")); + "not enabled\n")); reply_nterror(req, nt_status_squash( NT_STATUS_LOGON_FAILURE)); SAFE_FREE(kerb_mech); diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index 9dbacc2998..c72251b5a7 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -192,7 +192,7 @@ bool token_contains_name_in_list(const char *username, */ bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, domain, @@ -252,7 +252,7 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn) { int snum = SNUM(conn); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 7b051d389f..606e656795 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1006,22 +1006,24 @@ static void call_trans2open(connection_struct *conn, return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - open_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - open_size, /* allocation_size */ - NULL, /* sd */ - ea_list, /* ea_list */ - &fsp, /* result */ - &smb_action, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + open_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + open_size, /* allocation_size */ + NULL, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &smb_action, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1093,15 +1095,13 @@ static bool exact_match(connection_struct *conn, { if (mask[0] == '.' && mask[1] == 0) return False; - if (conn->case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn->dirptr)) { return False; } - return True; + if (conn->case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } /**************************************************************************** @@ -5057,15 +5057,26 @@ static NTSTATUS smb_set_file_size(connection_struct *conn, return NT_STATUS_OK; } - status = open_file_ntcreate(conn, req, fname, psbuf, - FILE_WRITE_ATTRIBUTES, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - FORCE_OPLOCK_BREAK_TO_NONE, - NULL, &new_fsp); - + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_ATTRIBUTES, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + FORCE_OPLOCK_BREAK_TO_NONE, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &new_fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ + if (!NT_STATUS_IS_OK(status)) { /* NB. We check for open_was_deferred in the caller. */ return status; @@ -5826,14 +5837,25 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn, /* Pathname or stat or directory file. */ - status = open_file_ntcreate(conn, req, fname, psbuf, - FILE_WRITE_DATA, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - FORCE_OPLOCK_BREAK_TO_NONE, - NULL, &new_fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + FORCE_OPLOCK_BREAK_TO_NONE, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &new_fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* NB. We check for open_was_deferred in the caller. */ @@ -6257,16 +6279,24 @@ static NTSTATUS smb_posix_mkdir(connection_struct *conn, DEBUG(10,("smb_posix_mkdir: file %s, mode 0%o\n", fname, (unsigned int)unixmode )); - status = open_directory(conn, req, - fname, - psbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_CREATE, - 0, - mod_unixmode, - &info, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_CREATE, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + mod_unixmode, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (NT_STATUS_IS_OK(status)) { close_file(req, fsp, NORMAL_CLOSE); @@ -6423,17 +6453,25 @@ static NTSTATUS smb_posix_open(connection_struct *conn, (unsigned int)wire_open_mode, (unsigned int)unixmode )); - status = open_file_ntcreate(conn, req, - fname, - psbuf, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - create_disp, - 0, /* no create options yet. */ - mod_unixmode, - oplock_request, - &info, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + create_disp, /* create_disposition*/ + 0, /* create_options */ + mod_unixmode, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; @@ -6518,6 +6556,7 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn, uint16 flags = 0; char del = 1; int info = 0; + int create_options = 0; int i; struct share_mode_lock *lck = NULL; @@ -6541,30 +6580,28 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn, fname)); if (VALID_STAT_OF_DIR(*psbuf)) { - status = open_directory(conn, req, - fname, - psbuf, - DELETE_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_FLAG_POSIX_SEMANTICS|0777, - &info, - &fsp); - } else { - - status = open_file_ntcreate(conn, req, - fname, - psbuf, - DELETE_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_FLAG_POSIX_SEMANTICS|0777, - 0, /* No oplock, but break existing ones. */ - &info, - &fsp); - } + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + DELETE_ACCESS, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + FILE_FLAG_POSIX_SEMANTICS|0777, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index ca7df264e2..5a4b8a52e7 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -61,22 +61,27 @@ bool change_to_guest(void) later code can then mess with. ********************************************************************/ -static bool check_user_ok(connection_struct *conn, uint16_t vuid, - struct auth_serversupplied_info *server_info, - int snum) +static bool check_user_ok(connection_struct *conn, + uint16_t vuid, + const struct auth_serversupplied_info *server_info, + int snum) { + bool valid_vuid = (vuid != UID_FIELD_INVALID); unsigned int i; - struct vuid_cache_entry *ent = NULL; bool readonly_share; bool admin_user; - for (i=0; i<VUID_CACHE_SIZE; i++) { - ent = &conn->vuid_cache.array[i]; - if (ent->vuid == vuid) { - conn->server_info = ent->server_info; - conn->read_only = ent->read_only; - conn->admin_user = ent->admin_user; - return(True); + if (valid_vuid) { + struct vuid_cache_entry *ent; + + for (i=0; i<VUID_CACHE_SIZE; i++) { + ent = &conn->vuid_cache.array[i]; + if (ent->vuid == vuid) { + conn->server_info = ent->server_info; + conn->read_only = ent->read_only; + conn->admin_user = ent->admin_user; + return(True); + } } } @@ -112,33 +117,36 @@ static bool check_user_ok(connection_struct *conn, uint16_t vuid, pdb_get_domain(server_info->sam_account), NULL, server_info->ptok, lp_admin_users(snum)); - ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry]; + if (valid_vuid) { + struct vuid_cache_entry *ent = + &conn->vuid_cache.array[conn->vuid_cache.next_entry]; - conn->vuid_cache.next_entry = - (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE; + conn->vuid_cache.next_entry = + (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE; - TALLOC_FREE(ent->server_info); + TALLOC_FREE(ent->server_info); - /* - * If force_user was set, all server_info's are based on the same - * username-based faked one. - */ + /* + * If force_user was set, all server_info's are based on the same + * username-based faked one. + */ - ent->server_info = copy_serverinfo( - conn, conn->force_user ? conn->server_info : server_info); + ent->server_info = copy_serverinfo( + conn, conn->force_user ? conn->server_info : server_info); - if (ent->server_info == NULL) { - ent->vuid = UID_FIELD_INVALID; - return false; - } + if (ent->server_info == NULL) { + ent->vuid = UID_FIELD_INVALID; + return false; + } - ent->vuid = vuid; - ent->read_only = readonly_share; - ent->admin_user = admin_user; + ent->vuid = vuid; + ent->read_only = readonly_share; + ent->admin_user = admin_user; + conn->server_info = ent->server_info; + } - conn->read_only = ent->read_only; - conn->admin_user = ent->admin_user; - conn->server_info = ent->server_info; + conn->read_only = readonly_share; + conn->admin_user = admin_user; return(True); } @@ -172,6 +180,7 @@ void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid) bool change_to_user(connection_struct *conn, uint16 vuid) { + const struct auth_serversupplied_info *server_info = NULL; user_struct *vuser = get_valid_user_struct(vuid); int snum; gid_t gid; @@ -207,13 +216,15 @@ bool change_to_user(connection_struct *conn, uint16 vuid) snum = SNUM(conn); - if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) { + server_info = vuser ? vuser->server_info : conn->server_info; + + if (!check_user_ok(conn, vuid, server_info, snum)) { DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) " "not permitted access to share %s.\n", - vuser->server_info->sanitized_username, - vuser->server_info->unix_name, vuid, + server_info->sanitized_username, + server_info->unix_name, vuid, lp_servicename(snum))); - return False; + return false; } /* diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c index b58cb3deec..247c9abcc1 100644 --- a/source3/torture/locktest.c +++ b/source3/torture/locktest.c @@ -176,7 +176,7 @@ static struct cli_state *connect_one(char *share, int snum) server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); slprintf(myname,sizeof(myname), "lock-%lu-%u", (unsigned long)getpid(), count++); @@ -184,7 +184,7 @@ static struct cli_state *connect_one(char *share, int snum) make_nmb_name(&called , server, 0x20); again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if (!(c=cli_initialise())) { diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c index c5612fefaa..8fea15877f 100644 --- a/source3/torture/masktest.c +++ b/source3/torture/masktest.c @@ -178,13 +178,13 @@ static struct cli_state *connect_one(char *share) server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); make_nmb_name(&calling, "masktest", 0x0); make_nmb_name(&called , server, 0x20); again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if (!(c=cli_initialise())) { diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 603426b67c..382b3b65eb 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -158,7 +158,7 @@ static struct cli_state *open_nbt_connection(void) make_nmb_name(&calling, myname, 0x0); make_nmb_name(&called , host, 0x20); - zero_addr(&ss); + zero_sockaddr(&ss); if (!(c = cli_initialise())) { printf("Failed initialize cli_struct to connect with %s\n", host); diff --git a/source3/utils/net.c b/source3/utils/net.c index bab2f41d11..f1a5be1876 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -662,7 +662,7 @@ static struct functable net_func[] = { }; - zero_addr(&c->opt_dest_ip); + zero_sockaddr(&c->opt_dest_ip); load_case_tables(); diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b03fefe14a..27d534665c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -293,7 +293,7 @@ retry: tried_closest_dc = true; /* avoid loop */ - if (!ads->config.tried_closest_dc) { + if (!ads_closest_dc(ads)) { namecache_delete(ads->server.realm, 0x1C); namecache_delete(ads->server.workgroup, 0x1C); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3c8ce0326e..f69d3f9012 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5250,7 +5250,8 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, notime, notime, notime, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ¶meters, - 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + 0, 0, ACB_DOMTRUST, + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT, hours, 0, 0, 0, 0, 0, 0, 0, &crypt_pwd); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 10b55014c2..f07b5011c8 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -735,6 +735,8 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, if (!cli_set_secdesc(cli, fnum, sd)) { printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); + cli_close(cli, fnum); + return EXIT_FAILED; } cli_close(cli, fnum); @@ -949,50 +951,51 @@ static int cacl_set(struct cli_state *cli, char *filename, /***************************************************** Return a connection to a server. *******************************************************/ -static struct cli_state *connect_one(const char *server, const char *share) +static struct cli_state *connect_one(struct user_auth_info *auth_info, + const char *server, const char *share) { struct cli_state *c = NULL; struct sockaddr_storage ss; NTSTATUS nt_status; uint32_t flags = 0; - zero_addr(&ss); + zero_sockaddr(&ss); - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { return NULL; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); } } nt_status = cli_full_connection(&c, global_myname(), server, &ss, 0, share, "?????", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(auth_info), flags, - get_cmdline_auth_info_signing_state(), + get_cmdline_auth_info_signing_state(auth_info), NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(auth_info)) { nt_status = cli_cm_force_encryption(c, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1038,6 +1041,7 @@ static struct cli_state *connect_one(const char *server, const char *share) TALLOC_CTX *frame = talloc_stackframe(); const char *owner_username = ""; char *server; + struct user_auth_info *auth_info; load_case_tables(); @@ -1053,6 +1057,12 @@ static struct cli_state *connect_one(const char *server, const char *share) lp_load(get_dyn_CONFIGFILE(),True,False,False,True); load_interfaces(); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + pc = poptGetContext("smbcacls", argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "//server1/share1 filename\nACLs look like: " @@ -1129,7 +1139,7 @@ static struct cli_state *connect_one(const char *server, const char *share) share++; if (!test_args) { - cli = connect_one(server, share); + cli = connect_one(auth_info, server, share); if (!cli) { exit(EXIT_FAILED); } diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index b769c2bce0..a95394b125 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -37,6 +37,7 @@ static struct cli_state *cli_ipc; static struct rpc_pipe_client *global_pipe_hnd; static POLICY_HND pol; static bool got_policy_hnd; +static struct user_auth_info *smbcquotas_auth_info; static struct cli_state *connect_one(const char *share); @@ -371,44 +372,44 @@ static struct cli_state *connect_one(const char *share) NTSTATUS nt_status; uint32_t flags = 0; - zero_addr(&ss); + zero_sockaddr(&ss); - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(smbcquotas_auth_info) && + !set_cmdline_auth_info_machine_account_creds(smbcquotas_auth_info)) { return NULL; } - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(smbcquotas_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(smbcquotas_auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(smbcquotas_auth_info, pass); } } nt_status = cli_full_connection(&c, global_myname(), server, &ss, 0, share, "?????", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(smbcquotas_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(smbcquotas_auth_info), flags, - get_cmdline_auth_info_signing_state(), + get_cmdline_auth_info_signing_state(smbcquotas_auth_info), NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(smbcquotas_auth_info)) { nt_status = cli_cm_force_encryption(c, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(smbcquotas_auth_info), + get_cmdline_auth_info_password(smbcquotas_auth_info), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { @@ -475,6 +476,12 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, lp_load(get_dyn_CONFIGFILE(),True,False,False,True); load_interfaces(); + smbcquotas_auth_info = user_auth_info_init(frame); + if (smbcquotas_auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(smbcquotas_auth_info); + pc = poptGetContext("smbcquotas", argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "//server1/share1"); @@ -537,7 +544,8 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, todo = USER_QUOTA; if (!fix_user) { - username_str = talloc_strdup(frame, get_cmdline_auth_info_username()); + username_str = talloc_strdup( + frame, get_cmdline_auth_info_username(smbcquotas_auth_info)); if (!username_str) { exit(EXIT_PARSE_ERROR); } diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c index d274e09299..1e22a40201 100644 --- a/source3/utils/smbfilter.c +++ b/source3/utils/smbfilter.c @@ -212,7 +212,7 @@ static void start_filter(char *desthost) /* start listening on port 445 locally */ - zero_addr(&my_ss); + zero_sockaddr(&my_ss); s = open_socket_in(SOCK_STREAM, 445, 0, &my_ss, True); if (s == -1) { diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index 9fc02bac13..6c69300e85 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -272,7 +272,7 @@ static bool print_tree(struct user_auth_info *user_info) int main(int argc,char *argv[]) { TALLOC_CTX *frame = talloc_stackframe(); - struct user_auth_info local_auth_info; + struct user_auth_info *auth_info; struct poptOption long_options[] = { POPT_AUTOHELP { "broadcast", 'b', POPT_ARG_VAL, &use_bcast, True, "Use broadcast instead of using the master browser" }, @@ -293,6 +293,12 @@ static bool print_tree(struct user_auth_info *user_info) setup_logging(argv[0],True); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + pc = poptGetContext("smbtree", argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); while(poptGetNextOpt(pc) != -1); @@ -303,26 +309,22 @@ static bool print_tree(struct user_auth_info *user_info) /* Parse command line args */ - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { TALLOC_FREE(frame); return 1; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); } } /* Now do our stuff */ - if (!get_cmdline_auth_info_copy(&local_auth_info)) { - return 1; - } - - if (!print_tree(&local_auth_info)) { + if (!print_tree(auth_info)) { TALLOC_FREE(frame); return 1; } diff --git a/source3/web/swat.c b/source3/web/swat.c index 27c4b54e2f..b729e3b241 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -232,7 +232,7 @@ static void show_parameter(int snum, struct parm_struct *parm) TALLOC_CTX *ctx = talloc_stackframe(); if (parm->p_class == P_LOCAL && snum >= 0) { - ptr = lp_local_ptr(snum, ptr); + ptr = lp_local_ptr_by_snum(snum, ptr); } printf("<tr><td>%s</td><td>", get_parm_translated(ctx, @@ -375,7 +375,7 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte void *ptr = parm->ptr; if (parm->p_class == P_LOCAL && snum >= 0) { - ptr = lp_local_ptr(snum, ptr); + ptr = lp_local_ptr_by_snum(snum, ptr); } switch (parm->type) { diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 82af55800f..0ecf11d0e5 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -7,17 +7,17 @@ Copyright (C) Andrew Tridgell 2002 Copyright (C) Jelmer Vernooij 2003 Copyright (C) Volker Lendecke 2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -103,9 +103,9 @@ static void winbindd_status(void) DEBUG(0, ("winbindd status:\n")); /* Print client state information */ - + DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients())); - + if (DEBUGLEVEL >= 2 && winbindd_num_clients()) { DEBUG(2, ("\tclient list:\n")); for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) { @@ -157,7 +157,7 @@ static void terminate(bool is_parent) } idmap_close(); - + trustdom_cache_shutdown(); #if 0 @@ -173,35 +173,35 @@ static void terminate(bool is_parent) exit(0); } -static bool do_sigterm; +static SIG_ATOMIC_T do_sigterm = 0; static void termination_handler(int signum) { - do_sigterm = True; + do_sigterm = 1; sys_select_signal(signum); } -static bool do_sigusr2; +static SIG_ATOMIC_T do_sigusr2 = 0; static void sigusr2_handler(int signum) { - do_sigusr2 = True; + do_sigusr2 = 1; sys_select_signal(SIGUSR2); } -static bool do_sighup; +static SIG_ATOMIC_T do_sighup = 0; static void sighup_handler(int signum) { - do_sighup = True; + do_sighup = 1; sys_select_signal(SIGHUP); } -static bool do_sigchld; +static SIG_ATOMIC_T do_sigchld = 0; static void sigchld_handler(int signum) { - do_sigchld = True; + do_sigchld = 1; sys_select_signal(SIGCHLD); } @@ -224,7 +224,7 @@ static void msg_shutdown(struct messaging_context *msg, struct server_id server_id, DATA_BLOB *data) { - do_sigterm = True; + do_sigterm = 1; } @@ -288,7 +288,7 @@ static struct winbindd_dispatch_table { void (*fn)(struct winbindd_cli_state *state); const char *winbindd_cmd_name; } dispatch_table[] = { - + /* User functions */ { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" }, @@ -685,9 +685,9 @@ static void new_connection(int listen_sock, bool privileged) struct winbindd_cli_state *state; socklen_t len; int sock; - + /* Accept connection */ - + len = sizeof(sunaddr); do { @@ -696,16 +696,16 @@ static void new_connection(int listen_sock, bool privileged) if (sock == -1) return; - + DEBUG(6,("accepted socket %d\n", sock)); - + /* Create new connection structure */ - + if ((state = TALLOC_ZERO_P(NULL, struct winbindd_cli_state)) == NULL) { close(sock); return; } - + state->sock = sock; state->last_access = time(NULL); @@ -720,7 +720,7 @@ static void new_connection(int listen_sock, bool privileged) request_len_recv, state); /* Add to connection list */ - + winbindd_add_client(state); } @@ -731,7 +731,7 @@ static void remove_client(struct winbindd_cli_state *state) char c = 0; /* It's a dead client - hold a funeral */ - + if (state == NULL) { return; } @@ -740,14 +740,14 @@ static void remove_client(struct winbindd_cli_state *state) write(state->sock, &c, sizeof(c)); /* Close socket */ - + close(state->sock); - + /* Free any getent state */ - + free_getent_state(state->getpwent_state); free_getent_state(state->getgrent_state); - + /* We may have some extra data that was not freed if the client was killed unexpectedly */ @@ -756,9 +756,9 @@ static void remove_client(struct winbindd_cli_state *state) TALLOC_FREE(state->mem_ctx); remove_fd_event(&state->fd_event); - + /* Remove from list and free */ - + winbindd_remove_client(state); TALLOC_FREE(state); } @@ -802,7 +802,7 @@ void winbind_check_sighup(const char *lfile) flush_caches(); reload_services_file(lfile); - do_sighup = False; + do_sighup = 0; } } @@ -893,7 +893,7 @@ static void process_loop(void) } /* Call select */ - + selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout); if (selret == 0) { @@ -944,7 +944,7 @@ static void process_loop(void) /* new, non-privileged connection */ new_connection(listen_sock, False); } - + if (FD_ISSET(listen_priv_sock, &r_fds)) { while (winbindd_num_clients() > WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { @@ -977,13 +977,13 @@ static void process_loop(void) if (do_sigusr2) { print_winbindd_status(); - do_sigusr2 = False; + do_sigusr2 = 0; } if (do_sigchld) { pid_t pid; - do_sigchld = False; + do_sigchld = 0; while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) { winbind_child_died(pid); @@ -1159,7 +1159,7 @@ int main(int argc, char **argv, char **envp) BlockSignals(False, SIGCHLD); /* Setup signal handlers */ - + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ CatchSignal(SIGQUIT, termination_handler); CatchSignal(SIGTERM, termination_handler); @@ -1232,13 +1232,13 @@ int main(int argc, char **argv, char **envp) messaging_register(winbind_messaging_context(), NULL, MSG_DEBUG, winbind_msg_debug); - + netsamlogon_cache_init(); /* Non-critical */ - + /* clear the cached list of trusted domains */ wcache_tdc_clear(); - + if (!init_domain_list()) { DEBUG(0,("unable to initialize domain list\n")); exit(1); diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 7500bcbe5b..7b93f963b4 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -5,7 +5,7 @@ Copyright (C) Volker Lendecke 2005 Copyright (C) Gerald Carter 2006 - + The helpers always consist of three functions: * A request setup function that takes the necessary parameters together @@ -21,12 +21,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -166,7 +166,7 @@ static void lookupsid_recv(TALLOC_CTX *mem_ctx, bool success, /* Try again using the forest root */ struct winbindd_domain *root_domain = find_root_domain(); struct winbindd_request request; - + if ( !root_domain ) { DEBUG(5,("lookupsid_recv: unable to determine forest root\n")); cont(s->caller_private_data, False, NULL, NULL, SID_NAME_UNKNOWN); @@ -491,7 +491,7 @@ void winbindd_listent_async(TALLOC_CTX *mem_ctx, do_async_domain(mem_ctx, domain, &request, listent_recv, (void *)cont, private_data); } - + enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, struct winbindd_cli_state *state) { @@ -509,7 +509,7 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, methods = domain->methods; status = methods->query_user_list(domain, state->mem_ctx, &num_entries, &info); - + if (!NT_STATUS_IS_OK(status)) return WINBINDD_ERROR; @@ -521,7 +521,7 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, +1 for the ',' between group names */ extra_data = (char *)SMB_REALLOC(extra_data, (sizeof(fstring) + 1) * num_entries); - + if (!extra_data) { DEBUG(0,("failed to enlarge buffer!\n")); return WINBINDD_ERROR; @@ -530,12 +530,12 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, /* Pack user list into extra data fields */ for (i = 0; i < num_entries; i++) { fstring acct_name, name; - + if (info[i].acct_name == NULL) fstrcpy(acct_name, ""); else fstrcpy(acct_name, info[i].acct_name); - + fill_domain_username(name, domain->name, acct_name, True); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, strlen(name)); @@ -904,7 +904,7 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, (char *)state->response.extra_data.data)); state->response.length += len+1; } - + return WINBINDD_OK; } @@ -926,7 +926,7 @@ static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, static void gettoken_recvaliases(void *private_data, bool success, const DOM_SID *aliases, size_t num_aliases); - + void winbindd_gettoken_async(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, void (*cont)(void *private_data, bool success, @@ -975,7 +975,7 @@ static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, struct gettoken_state *state = talloc_get_type_abort(private_data, struct gettoken_state); char *sids_str; - + if (!success) { DEBUG(10, ("Could not get domain groups\n")); state->cont(state->private_data, False, NULL, 0); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3c69859731..5f592fc6b7 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1038,7 +1038,7 @@ static bool add_one_dc_unique(TALLOC_CTX *mem_ctx, const char *domain_name, /* Make sure there's no duplicates in the list */ for (i=0; i<*num; i++) - if (addr_equal((struct sockaddr *)&(*dcs)[i].ss, (struct sockaddr *)pss)) + if (sockaddr_equal((struct sockaddr *)&(*dcs)[i].ss, (struct sockaddr *)pss)) return False; *dcs = TALLOC_REALLOC_ARRAY(mem_ctx, *dcs, struct dc_name_ip, (*num)+1); diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 3422fdba1c..7432bda451 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -800,7 +800,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, ("could not get domain sid for domain %s\n", name_domain)); request_error(state); @@ -833,7 +833,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -884,7 +884,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s->state->response.extra_data.data = gr_mem; request_ok(s->state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 9de385e3b3..92ce1f9850 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -67,6 +67,36 @@ void winbind_check_sighup(const char *lfile); void winbind_check_sigterm(bool in_parent); int main(int argc, char **argv, char **envp); +/* The following definitions come from winbindd/winbindd_reqtrans.c */ + +struct async_req *wb_req_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, size_t max_extra_data); +NTSTATUS wb_req_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_request **preq); +struct async_req *wb_req_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_request *wb_req); +NTSTATUS wb_req_write_recv(struct async_req *req); + +struct async_req *wb_resp_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd); +NTSTATUS wb_resp_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp); +struct async_req *wb_resp_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_response *wb_resp); +NTSTATUS wb_resp_write_recv(struct async_req *req); + +struct async_req *wb_trans_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, + struct winbindd_request *wb_req, + struct timeval timeout, + size_t reply_max_extra_data); +NTSTATUS wb_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp); + /* The following definitions come from winbindd/winbindd_ads.c */ diff --git a/source3/winbindd/winbindd_reqtrans.c b/source3/winbindd/winbindd_reqtrans.c new file mode 100644 index 0000000000..ea16c5f81e --- /dev/null +++ b/source3/winbindd/winbindd_reqtrans.c @@ -0,0 +1,685 @@ +/* + Unix SMB/CIFS implementation. + + Async transfer of winbindd_request and _response structs + + Copyright (C) Volker Lendecke 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +struct req_read_state { + struct winbindd_request *wb_req; + struct event_context *ev; + size_t max_extra_data; + int fd; +}; + +static void wb_req_read_len(struct async_req *subreq); +static void wb_req_read_main(struct async_req *subreq); +static void wb_req_read_extra(struct async_req *subreq); + +struct async_req *wb_req_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, size_t max_extra_data) +{ + struct async_req *result, *subreq; + struct req_read_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct req_read_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->max_extra_data = max_extra_data; + state->wb_req = talloc(state, struct winbindd_request); + if (state->wb_req == NULL) { + goto nomem; + } + + subreq = recvall_send(state, ev, state->fd, &(state->wb_req->length), + sizeof(state->wb_req->length), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_req_read_len; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_req_read_len(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_req->length != sizeof(struct winbindd_request)) { + DEBUG(0, ("wb_req_read_len: Invalid request size received: " + "%d (expected %d)\n", (int)state->wb_req->length, + (int)sizeof(struct winbindd_request))); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + subreq = recvall_send( + req, state->ev, state->fd, (uint32 *)(state->wb_req)+1, + sizeof(struct winbindd_request) - sizeof(uint32), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_read_main; + subreq->async.priv = req; +} + +static void wb_req_read_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if ((state->max_extra_data != 0) + && (state->wb_req->extra_len > state->max_extra_data)) { + DEBUG(3, ("Got request with %d bytes extra data on " + "unprivileged socket\n", + (int)state->wb_req->extra_len)); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + if (state->wb_req->extra_len == 0) { + async_req_done(req); + return; + } + + state->wb_req->extra_data.data = TALLOC_ARRAY( + state->wb_req, char, state->wb_req->extra_len + 1); + if (async_req_nomem(state->wb_req->extra_data.data, req)) { + return; + } + + state->wb_req->extra_data.data[state->wb_req->extra_len] = 0; + + subreq = recvall_send( + req, state->ev, state->fd, state->wb_req->extra_data.data, + state->wb_req->extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_read_extra; + subreq->async.priv = req; +} + +static void wb_req_read_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + async_req_done(req); +} + + +NTSTATUS wb_req_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_request **preq) +{ + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *preq = talloc_move(mem_ctx, &state->wb_req); + return NT_STATUS_OK; +} + +struct req_write_state { + struct winbindd_request *wb_req; + struct event_context *ev; + int fd; +}; + +static void wb_req_write_main(struct async_req *subreq); +static void wb_req_write_extra(struct async_req *subreq); + +struct async_req *wb_req_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_request *wb_req) +{ + struct async_req *result, *subreq; + struct req_write_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct req_write_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_req = wb_req; + + subreq = sendall_send(state, state->ev, state->fd, state->wb_req, + sizeof(struct winbindd_request), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_req_write_main; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_req_write_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_write_state *state = talloc_get_type_abort( + req->private_data, struct req_write_state); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_req->extra_len == 0) { + async_req_done(req); + return; + } + + subreq = sendall_send(state, state->ev, state->fd, + state->wb_req->extra_data.data, + state->wb_req->extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_write_extra; + subreq->async.priv = req; +} + +static void wb_req_write_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_req_write_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + +struct resp_read_state { + struct winbindd_response *wb_resp; + struct event_context *ev; + size_t max_extra_data; + int fd; +}; + +static void wb_resp_read_len(struct async_req *subreq); +static void wb_resp_read_main(struct async_req *subreq); +static void wb_resp_read_extra(struct async_req *subreq); + +struct async_req *wb_resp_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd) +{ + struct async_req *result, *subreq; + struct resp_read_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct resp_read_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_resp = talloc(state, struct winbindd_response); + if (state->wb_resp == NULL) { + goto nomem; + } + + subreq = recvall_send(state, ev, state->fd, &(state->wb_resp->length), + sizeof(state->wb_resp->length), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_resp_read_len; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_resp_read_len(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_resp->length < sizeof(struct winbindd_response)) { + DEBUG(0, ("wb_resp_read_len: Invalid response size received: " + "%d (expected at least%d)\n", + (int)state->wb_resp->length, + (int)sizeof(struct winbindd_response))); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + subreq = recvall_send( + req, state->ev, state->fd, (uint32 *)(state->wb_resp)+1, + sizeof(struct winbindd_response) - sizeof(uint32), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_read_main; + subreq->async.priv = req; +} + +static void wb_resp_read_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + size_t extra_len; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + extra_len = state->wb_resp->length - sizeof(struct winbindd_response); + if (extra_len == 0) { + async_req_done(req); + return; + } + + state->wb_resp->extra_data.data = TALLOC_ARRAY( + state->wb_resp, char, extra_len+1); + if (async_req_nomem(state->wb_resp->extra_data.data, req)) { + return; + } + ((char *)state->wb_resp->extra_data.data)[extra_len] = 0; + + subreq = recvall_send( + req, state->ev, state->fd, state->wb_resp->extra_data.data, + extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_read_extra; + subreq->async.priv = req; +} + +static void wb_resp_read_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + async_req_done(req); +} + + +NTSTATUS wb_resp_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp) +{ + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *presp = talloc_move(mem_ctx, &state->wb_resp); + return NT_STATUS_OK; +} + +struct resp_write_state { + struct winbindd_response *wb_resp; + struct event_context *ev; + int fd; +}; + +static void wb_resp_write_main(struct async_req *subreq); +static void wb_resp_write_extra(struct async_req *subreq); + +struct async_req *wb_resp_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_response *wb_resp) +{ + struct async_req *result, *subreq; + struct resp_write_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct resp_write_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_resp = wb_resp; + + subreq = sendall_send(state, state->ev, state->fd, state->wb_resp, + sizeof(struct winbindd_response), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_resp_write_main; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_resp_write_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_write_state *state = talloc_get_type_abort( + req->private_data, struct resp_write_state); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_resp->length == sizeof(struct winbindd_response)) { + async_req_done(req); + return; + } + + subreq = sendall_send( + state, state->ev, state->fd, + state->wb_resp->extra_data.data, + state->wb_resp->length - sizeof(struct winbindd_response), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_write_extra; + subreq->async.priv = req; +} + +static void wb_resp_write_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_resp_write_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + +struct wb_trans_state { + struct event_context *ev; + struct timed_event *te; + int fd; + struct winbindd_response *wb_resp; + size_t reply_max_extra_data; +}; + +static void wb_trans_timeout(struct event_context *ev, struct timed_event *te, + const struct timeval *now, void *priv); +static void wb_trans_sent(struct async_req *req); +static void wb_trans_received(struct async_req *req); + +struct async_req *wb_trans_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, + struct winbindd_request *wb_req, + struct timeval timeout, + size_t reply_max_extra_data) +{ + struct async_req *result, *subreq; + struct wb_trans_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct wb_trans_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->ev = ev; + state->fd = fd; + state->reply_max_extra_data = reply_max_extra_data; + + state->te = event_add_timed( + ev, state, + timeval_current_ofs(timeout.tv_sec, timeout.tv_usec), + "wb_trans_timeout", wb_trans_timeout, result); + if (state->te == NULL) { + goto nomem; + } + + subreq = wb_req_write_send(state, state->ev, state->fd, wb_req); + if (subreq == NULL) { + goto nomem; + } + subreq->async.fn = wb_trans_sent; + subreq->async.priv = result; + + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_trans_timeout(struct event_context *ev, struct timed_event *te, + const struct timeval *now, void *priv) +{ + struct async_req *req = talloc_get_type_abort( + priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + + TALLOC_FREE(state->te); + async_req_error(req, NT_STATUS_IO_TIMEOUT); +} + +static void wb_trans_sent(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + status = wb_req_write_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + subreq = wb_resp_read_send(state, state->ev, state->fd); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_trans_received; + subreq->async.priv = req; +}; + +static void wb_trans_received(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + TALLOC_FREE(state->te); + + status = wb_resp_read_recv(subreq, state, &state->wb_resp); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp) +{ + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *presp = talloc_move(mem_ctx, &state->wb_resp); + return NT_STATUS_OK; +} + +struct wb_trans_queue_state { + struct wb_trans_queue_state *prev, *next; + struct wb_trans_queue *queue; + struct winbindd_request *req; +}; + +struct wb_trans_queue { + int fd; + struct timeval timeout; + size_t max_resp_extra_data; + struct wb_trans_queue_state *queued_requests; +}; diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index e5d0a22a73..fd1fdd3699 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -456,7 +456,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, ("could not find domain entry for domain %s. " diff --git a/source4/auth/auth.h b/source4/auth/auth.h index af9ed52f78..360da50f70 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -204,7 +204,8 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs); + const char *name_for_logs, + bool allow_domain_trust); struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index d1be5b6e30..384d342e00 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -262,7 +262,8 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, msgs[0], msgs_domain_ref[0], user_info->workstation_name, - user_info->mapped.account_name); + user_info->mapped.account_name, + false); return nt_status; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index f6a998ae0f..4b848cffe0 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -144,7 +144,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs) + const char *name_for_logs, + bool allow_domain_trust) { uint16_t acct_flags; const char *workstation_list; @@ -231,11 +232,12 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_LOGON_HOURS; } - if (acct_flags & ACB_DOMTRUST) { - DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs)); - return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + if (!allow_domain_trust) { + if (acct_flags & ACB_DOMTRUST) { + DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } } - if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) { if (acct_flags & ACB_SVRTRUST) { DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs)); diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6acbf45afd..97179a8126 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -417,6 +417,32 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) } } +static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *req) +{ + enum security_user_level user_type; + + /* allow everybody to read the sequence number */ + if (strcmp(req->op.extended.oid, + LDB_EXTENDED_SEQUENCE_NUMBER) == 0) { + return ldb_next_request(module, req); + } + + user_type = what_is_user(module); + + switch (user_type) { + case SECURITY_SYSTEM: + case SECURITY_ADMINISTRATOR: + return ldb_next_request(module, req); + default: + ldb_asprintf_errstring(module->ldb, + "kludge_acl_change: " + "attempted database modify not permitted. " + "User %s is not SYSTEM or an administrator", + user_name(req, module)); + return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; + } +} + static int kludge_acl_init(struct ldb_module *module) { int ret, i; @@ -494,6 +520,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_kludge_acl_module_ops = { .modify = kludge_acl_change, .del = kludge_acl_change, .rename = kludge_acl_change, - .extended = kludge_acl_change, + .extended = kludge_acl_extended, .init_context = kludge_acl_init }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index cef1bf79f7..1707baba58 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1641,7 +1641,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); - if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { + if ((!sambaAttr) && (!clearTextPasswordAttr) && (!ntAttr) && (!lmAttr)) { return ldb_next_request(module, req); } diff --git a/source4/headermap.txt b/source4/headermap.txt index b6edaac414..c906282a31 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -50,7 +50,7 @@ rpc_server/dcerpc_server.h: dcerpc_server.h rpc_server/common/common.h: dcerpc_server/common.h libcli/auth/credentials.h: domain_credentials.h ../lib/util/charset/charset.h: charset.h -libcli/ldap/ldap.h: ldap.h +libcli/ldap/ldap.h: ldap-util.h ../lib/torture/torture.h: torture.h libcli/libcli.h: client.h librpc/gen_ndr/nbt.h: gen_ndr/nbt.h diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 3f1c1fc63e..74bec85d02 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -270,13 +270,14 @@ krb5_error_code samba_kdc_check_client_access(void *priv, } } + /* we allow all kinds of trusts here */ nt_status = authsam_account_ok(tmp_ctx, private->samdb, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, private->msg, private->realm_ref_msg, workstation, - name); + name, true); free(name); if (NT_STATUS_IS_OK(nt_status)) diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 29af7fafe8..10c728662d 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -29,7 +29,7 @@ before calling, the out blob must be initialised to be the same size as the in blob */ -static void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, +void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, bool forward) { int i, k; diff --git a/source4/libcli/resolve/bcast.c b/source4/libcli/resolve/bcast.c index ca78a2ce43..0a71ebed99 100644 --- a/source4/libcli/resolve/bcast.c +++ b/source4/libcli/resolve/bcast.c @@ -73,9 +73,10 @@ struct composite_context *resolve_name_bcast_send(TALLOC_CTX *mem_ctx, broadcast name resolution method - recv side */ NTSTATUS resolve_name_bcast_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, const char **reply_addr) + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs) { - NTSTATUS status = resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + NTSTATUS status = resolve_name_nbtlist_recv(c, mem_ctx, addrs); if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { /* this makes much more sense for a bcast name resolution timeout */ @@ -92,7 +93,7 @@ NTSTATUS resolve_name_bcast(struct nbt_name *name, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout, - const char **reply_addr) + struct socket_address ***addrs) { struct resolve_bcast_data *data = talloc(mem_ctx, struct resolve_bcast_data); struct composite_context *c; @@ -101,7 +102,7 @@ NTSTATUS resolve_name_bcast(struct nbt_name *name, data->nbt_timeout = nbt_timeout; c = resolve_name_bcast_send(mem_ctx, NULL, data, name); - return resolve_name_bcast_recv(c, mem_ctx, reply_addr); + return resolve_name_bcast_recv(c, mem_ctx, addrs); } bool resolve_context_add_bcast_method(struct resolve_context *ctx, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout) diff --git a/source4/libcli/resolve/host.c b/source4/libcli/resolve/host.c index 7d779b0678..7b1aef803e 100644 --- a/source4/libcli/resolve/host.c +++ b/source4/libcli/resolve/host.c @@ -32,13 +32,14 @@ #include "lib/events/events.h" #include "system/network.h" #include "system/filesys.h" +#include "lib/socket/socket.h" #include "libcli/composite/composite.h" #include "librpc/gen_ndr/ndr_nbt.h" #include "libcli/resolve/resolve.h" struct host_state { struct nbt_name name; - const char *reply_addr; + struct socket_address **addrs; pid_t child; int child_fd; struct fd_event *fde; @@ -95,7 +96,6 @@ static void pipe_handler(struct event_context *ev, struct fd_event *fde, struct host_state *state = talloc_get_type(c->private_data, struct host_state); char address[128]; int ret; - pid_t child = state->child; int status; /* if we get any event from the child then we know that we @@ -125,8 +125,15 @@ static void pipe_handler(struct event_context *ev, struct fd_event *fde, return; } - state->reply_addr = talloc_strdup(state, address); - if (composite_nomem(state->reply_addr, c)) return; + state->addrs = talloc_array(state, struct socket_address *, 2); + if (composite_nomem(state->addrs, c)) return; + + state->addrs[0] = socket_address_from_strings(state->addrs, + "ipv4", + address, + 0); + if (composite_nomem(state->addrs[0], c)) return; + state->addrs[1] = NULL; composite_done(c); } @@ -200,7 +207,8 @@ struct composite_context *resolve_name_host_send(TALLOC_CTX *mem_ctx, gethostbyname name resolution method - recv side */ NTSTATUS resolve_name_host_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, const char **reply_addr) + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs) { NTSTATUS status; @@ -208,7 +216,7 @@ NTSTATUS resolve_name_host_recv(struct composite_context *c, if (NT_STATUS_IS_OK(status)) { struct host_state *state = talloc_get_type(c->private_data, struct host_state); - *reply_addr = talloc_steal(mem_ctx, state->reply_addr); + *addrs = talloc_steal(mem_ctx, state->addrs); } talloc_free(c); @@ -220,10 +228,10 @@ NTSTATUS resolve_name_host_recv(struct composite_context *c, */ NTSTATUS resolve_name_host(struct nbt_name *name, TALLOC_CTX *mem_ctx, - const char **reply_addr) + struct socket_address ***addrs) { struct composite_context *c = resolve_name_host_send(mem_ctx, NULL, NULL, name); - return resolve_name_host_recv(c, mem_ctx, reply_addr); + return resolve_name_host_recv(c, mem_ctx, addrs); } bool resolve_context_add_host_method(struct resolve_context *ctx) diff --git a/source4/libcli/resolve/nbtlist.c b/source4/libcli/resolve/nbtlist.c index ec4cfb81b4..9c53fcb7ec 100644 --- a/source4/libcli/resolve/nbtlist.c +++ b/source4/libcli/resolve/nbtlist.c @@ -26,6 +26,7 @@ #include "includes.h" #include "libcli/composite/composite.h" #include "system/network.h" +#include "lib/socket/socket.h" #include "lib/socket/netif.h" #include "librpc/gen_ndr/ndr_nbt.h" #include "../libcli/nbt/libnbt.h" @@ -38,7 +39,7 @@ struct nbtlist_state { int num_queries; struct nbt_name_request **queries; struct nbt_name_query *io_queries; - const char *reply_addr; + struct socket_address **addrs; struct interface *ifaces; }; @@ -71,25 +72,23 @@ static void nbtlist_handler(struct nbt_name_request *req) talloc_free(state->nbtsock); if (!composite_is_ok(c)) return; - if (state->io_queries[i].out.num_addrs < 1) { + if (q->out.num_addrs < 1) { composite_error(c, NT_STATUS_UNEXPECTED_NETWORK_ERROR); return; } - /* favor a local address if possible */ - state->reply_addr = NULL; - for (i=0;i<q->out.num_addrs;i++) { - if (iface_is_local(state->ifaces, q->out.reply_addrs[i])) { - state->reply_addr = talloc_steal(state, - q->out.reply_addrs[i]); - break; - } - } + state->addrs = talloc_array(state, struct socket_address *, + q->out.num_addrs + 1); + if (composite_nomem(state->addrs, c)) return; - if (state->reply_addr == NULL) { - state->reply_addr = talloc_steal(state, - q->out.reply_addrs[0]); + for (i=0;i<q->out.num_addrs;i++) { + state->addrs[i] = socket_address_from_strings(state->addrs, + "ipv4", + q->out.reply_addrs[i], + 0); + if (composite_nomem(state->addrs[i], c)) return; } + state->addrs[i] = NULL; composite_done(c); } @@ -180,7 +179,8 @@ struct composite_context *resolve_name_nbtlist_send(TALLOC_CTX *mem_ctx, nbt list of addresses name resolution method - recv side */ NTSTATUS resolve_name_nbtlist_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, const char **reply_addr) + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs) { NTSTATUS status; @@ -188,7 +188,7 @@ NTSTATUS resolve_name_nbtlist_recv(struct composite_context *c, if (NT_STATUS_IS_OK(status)) { struct nbtlist_state *state = talloc_get_type(c->private_data, struct nbtlist_state); - *reply_addr = talloc_steal(mem_ctx, state->reply_addr); + *addrs = talloc_steal(mem_ctx, state->addrs); } talloc_free(c); @@ -205,13 +205,13 @@ NTSTATUS resolve_name_nbtlist(struct nbt_name *name, uint16_t nbt_port, int nbt_timeout, bool broadcast, bool wins_lookup, - const char **reply_addr) + struct socket_address ***addrs) { struct composite_context *c = resolve_name_nbtlist_send(mem_ctx, NULL, name, address_list, ifaces, nbt_port, nbt_timeout, broadcast, wins_lookup); - return resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + return resolve_name_nbtlist_recv(c, mem_ctx, addrs); } diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c index f57f231bc0..7d1c48cbee 100644 --- a/source4/libcli/resolve/resolve.c +++ b/source4/libcli/resolve/resolve.c @@ -26,6 +26,7 @@ #include "libcli/resolve/resolve.h" #include "librpc/gen_ndr/ndr_nbt.h" #include "system/network.h" +#include "lib/socket/socket.h" #include "../lib/util/dlinklist.h" struct resolve_state { @@ -33,7 +34,7 @@ struct resolve_state { struct resolve_method *method; struct nbt_name name; struct composite_context *creq; - const char *reply_addr; + struct socket_address **addrs; }; static struct composite_context *setup_next_method(struct composite_context *c); @@ -83,7 +84,7 @@ static void resolve_handler(struct composite_context *creq) struct resolve_state *state = talloc_get_type(c->private_data, struct resolve_state); const struct resolve_method *method = state->method; - c->status = method->recv_fn(creq, state, &state->reply_addr); + c->status = method->recv_fn(creq, state, &state->addrs); if (!NT_STATUS_IS_OK(c->status)) { state->method = state->method->next; @@ -128,9 +129,9 @@ static struct composite_context *setup_next_method(struct composite_context *c) /* general name resolution - async send */ -struct composite_context *resolve_name_send(struct resolve_context *ctx, - struct nbt_name *name, - struct event_context *event_ctx) +struct composite_context *resolve_name_all_send(struct resolve_context *ctx, + struct nbt_name *name, + struct event_context *event_ctx) { struct composite_context *c; struct resolve_state *state; @@ -157,8 +158,13 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, if (is_ipaddress(state->name.name) || strcasecmp(state->name.name, "localhost") == 0) { struct in_addr ip = interpret_addr2(state->name.name); - state->reply_addr = talloc_strdup(state, inet_ntoa(ip)); - if (composite_nomem(state->reply_addr, c)) return c; + + state->addrs = talloc_array(state, struct socket_address *, 2); + if (composite_nomem(state->addrs, c)) return c; + state->addrs[0] = socket_address_from_strings(state->addrs, "ipv4", + inet_ntoa(ip), 0); + if (composite_nomem(state->addrs[0], c)) return c; + state->addrs[1] = NULL; composite_done(c); return c; } @@ -177,8 +183,9 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, /* general name resolution method - recv side */ -NTSTATUS resolve_name_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, const char **reply_addr) +NTSTATUS resolve_name_all_recv(struct composite_context *c, + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs) { NTSTATUS status; @@ -186,7 +193,7 @@ NTSTATUS resolve_name_recv(struct composite_context *c, if (NT_STATUS_IS_OK(status)) { struct resolve_state *state = talloc_get_type(c->private_data, struct resolve_state); - *reply_addr = talloc_steal(mem_ctx, state->reply_addr); + *addrs = talloc_steal(mem_ctx, state->addrs); } talloc_free(c); @@ -196,9 +203,50 @@ NTSTATUS resolve_name_recv(struct composite_context *c, /* general name resolution - sync call */ -NTSTATUS resolve_name(struct resolve_context *ctx, struct nbt_name *name, TALLOC_CTX *mem_ctx, const char **reply_addr, struct event_context *ev) +NTSTATUS resolve_all_name(struct resolve_context *ctx, + struct nbt_name *name, + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs, + struct event_context *ev) +{ + struct composite_context *c = resolve_name_all_send(ctx, name, ev); + return resolve_name_all_recv(c, mem_ctx, addrs); +} + +struct composite_context *resolve_name_send(struct resolve_context *ctx, + struct nbt_name *name, + struct event_context *event_ctx) +{ + return resolve_name_all_send(ctx, name, event_ctx); +} + +NTSTATUS resolve_name_recv(struct composite_context *c, + TALLOC_CTX *mem_ctx, + const char **reply_addr) +{ + NTSTATUS status; + struct socket_address **addrs = NULL; + + status = resolve_name_all_recv(c, mem_ctx, &addrs); + + if (NT_STATUS_IS_OK(status)) { + *reply_addr = talloc_steal(mem_ctx, addrs[0]->addr); + talloc_free(addrs); + } + + return status; +} + +/* + general name resolution - sync call + */ +NTSTATUS resolve_name(struct resolve_context *ctx, + struct nbt_name *name, + TALLOC_CTX *mem_ctx, + const char **reply_addr, + struct event_context *ev) { - struct composite_context *c = resolve_name_send(ctx, name, ev); + struct composite_context *c = resolve_name_send(ctx, name, ev); return resolve_name_recv(c, mem_ctx, reply_addr); } diff --git a/source4/libcli/resolve/resolve.h b/source4/libcli/resolve/resolve.h index 22de146c99..01fc930fce 100644 --- a/source4/libcli/resolve/resolve.h +++ b/source4/libcli/resolve/resolve.h @@ -22,9 +22,16 @@ #ifndef __RESOLVE_H__ #define __RESOLVE_H__ +struct socket_address; + #include "../libcli/nbt/libnbt.h" -typedef struct composite_context *(*resolve_name_send_fn)(TALLOC_CTX *mem_ctx, struct event_context *, void *privdata, struct nbt_name *); -typedef NTSTATUS (*resolve_name_recv_fn)(struct composite_context *, TALLOC_CTX *, const char **); +typedef struct composite_context *(*resolve_name_send_fn)(TALLOC_CTX *mem_ctx, + struct event_context *, + void *privdata, + struct nbt_name *); +typedef NTSTATUS (*resolve_name_recv_fn)(struct composite_context *creq, + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs); #include "libcli/resolve/proto.h" struct interface; #include "libcli/resolve/lp_proto.h" diff --git a/source4/libcli/resolve/testsuite.c b/source4/libcli/resolve/testsuite.c index 73a8c841bb..34de1158a5 100644 --- a/source4/libcli/resolve/testsuite.c +++ b/source4/libcli/resolve/testsuite.c @@ -43,7 +43,7 @@ static bool test_async_resolve(struct torture_context *tctx) torture_comment(tctx, "Testing async resolve of '%s' for %d seconds\n", host, timelimit); while (timeval_elapsed(&tv) < timelimit) { - const char *s; + struct socket_address **s; struct composite_context *c = resolve_name_host_send(mem_ctx, ev, NULL, &n); torture_assert(tctx, c != NULL, "resolve_name_host_send"); torture_assert_ntstatus_ok(tctx, resolve_name_host_recv(c, mem_ctx, &s), diff --git a/source4/libcli/resolve/wins.c b/source4/libcli/resolve/wins.c index f787d52d31..ae142f7054 100644 --- a/source4/libcli/resolve/wins.c +++ b/source4/libcli/resolve/wins.c @@ -23,6 +23,7 @@ #include "../libcli/nbt/libnbt.h" #include "libcli/resolve/resolve.h" #include "param/param.h" +#include "lib/socket/socket.h" #include "lib/socket/netif.h" struct resolve_wins_data { @@ -50,9 +51,10 @@ struct composite_context *resolve_name_wins_send( wins name resolution method - recv side */ NTSTATUS resolve_name_wins_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, const char **reply_addr) + TALLOC_CTX *mem_ctx, + struct socket_address ***addrs) { - return resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + return resolve_name_nbtlist_recv(c, mem_ctx, addrs); } /* @@ -64,7 +66,7 @@ NTSTATUS resolve_name_wins(struct nbt_name *name, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout, - const char **reply_addr) + struct socket_address ***addrs) { struct composite_context *c; struct resolve_wins_data *wins_data = talloc(mem_ctx, struct resolve_wins_data); @@ -73,7 +75,7 @@ NTSTATUS resolve_name_wins(struct nbt_name *name, wins_data->nbt_port = nbt_port; wins_data->nbt_timeout = nbt_timeout; c = resolve_name_wins_send(mem_ctx, NULL, wins_data, name); - return resolve_name_wins_recv(c, mem_ctx, reply_addr); + return resolve_name_wins_recv(c, mem_ctx, addrs); } bool resolve_context_add_wins_method(struct resolve_context *ctx, const char **address_list, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout) diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c index 1a7519e362..d8a83f2abb 100644 --- a/source4/libcli/security/dom_sid.c +++ b/source4/libcli/security/dom_sid.c @@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr) return NULL; } - ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths); - if (!ret->sub_auths) { - return NULL; - } - ret->sid_rev_num = rev; ret->id_auth[0] = 0; ret->id_auth[1] = 0; @@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid) return NULL; } - ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths); - if (!ret->sub_auths) { - return NULL; - } - ret->sid_rev_num = dom_sid->sid_rev_num; ret->id_auth[0] = dom_sid->id_auth[0]; ret->id_auth[1] = dom_sid->id_auth[1]; @@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid) /* add a rid to a domain dom_sid to make a full dom_sid. This function - returns a new sid in the suppplied memory context + returns a new sid in the supplied memory context */ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, @@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, *sid = *domain_sid; - sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1); - if (!sid->sub_auths) { - return NULL; - } - memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t)); sid->sub_auths[sid->num_auths] = rid; sid->num_auths++; diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index 09522f182a..a8d893f085 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char return false; } ace->trustee = *sid; - talloc_steal(mem_ctx, sid->sub_auths); talloc_free(sid); return true; diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index 882284dd9b..2bce8e8b08 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx, goto failed; } - /* remapping array in trustee dom_sid from old acl to new acl */ - - for (i = 0; i < oacl->num_aces; i++) { - nacl->aces[i].trustee.sub_auths = - (uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths, - sizeof(uint32_t) * nacl->aces[i].trustee.num_auths); - - if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) { - goto failed; - } - } - nacl->revision = oacl->revision; nacl->size = oacl->size; nacl->num_aces = oacl->num_aces; @@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd, } acl->aces[acl->num_aces] = *ace; - acl->aces[acl->num_aces].trustee.sub_auths = - (uint32_t *)talloc_memdup(acl->aces, - acl->aces[acl->num_aces].trustee.sub_auths, - sizeof(uint32_t) * - acl->aces[acl->num_aces].trustee.num_auths); - if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) { - return NT_STATUS_NO_MEMORY; - } switch (acl->aces[acl->num_aces].type) { case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 80de6134b5..c2db219a06 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -360,7 +360,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA /* prepare samr_SetUserInfo2 level 25 */ ZERO_STRUCT(u_info); u_info.info25.info = *r->samr_handle.in.info21; - u_info.info25.info.fields_present |= SAMR_FIELD_PASSWORD; + u_info.info25.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT; encode_pw_buffer(u_info.info25.password.data, r->samr_handle.in.newpassword, STR_UNICODE); status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key); @@ -451,7 +451,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA /* prepare samr_SetUserInfo2 level 23 */ ZERO_STRUCT(u_info); u_info.info23.info = *r->samr_handle.in.info21; - u_info.info23.info.fields_present |= SAMR_FIELD_PASSWORD; + u_info.info23.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT; encode_pw_buffer(u_info.info23.password.data, r->samr_handle.in.newpassword, STR_UNICODE); status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key); diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 97da760832..65c473779f 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ ../librpc/ndr/ndr_sec_helper.o \ - $(gen_ndrsrcdir)/ndr_dom_sid.o \ - $(ndrsrcdir)/ndr_dom_sid.o + $(gen_ndrsrcdir)/ndr_dom_sid.o -PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h) +PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h) [SUBSYSTEM::NDR_AUDIOSRV] @@ -448,6 +447,11 @@ PUBLIC_DEPENDENCIES = dcerpc NDR_UNIXINFO RPC_NDR_UNIXINFO_OBJ_FILES = $(gen_ndrsrcdir)/ndr_unixinfo_c.o +[SUBSYSTEM::RPC_NDR_BROWSER] +PUBLIC_DEPENDENCIES = dcerpc NDR_BROWSER + +RPC_NDR_BROWSER_OBJ_FILES = $(gen_ndrsrcdir)/ndr_browser_c.o + [SUBSYSTEM::RPC_NDR_IRPC] PUBLIC_DEPENDENCIES = dcerpc NDR_IRPC @@ -732,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o -[PYTHON::python_dcerpc_dom_sid] -LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc - -python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o - [PYTHON::python_dcerpc_security] LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc +PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl index 80df11dbfe..172dda4fae 100644 --- a/source4/librpc/idl/dom_sid.idl +++ b/source4/librpc/idl/dom_sid.idl @@ -1,42 +1,12 @@ -/* - use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really - just a dom sid, but with the sub_auths represented as a conformant - array. As with all in-structure conformant arrays, the array length - is placed before the start of the structure. That's what gives rise - to the extra num_auths elemenent. We don't want the Samba code to - have to bother with such esoteric NDR details, so its easier to just - define it as a dom_sid and use pidl magic to make it all work. It - just means you need to mark a sid as a "dom_sid2" in the IDL when you - know it is of the conformant array variety -*/ -cpp_quote("#define dom_sid2 dom_sid") - -/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ -cpp_quote("#define dom_sid28 dom_sid") - -/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ -cpp_quote("#define dom_sid0 dom_sid") - [ pointer_default(unique) ] interface dom_sid { - /* a domain SID. Note that unlike Samba3 this contains a pointer, - so you can't copy them using assignment */ - typedef [public,gensize,noprint,noejs,nosize] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[num_auths]; - } dom_sid; - /* id used to identify a endpoint, possibly in a cluster */ typedef [public] struct { hyper id; uint32 id2; uint32 node; } server_id; - } - diff --git a/source4/librpc/idl/irpc.idl b/source4/librpc/idl/irpc.idl index e3ea7e55e1..41787355a9 100644 --- a/source4/librpc/idl/irpc.idl +++ b/source4/librpc/idl/irpc.idl @@ -14,7 +14,7 @@ import "misc.idl", "security.idl", "nbt.idl"; IRPC_FLAG_REPLY = 0x0001 } irpc_flags; - typedef [public,noejs] struct { + typedef [public] struct { GUID uuid; uint32 if_version; uint32 callnum; @@ -65,17 +65,17 @@ import "misc.idl", "security.idl", "nbt.idl"; [out,unique] astring *dcname ); - typedef [noejs] struct { + typedef struct { ipv4address addr; } nbtd_proxy_wins_addr; - [noejs] void nbtd_proxy_wins_challenge( + void nbtd_proxy_wins_challenge( [in] nbt_name name, [in,out] uint32 num_addrs, [in,out] nbtd_proxy_wins_addr addrs[num_addrs] ); - [noejs] void nbtd_proxy_wins_release_demand( + void nbtd_proxy_wins_release_demand( [in] nbt_name name, [in] uint32 num_addrs, [in] nbtd_proxy_wins_addr addrs[num_addrs] diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c deleted file mode 100644 index b986231b4f..0000000000 --- a/source4/librpc/ndr/ndr_dom_sid.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - Copyright (C) Stefan Metzmacher 2006-2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" -#include "libcli/security/security.h" - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } else if (sid->num_auths == 0 && sid->sub_auths) { - talloc_free(sid->sub_auths); - sid->sub_auths = NULL; - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c new file mode 100644 index 0000000000..6888f14375 --- /dev/null +++ b/source4/librpc/ndr/py_security.c @@ -0,0 +1,58 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "libcli/security/security.h" + +static PyObject *py_dom_sid_eq(PyObject *self, PyObject *args) +{ + struct dom_sid *this = py_talloc_get_ptr(self), *other; + PyObject *py_other; + + if (!PyArg_ParseTuple(args, "O", &py_other)) + return NULL; + + other = py_talloc_get_type(py_other, struct dom_sid); + if (other == NULL) + return Py_False; + + return dom_sid_equal(this, other)?Py_True:Py_False; +} + +static PyObject *py_dom_sid_str(PyObject *self) +{ + struct dom_sid *this = py_talloc_get_ptr(self); + char *str = dom_sid_string(NULL, this); + PyObject *ret = PyString_FromString(str); + talloc_free(str); + return ret; +} + +static PyObject *py_dom_sid_repr(PyObject *self) +{ + struct dom_sid *this = py_talloc_get_ptr(self); + char *str = dom_sid_string(NULL, this); + PyObject *ret = PyString_FromFormat("dom_sid('%s')", str); + talloc_free(str); + return ret; +} + +#define PY_DOM_SID_REPR py_dom_sid_repr + +#define PY_DOM_SID_EXTRA_METHODS \ + { "__eq__", (PyCFunction)py_dom_sid_eq, METH_VARARGS, "S.__eq__(x) -> S == x" }, \ + { "__str__", (PyCFunction)py_dom_sid_str, METH_NOARGS, "S.__str__() -> str(S)" }, \ diff --git a/source4/ntp_signd/README b/source4/ntp_signd/README new file mode 100644 index 0000000000..585459b7cb --- /dev/null +++ b/source4/ntp_signd/README @@ -0,0 +1,7 @@ +Here are some pointers to the needed ntp version. + +https://support.ntp.org/bugs/show_bug.cgi?id=1028 + +The patch against ntp-dev-4.2.5p125 +https://support.ntp.org/bugs/attachment.cgi?id=457 + diff --git a/source4/ntp_signd/ntp-dev-4.2.5p125.diff b/source4/ntp_signd/ntp-dev-4.2.5p125.diff new file mode 100644 index 0000000000..40669fb3cc --- /dev/null +++ b/source4/ntp_signd/ntp-dev-4.2.5p125.diff @@ -0,0 +1,579 @@ +Only in ntp-samba: autom4te.cache +Only in ntp-samba: config.h +Only in ntp-samba: config.log +Only in ntp-samba: config.status +Only in ntp-samba/ElectricFence: .deps +Only in ntp-samba/ElectricFence: Makefile +Only in ntp-samba: .gcc-warning +Only in ntp-samba/include/isc: Makefile +Only in ntp-samba/include: Makefile +diff -ur ntp-dev-4.2.5p125/include/ntp_config.h ntp-samba/include/ntp_config.h +--- ntp-dev-4.2.5p125/include/ntp_config.h 2008-07-17 07:20:58.000000000 +1000 ++++ ntp-samba/include/ntp_config.h 2008-08-28 21:59:06.000000000 +1000 +@@ -92,6 +92,7 @@ + int requested_key; + int revoke; + queue *trusted_key_list; ++ char *ntp_signd_socket; + }; + + struct filegen_node { +diff -ur ntp-dev-4.2.5p125/include/ntpd.h ntp-samba/include/ntpd.h +--- ntp-dev-4.2.5p125/include/ntpd.h 2008-05-18 21:11:28.000000000 +1000 ++++ ntp-samba/include/ntpd.h 2008-08-28 21:59:06.000000000 +1000 +@@ -259,6 +259,8 @@ + extern int config_priority; + #endif + ++extern char const *ntp_signd_socket; ++ + /* ntp_control.c */ + extern int num_ctl_traps; + extern keyid_t ctl_auth_keyid; /* keyid used for authenticating write requests */ +@@ -471,3 +473,15 @@ + extern struct refclock *refclock_conf[]; /* refclock configuration table */ + extern u_char num_refclock_conf; + #endif ++ ++/* ntp_signd.c */ ++#ifdef HAVE_NTP_SIGND ++extern void ++send_via_ntp_signd( ++ struct recvbuf *rbufp, /* receive packet pointer */ ++ int xmode, ++ keyid_t xkeyid, ++ int flags, ++ struct pkt *xpkt ++ ); ++#endif +diff -ur ntp-dev-4.2.5p125/include/ntp.h ntp-samba/include/ntp.h +--- ntp-dev-4.2.5p125/include/ntp.h 2008-08-10 22:37:56.000000000 +1000 ++++ ntp-samba/include/ntp.h 2008-08-28 21:59:06.000000000 +1000 +@@ -447,6 +447,7 @@ + #ifdef OPENSSL + #define FLAG_ASSOC 0x4000 /* autokey request */ + #endif /* OPENSSL */ ++#define FLAG_ADKEY 0x00010000 /* Authenticated (or wants reply to be authenticated) using AD authentication */ + + /* + * Definitions for the clear() routine. We use memset() to clear +Only in ntp-samba/include: ntp.h.orig +Only in ntp-samba: libtool +Only in ntp-samba: Makefile +diff -ur ntp-dev-4.2.5p125/ntpd/Makefile.am ntp-samba/ntpd/Makefile.am +--- ntp-dev-4.2.5p125/ntpd/Makefile.am 2008-05-18 21:11:29.000000000 +1000 ++++ ntp-samba/ntpd/Makefile.am 2008-08-28 21:59:06.000000000 +1000 +@@ -65,7 +65,7 @@ + ntp_crypto.c ntp_filegen.c \ + ntp_intres.c ntp_loopfilter.c ntp_monitor.c ntp_peer.c \ + ntp_proto.c ntp_refclock.c ntp_request.c \ +- ntp_restrict.c ntp_timer.c ntp_util.c \ ++ ntp_restrict.c ntp_timer.c ntp_util.c ntp_signd.c \ + ppsapi_timepps.h \ + refclock_acts.c refclock_arbiter.c refclock_arc.c refclock_as2201.c \ + refclock_atom.c refclock_bancomm.c refclock_chronolog.c \ +diff -ur ntp-dev-4.2.5p125/ntpd/ntp_config.c ntp-samba/ntpd/ntp_config.c +--- ntp-dev-4.2.5p125/ntpd/ntp_config.c 2008-08-10 22:37:54.000000000 +1000 ++++ ntp-samba/ntpd/ntp_config.c 2008-08-28 22:03:52.000000000 +1000 +@@ -148,6 +148,7 @@ + #endif + + const char *config_file; ++const char *ntp_signd_socket; + #ifdef HAVE_NETINFO + struct netinfo_config_state *config_netinfo = NULL; + int check_netinfo = 1; +@@ -276,6 +277,11 @@ + my_config.auth.crypto_cmd_list = NULL; + my_config.auth.keys = NULL; + my_config.auth.keysdir = NULL; ++#ifdef NTP_SIGND_PATH ++ my_config.auth.ntp_signd_socket = NTP_SIGND_PATH; ++#else ++ my_config.auth.ntp_signd_socket = NULL; ++#endif + my_config.auth.requested_key = 0; + my_config.auth.revoke = 0; + my_config.auth.trusted_key_list = NULL; +@@ -795,6 +801,7 @@ + { "crypto", T_Crypto, NO_ARG }, + { "keys", T_Keys, SINGLE_ARG }, + { "keysdir", T_Keysdir, SINGLE_ARG }, ++ { "ntpsigndsocket", T_NtpSignDsocket, SINGLE_ARG }, + { "requestkey", T_Requestkey, NO_ARG }, + { "revoke", T_Revoke, NO_ARG }, + { "trustedkey", T_Trustedkey, NO_ARG }, +@@ -1000,6 +1007,10 @@ + if (my_config.auth.keysdir) + keysdir = my_config.auth.keysdir; + ++ /* ntp_signd_socket Command */ ++ if (my_config.auth.ntp_signd_socket) ++ ntp_signd_socket = my_config.auth.ntp_signd_socket; ++ + #ifdef OPENSSL + if (cryptosw) { + crypto_setup(); +Only in ntp-samba/ntpd: ntp_config.c~ +Only in ntp-samba/ntpd: ntp_config.c.orig +diff -ur ntp-dev-4.2.5p125/ntpd/ntp_parser.y ntp-samba/ntpd/ntp_parser.y +--- ntp-dev-4.2.5p125/ntpd/ntp_parser.y 2008-07-17 07:21:06.000000000 +1000 ++++ ntp-samba/ntpd/ntp_parser.y 2008-08-28 21:59:06.000000000 +1000 +@@ -155,6 +155,7 @@ + %token T_Novolley + %token T_Ntp + %token T_Ntpport ++%token T_NtpSignDsocket + %token T_Orphan + %token T_Panic + %token T_Peer +@@ -432,6 +433,8 @@ + { my_config.auth.requested_key = $2; } + | T_Trustedkey integer_list + { my_config.auth.trusted_key_list = $2; } ++ | T_NtpSignDsocket T_String ++ { my_config.auth.ntp_signd_socket = $2; } + ; + + crypto_command_line +diff -ur ntp-dev-4.2.5p125/ntpd/ntp_proto.c ntp-samba/ntpd/ntp_proto.c +--- ntp-dev-4.2.5p125/ntpd/ntp_proto.c 2008-07-17 07:21:02.000000000 +1000 ++++ ntp-samba/ntpd/ntp_proto.c 2008-08-28 21:59:06.000000000 +1000 +@@ -128,7 +128,7 @@ + static void clock_combine (struct peer **, int); + static void peer_xmit (struct peer *); + static void fast_xmit (struct recvbuf *, int, keyid_t, +- char *); ++ char *, int); + static void clock_update (struct peer *); + static int default_get_precision (void); + static int peer_unfit (struct peer *); +@@ -311,6 +311,7 @@ + int authlen; /* offset of MAC field */ + int is_authentic = 0; /* cryptosum ok */ + int retcode = AM_NOMATCH; /* match code */ ++ int flags = 0; /* flags with details about the authentication */ + keyid_t skeyid = 0; /* key IDs */ + u_int32 opcode = 0; /* extension field opcode */ + struct sockaddr_storage *dstadr_sin; /* active runway */ +@@ -324,6 +325,8 @@ + keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */ + #endif /* OPENSSL */ + ++ static unsigned char zero_key[16]; ++ + /* + * Monitor the packet and get restrictions. Note that the packet + * length for control and private mode packets must be checked +@@ -480,9 +483,9 @@ + return; /* rate exceeded */ + + if (hismode == MODE_CLIENT) +- fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE"); ++ fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE", 0); + else +- fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE"); ++ fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE", 0); + return; /* rate exceeded */ + } + +@@ -535,6 +538,7 @@ + * is zero, acceptable outcomes of y are NONE and OK. If x is + * one, the only acceptable outcome of y is OK. + */ ++ + if (has_mac == 0) { + is_authentic = AUTH_NONE; /* not required */ + #ifdef DEBUG +@@ -555,6 +559,25 @@ + stoa(&rbufp->recv_srcadr), hismode, skeyid, + authlen + has_mac, is_authentic); + #endif ++ ++ /* If the signature is 20 bytes long, the last 16 of ++ * which are zero, then this is a Microsoft client ++ * wanting AD-style authentication of the server's ++ * reply. ++ * ++ * This is described in Microsoft's WSPP docs, in MS-SNTP: ++ * http://msdn.microsoft.com/en-us/library/cc212930.aspx ++ */ ++ } else if (has_mac == MAX_MAC_LEN ++ && (retcode == AM_FXMIT || retcode == AM_NEWPASS) ++ && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MAC_LEN - 4) == 0)) { ++ ++ /* Don't try to verify the zeros, just set a ++ * flag and otherwise pretend we never saw the signature */ ++ is_authentic = AUTH_NONE; ++ ++ flags = FLAG_ADKEY; ++ + } else { + #ifdef OPENSSL + /* +@@ -696,9 +719,9 @@ + if (AUTH(restrict_mask & RES_DONTTRUST, + is_authentic)) { + fast_xmit(rbufp, MODE_SERVER, skeyid, +- NULL); ++ NULL, flags); + } else if (is_authentic == AUTH_ERROR) { +- fast_xmit(rbufp, MODE_SERVER, 0, NULL); ++ fast_xmit(rbufp, MODE_SERVER, 0, NULL, 0); + sys_badauth++; + } else { + sys_restricted++; +@@ -733,7 +756,7 @@ + * crypto-NAK, as that would not be useful. + */ + if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic)) +- fast_xmit(rbufp, MODE_SERVER, skeyid, NULL); ++ fast_xmit(rbufp, MODE_SERVER, skeyid, NULL, 0); + return; /* hooray */ + + /* +@@ -888,7 +911,7 @@ + is_authentic)) { + #ifdef OPENSSL + if (crypto_flags && skeyid > NTP_MAXKEY) +- fast_xmit(rbufp, MODE_ACTIVE, 0, NULL); ++ fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0); + #endif /* OPENSSL */ + sys_restricted++; + return; /* access denied */ +@@ -904,7 +927,7 @@ + * This is for drat broken Windows clients. See + * Microsoft KB 875424 for preferred workaround. + */ +- fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL); ++ fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL, flags); + #else /* WINTIME */ + sys_restricted++; + #endif /* WINTIME */ +@@ -938,6 +961,7 @@ + } + break; + ++ + /* + * Process regular packet. Nothing special. + */ +@@ -1090,7 +1114,7 @@ + peer->flash |= TEST5; /* bad auth */ + peer->badauth++; + if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE) +- fast_xmit(rbufp, MODE_ACTIVE, 0, NULL); ++ fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0); + if (peer->flags & FLAG_PREEMPT) { + unpeer(peer); + return; +@@ -3159,7 +3183,8 @@ + struct recvbuf *rbufp, /* receive packet pointer */ + int xmode, /* receive mode */ + keyid_t xkeyid, /* transmit key ID */ +- char *mask /* kiss code */ ++ char *mask, /* kiss code */ ++ int flags /* Flags to indicate signing behaviour */ + ) + { + struct pkt xpkt; /* transmit packet structure */ +@@ -3220,6 +3245,19 @@ + HTONL_FP(&rbufp->recv_time, &xpkt.rec); + } + ++ if (flags & FLAG_ADKEY) { ++#ifdef HAVE_NTP_SIGND ++ get_systime(&xmt_tx); ++ if (mask == NULL) { ++ HTONL_FP(&xmt_tx, &xpkt.xmt); ++ } ++ send_via_ntp_signd(rbufp, xmode, xkeyid, flags, &xpkt); ++#endif ++ /* If we don't have the support, drop the packet on the floor. ++ An all zero sig is compleatly bogus anyway */ ++ return; ++ } ++ + /* + * If the received packet contains a MAC, the transmitted packet + * is authenticated and contains a MAC. If not, the transmitted +@@ -3252,7 +3290,7 @@ + * source-destination-key ID combination. + */ + #ifdef OPENSSL +- if (xkeyid > NTP_MAXKEY) { ++ if (!(flags & FLAG_ADKEY) && (xkeyid > NTP_MAXKEY)) { + keyid_t cookie; + + /* +@@ -3284,8 +3322,10 @@ + if (mask == NULL) { + HTONL_FP(&xmt_tx, &xpkt.xmt); + } ++ + authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen); + sendlen += authlen; ++ + #ifdef OPENSSL + if (xkeyid > NTP_MAXKEY) + authtrust(xkeyid, 0); +Only in ntp-samba/ntpd: ntp_signd.c +Only in ntp-dev-4.2.5p125/ntpdc: nl.pl +Only in ntp-samba/scripts: calc_tickadj +Only in ntp-samba/scripts: checktime +Only in ntp-samba/scripts: freq_adj +Only in ntp-samba/scripts: html2man +Only in ntp-samba/scripts: Makefile +Only in ntp-samba/scripts: mkver +Only in ntp-samba/scripts: ntpsweep +Only in ntp-samba/scripts: ntptrace +Only in ntp-samba/scripts: ntpver +Only in ntp-samba/scripts: ntp-wait +Only in ntp-samba/scripts: plot_summary +Only in ntp-samba/scripts: summary +Only in ntp-samba: stamp-h1 +--- /dev/null 2008-08-25 07:28:22.036002925 +1000 ++++ ntp-samba/ntpd/ntp_signd.c 2008-08-28 21:59:06.000000000 +1000 +@@ -0,0 +1,242 @@ ++/* Copyright 2008, Red Hat, Inc. ++ Copyright 2008, Andrew Tridgell. ++ Licenced under the same terms as NTP itself. ++ */ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#ifdef HAVE_NTP_SIGND ++ ++#include "ntpd.h" ++#include "ntp_io.h" ++#include "ntp_stdlib.h" ++#include "ntp_unixtime.h" ++#include "ntp_control.h" ++#include "ntp_string.h" ++ ++#include <stdio.h> ++#include <stddef.h> ++#ifdef HAVE_LIBSCF_H ++#include <libscf.h> ++#include <unistd.h> ++#endif /* HAVE_LIBSCF_H */ ++ ++#include <sys/un.h> ++ ++/* socket routines by tridge - from junkcode.samba.org */ ++ ++/* ++ connect to a unix domain socket ++*/ ++static int ++ux_socket_connect(const char *name) ++{ ++ int fd; ++ struct sockaddr_un addr; ++ if (!name) { ++ return -1; ++ } ++ ++ memset(&addr, 0, sizeof(addr)); ++ addr.sun_family = AF_UNIX; ++ strncpy(addr.sun_path, name, sizeof(addr.sun_path)); ++ ++ fd = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (fd == -1) { ++ return -1; ++ } ++ ++ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { ++ close(fd); ++ return -1; ++ } ++ ++ return fd; ++} ++ ++ ++/* ++ keep writing until its all sent ++*/ ++static int ++write_all(int fd, const void *buf, size_t len) ++{ ++ size_t total = 0; ++ while (len) { ++ int n = write(fd, buf, len); ++ if (n <= 0) return total; ++ buf = n + (char *)buf; ++ len -= n; ++ total += n; ++ } ++ return total; ++} ++ ++/* ++ keep reading until its all read ++*/ ++static int ++read_all(int fd, void *buf, size_t len) ++{ ++ size_t total = 0; ++ while (len) { ++ int n = read(fd, buf, len); ++ if (n <= 0) return total; ++ buf = n + (char *)buf; ++ len -= n; ++ total += n; ++ } ++ return total; ++} ++ ++/* ++ send a packet in length prefix format ++*/ ++static int ++send_packet(int fd, const char *buf, uint32_t len) ++{ ++ uint32_t net_len = htonl(len); ++ if (write_all(fd, &net_len, sizeof(net_len)) != sizeof(net_len)) return -1; ++ if (write_all(fd, buf, len) != len) return -1; ++ return 0; ++} ++ ++/* ++ receive a packet in length prefix format ++*/ ++static int ++recv_packet(int fd, char **buf, uint32_t *len) ++{ ++ if (read_all(fd, len, sizeof(*len)) != sizeof(*len)) return -1; ++ *len = ntohl(*len); ++ (*buf) = malloc(*len); ++ if (!*buf) { ++ return -1; ++ } ++ if (read_all(fd, *buf, *len) != *len) { ++ free(*buf); ++ return -1; ++ } ++ return 0; ++} ++ ++void ++send_via_ntp_signd( ++ struct recvbuf *rbufp, /* receive packet pointer */ ++ int xmode, ++ keyid_t xkeyid, ++ int flags, ++ struct pkt *xpkt ++ ) ++{ ++ ++ /* We are here because it was detected that the client ++ * sent an all-zero signature, and we therefore know ++ * it's windows trying to talk to an AD server ++ * ++ * Because we don't want to dive into Samba's secrets ++ * database just to find the long-term kerberos key ++ * that is re-used as the NTP key, we instead hand the ++ * packet over to Samba to sign, and return to us. ++ * ++ * The signing method Samba will use is described by ++ * Microsoft in MS-SNTP, found here: ++ * http://msdn.microsoft.com/en-us/library/cc212930.aspx ++ */ ++ ++ int fd, sendlen; ++ struct samba_key_in { ++ uint32_t version; ++ uint32_t op; ++ uint32_t packet_id; ++ uint32_t key_id_le; ++ struct pkt pkt; ++ } samba_pkt; ++ ++ struct samba_key_out { ++ uint32_t version; ++ uint32_t op; ++ uint32_t packet_id; ++ struct pkt pkt; ++ } samba_reply; ++ ++ char full_socket[256]; ++ ++ char *reply = NULL; ++ uint32_t reply_len; ++ ++ memset(&samba_pkt, 0, sizeof(samba_pkt)); ++ samba_pkt.op = 0; /* Sign message */ ++ /* This will be echoed into the reply - a different ++ * impelementation might want multiple packets ++ * awaiting signing */ ++ ++ samba_pkt.packet_id = 1; ++ ++ /* Swap the byte order back - it's actually little ++ * endian on the wire, but it was read above as ++ * network byte order */ ++ samba_pkt.key_id_le = htonl(xkeyid); ++ samba_pkt.pkt = *xpkt; ++ ++ snprintf(full_socket, sizeof(full_socket), "%s/socket", ntp_signd_socket); ++ ++ fd = ux_socket_connect(full_socket); ++ /* Only continue with this if we can talk to Samba */ ++ if (fd != -1) { ++ /* Send old packet to Samba, expect response */ ++ /* Packet to Samba is quite simple: ++ All values BIG endian except key ID as noted ++ [packet size as BE] - 4 bytes ++ [protocol version (0)] - 4 bytes ++ [packet ID] - 4 bytes ++ [operation (sign message=0)] - 4 bytes ++ [key id] - LITTLE endian (as on wire) - 4 bytes ++ [message to sign] - as marshalled, without signature ++ */ ++ ++ if (send_packet(fd, (char *)&samba_pkt, offsetof(struct samba_key_in, pkt) + LEN_PKT_NOMAC) != 0) { ++ /* Huh? could not talk to Samba... */ ++ close(fd); ++ return; ++ } ++ ++ if (recv_packet(fd, &reply, &reply_len) != 0) { ++ if (reply) { ++ free(reply); ++ } ++ close(fd); ++ return; ++ } ++ /* Return packet is also simple: ++ [packet size] - network byte order - 4 bytes ++ [protocol version (0)] network byte order - - 4 bytes ++ [operation (signed success=3, failure=4)] network byte order - - 4 byte ++ (optional) [signed message] - as provided before, with signature appended ++ */ ++ ++ if (reply_len <= sizeof(samba_reply)) { ++ memcpy(&samba_reply, reply, reply_len); ++ if (ntohl(samba_reply.op) == 3 && reply_len > offsetof(struct samba_key_out, pkt)) { ++ sendlen = reply_len - offsetof(struct samba_key_out, pkt); ++ xpkt = &samba_reply.pkt; ++ sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, xpkt, sendlen); ++#ifdef DEBUG ++ if (debug) ++ printf( ++ "transmit ntp_signd packet: at %ld %s->%s mode %d keyid %08x len %d\n", ++ current_time, ntoa(&rbufp->dstadr->sin), ++ ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen); ++#endif ++ } ++ } ++ ++ if (reply) { ++ free(reply); ++ } ++ close(fd); ++ ++ } ++} ++#endif diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index d133bbc480..e615401e51 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -63,7 +63,17 @@ struct async_info { void *parms; }; -#define SETUP_PID private->tree->session->pid = req->smbpid +#define CHECK_UPSTREAM_OPEN do { \ + if (! private->transport->socket->sock) { \ + req->async_states->state|=NTVFS_ASYNC_STATE_CLOSE; \ + return NT_STATUS_CONNECTION_DISCONNECTED; \ + } \ +} while(0) + +#define SETUP_PID do { \ + private->tree->session->pid = req->smbpid; \ + CHECK_UPSTREAM_OPEN; \ +} while(0) #define SETUP_FILE_HERE(f) do { \ f = ntvfs_handle_get_backend_data(io->generic.in.file.ntvfs, ntvfs); \ diff --git a/source4/ntvfs/ntvfs.h b/source4/ntvfs/ntvfs.h index 0d5738d9f0..fc04d976f4 100644 --- a/source4/ntvfs/ntvfs.h +++ b/source4/ntvfs/ntvfs.h @@ -226,6 +226,7 @@ struct ntvfs_context { /* a set of flags to control handling of request structures */ #define NTVFS_ASYNC_STATE_ASYNC (1<<1) /* the backend will answer this one later */ #define NTVFS_ASYNC_STATE_MAY_ASYNC (1<<2) /* the backend is allowed to answer async */ +#define NTVFS_ASYNC_STATE_CLOSE (1<<3) /* the backend session should be closed */ /* the ntvfs_async_state structure allows backend functions to delay replying to requests. To use this, the front end must diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index d660141efc..ab7d209d10 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2296,7 +2296,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); lp_do_global_parameter(lp_ctx, "max connections", "-1"); - lp_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo"); + lp_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser"); lp_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd"); lp_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb"); lp_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain"); diff --git a/source4/param/secrets.h b/source4/param/secrets.h index 83b6dc7fdc..558a796967 100644 --- a/source4/param/secrets.h +++ b/source4/param/secrets.h @@ -20,13 +20,6 @@ #ifndef _SECRETS_H #define _SECRETS_H -/* structure for storing machine account password - (ie. when samba server is member of a domain */ -struct machine_acct_pass { - uint8_t hash[16]; - time_t mod_time; -}; - #define SECRETS_PRIMARY_DOMAIN_DN "cn=Primary Domains" #define SECRETS_PRINCIPALS_DN "cn=Principals" #define SECRETS_PRIMARY_DOMAIN_FILTER "(&(flatname=%s)(objectclass=primaryDomain))" diff --git a/source4/rpc_server/browser/dcesrv_browser.c b/source4/rpc_server/browser/dcesrv_browser.c new file mode 100644 index 0000000000..33fed50857 --- /dev/null +++ b/source4/rpc_server/browser/dcesrv_browser.c @@ -0,0 +1,172 @@ +/* + Unix SMB/CIFS implementation. + + endpoint server for the browser pipe + + Copyright (C) Stefan Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "rpc_server/dcerpc_server.h" +#include "librpc/gen_ndr/ndr_browser.h" +#include "rpc_server/common/common.h" + + +/* + BrowserrServerEnum +*/ +static void dcesrv_BrowserrServerEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrServerEnum *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrDebugCall +*/ +static void dcesrv_BrowserrDebugCall(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrDebugCall *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrQueryOtherDomains +*/ +static WERROR dcesrv_BrowserrQueryOtherDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrQueryOtherDomains *r) +{ + struct BrowserrSrvInfo100Ctr *ctr100; + + switch (r->in.info->level) { + case 100: + if (!r->in.info->info.info100) { + return WERR_INVALID_PARAM; + } + + ctr100 = talloc(mem_ctx, struct BrowserrSrvInfo100Ctr); + W_ERROR_HAVE_NO_MEMORY(ctr100); + + ctr100->entries_read = 0; + ctr100->entries = talloc_zero_array(ctr100, struct srvsvc_NetSrvInfo100, + ctr100->entries_read); + W_ERROR_HAVE_NO_MEMORY(ctr100->entries); + + r->out.info->info.info100 = ctr100; + *r->out.total_entries = ctr100->entries_read; + return WERR_OK; + default: + return WERR_UNKNOWN_LEVEL; + } + + return WERR_INVALID_PARAM; +} + + +/* + BrowserrResetNetlogonState +*/ +static void dcesrv_BrowserrResetNetlogonState(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrResetNetlogonState *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrDebugTrace +*/ +static void dcesrv_BrowserrDebugTrace(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrDebugTrace *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrQueryStatistics +*/ +static void dcesrv_BrowserrQueryStatistics(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrQueryStatistics *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserResetStatistics +*/ +static void dcesrv_BrowserResetStatistics(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserResetStatistics *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + NetrBrowserStatisticsClear +*/ +static void dcesrv_NetrBrowserStatisticsClear(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct NetrBrowserStatisticsClear *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + NetrBrowserStatisticsGet +*/ +static void dcesrv_NetrBrowserStatisticsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct NetrBrowserStatisticsGet *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrSetNetlogonState +*/ +static void dcesrv_BrowserrSetNetlogonState(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrSetNetlogonState *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrQueryEmulatedDomains +*/ +static void dcesrv_BrowserrQueryEmulatedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrQueryEmulatedDomains *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* + BrowserrServerEnumEx +*/ +static void dcesrv_BrowserrServerEnumEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct BrowserrServerEnumEx *r) +{ + DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR); +} + + +/* include the generated boilerplate */ +#include "librpc/gen_ndr/ndr_browser_s.c" diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk index fb697d0c0f..76aa6b938a 100644 --- a/source4/rpc_server/config.mk +++ b/source4/rpc_server/config.mk @@ -17,7 +17,7 @@ PUBLIC_HEADERS += $(rpc_serversrcdir)/common/common.h # Start MODULE dcerpc_rpcecho [MODULE::dcerpc_rpcecho] INIT_FUNCTION = dcerpc_server_rpcecho_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = NDR_ECHO # End MODULE dcerpc_rpcecho ################################################ @@ -28,7 +28,7 @@ dcerpc_rpcecho_OBJ_FILES = $(rpc_serversrcdir)/echo/rpc_echo.o # Start MODULE dcerpc_epmapper [MODULE::dcerpc_epmapper] INIT_FUNCTION = dcerpc_server_epmapper_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = NDR_EPMAPPER # End MODULE dcerpc_epmapper ################################################ @@ -39,7 +39,7 @@ dcerpc_epmapper_OBJ_FILES = $(rpc_serversrcdir)/epmapper/rpc_epmapper.o # Start MODULE dcerpc_remote [MODULE::dcerpc_remote] INIT_FUNCTION = dcerpc_server_remote_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ LIBCLI_SMB NDR_TABLE # End MODULE dcerpc_remote @@ -51,7 +51,7 @@ dcerpc_remote_OBJ_FILES = $(rpc_serversrcdir)/remote/dcesrv_remote.o # Start MODULE dcerpc_srvsvc [MODULE::dcerpc_srvsvc] INIT_FUNCTION = dcerpc_server_srvsvc_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ DCERPC_COMMON NDR_SRVSVC share # End MODULE dcerpc_srvsvc @@ -66,7 +66,7 @@ $(eval $(call proto_header_template,$(rpc_serversrcdir)/srvsvc/proto.h,$(dcerpc_ # Start MODULE dcerpc_wkssvc [MODULE::dcerpc_wkssvc] INIT_FUNCTION = dcerpc_server_wkssvc_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ DCERPC_COMMON NDR_WKSSVC # End MODULE dcerpc_wkssvc @@ -78,7 +78,7 @@ dcerpc_wkssvc_OBJ_FILES = $(rpc_serversrcdir)/wkssvc/dcesrv_wkssvc.o # Start MODULE dcerpc_unixinfo [MODULE::dcerpc_unixinfo] INIT_FUNCTION = dcerpc_server_unixinfo_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ DCERPC_COMMON \ SAMDB \ @@ -94,7 +94,7 @@ dcerpc_unixinfo_OBJ_FILES = $(rpc_serversrcdir)/unixinfo/dcesrv_unixinfo.o # Start MODULE dcesrv_samr [MODULE::dcesrv_samr] INIT_FUNCTION = dcerpc_server_samr_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ SAMDB \ DCERPC_COMMON \ @@ -110,7 +110,7 @@ $(eval $(call proto_header_template,$(rpc_serversrcdir)/samr/proto.h,$(dcesrv_sa # Start MODULE dcerpc_winreg [MODULE::dcerpc_winreg] INIT_FUNCTION = dcerpc_server_winreg_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server OUTPUT_TYPE = MERGED_OBJ PRIVATE_DEPENDENCIES = \ registry NDR_WINREG @@ -123,7 +123,7 @@ dcerpc_winreg_OBJ_FILES = $(rpc_serversrcdir)/winreg/rpc_winreg.o # Start MODULE dcerpc_netlogon [MODULE::dcerpc_netlogon] INIT_FUNCTION = dcerpc_server_netlogon_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ DCERPC_COMMON \ SCHANNELDB \ @@ -138,7 +138,7 @@ dcerpc_netlogon_OBJ_FILES = $(rpc_serversrcdir)/netlogon/dcerpc_netlogon.o # Start MODULE dcerpc_lsa [MODULE::dcerpc_lsarpc] INIT_FUNCTION = dcerpc_server_lsa_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ SAMDB \ DCERPC_COMMON \ @@ -157,7 +157,7 @@ $(eval $(call proto_header_template,$(rpc_serversrcdir)/lsa/proto.h,$(dcerpc_lsa # Start MODULE dcerpc_spoolss [MODULE::dcerpc_spoolss] INIT_FUNCTION = dcerpc_server_spoolss_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server OUTPUT_TYPE = MERGED_OBJ PRIVATE_DEPENDENCIES = \ DCERPC_COMMON \ @@ -173,7 +173,7 @@ dcerpc_spoolss_OBJ_FILES = $(rpc_serversrcdir)/spoolss/dcesrv_spoolss.o # Start MODULE dcerpc_drsuapi [MODULE::dcerpc_drsuapi] INIT_FUNCTION = dcerpc_server_drsuapi_init -SUBSYSTEM = DCESRV +SUBSYSTEM = dcerpc_server PRIVATE_DEPENDENCIES = \ SAMDB \ DCERPC_COMMON \ @@ -184,6 +184,19 @@ PRIVATE_DEPENDENCIES = \ dcerpc_drsuapi_OBJ_FILES = $(rpc_serversrcdir)/drsuapi/dcesrv_drsuapi.o ################################################ +# Start MODULE dcerpc_browser +[MODULE::dcerpc_browser] +INIT_FUNCTION = dcerpc_server_browser_init +SUBSYSTEM = dcerpc_server +PRIVATE_DEPENDENCIES = \ + DCERPC_COMMON \ + NDR_BROWSER +# End MODULE dcerpc_browser +################################################ + +dcerpc_browser_OBJ_FILES = $(rpc_serversrcdir)/browser/dcesrv_browser.o + +################################################ # Start SUBSYSTEM dcerpc_server [SUBSYSTEM::dcerpc_server] PRIVATE_DEPENDENCIES = \ diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 6e888e5259..5f055ae342 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -36,7 +36,7 @@ #include "libcli/security/security.h" #include "param/param.h" -#define SAMBA_ACCOC_GROUP 0x12345678 +#define SAMBA_ASSOC_GROUP 0x12345678 extern const struct dcesrv_interface dcesrv_mgmt_interface; @@ -288,26 +288,6 @@ _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, return NT_STATUS_OK; } - -/* - destroy a link to an endpoint -*/ -static int dcesrv_endpoint_destructor(struct dcesrv_connection *p) -{ - while (p->contexts) { - struct dcesrv_connection_context *c = p->contexts; - - DLIST_REMOVE(p->contexts, c); - - if (c->iface) { - c->iface->unbind(c, c->iface); - } - } - - return 0; -} - - /* connect to a dcerpc endpoint */ @@ -355,8 +335,6 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, p->state_flags = state_flags; ZERO_STRUCT(p->transport); - talloc_set_destructor(p, dcesrv_endpoint_destructor); - *_p = p; return NT_STATUS_OK; } @@ -531,6 +509,16 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) return NT_STATUS_OK; } +static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) +{ + DLIST_REMOVE(c->conn->contexts, c); + + if (c->iface) { + c->iface->unbind(c, c->iface); + } + + return 0; +} /* handle a bind request @@ -558,7 +546,8 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) * assoc_group_id back to the clients */ if (call->pkt.u.bind.assoc_group_id != 0 && - call->pkt.u.bind.assoc_group_id != SAMBA_ACCOC_GROUP) { + lp_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) && + call->pkt.u.bind.assoc_group_id != SAMBA_ASSOC_GROUP) { return dcesrv_bind_nak(call, 0); } @@ -609,10 +598,29 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) context->conn = call->conn; context->iface = iface; context->context_id = context_id; + /* + * we need to send a non zero assoc_group_id here to make longhorn happy, + * it also matches samba3 + */ + context->assoc_group_id = SAMBA_ASSOC_GROUP; context->private = NULL; context->handles = NULL; DLIST_ADD(call->conn->contexts, context); call->context = context; + talloc_set_destructor(context, dcesrv_connection_context_destructor); + + status = iface->bind(call, iface); + if (!NT_STATUS_IS_OK(status)) { + char *uuid_str = GUID_string(call, &uuid); + DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n", + uuid_str, if_version, nt_errstr(status))); + talloc_free(uuid_str); + /* we don't want to trigger the iface->unbind() hook */ + context->iface = NULL; + talloc_free(call->context); + call->context = NULL; + return dcesrv_bind_nak(call, 0); + } } if (call->conn->cli_max_recv_frag == 0) { @@ -627,6 +635,8 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) /* handle any authentication that is being requested */ if (!dcesrv_auth_bind(call)) { + talloc_free(call->context); + call->context = NULL; return dcesrv_bind_nak(call, DCERPC_BIND_REASON_INVALID_AUTH_TYPE); } @@ -638,8 +648,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags; pkt.u.bind_ack.max_xmit_frag = 0x2000; pkt.u.bind_ack.max_recv_frag = 0x2000; - /* we need to send a non zero assoc_group_id here to make longhorn happy, it also matches samba3 */ - pkt.u.bind_ack.assoc_group_id = SAMBA_ACCOC_GROUP; + pkt.u.bind_ack.assoc_group_id = iface?call->context->assoc_group_id:0; if (iface) { /* FIXME: Use pipe name as specified by endpoint instead of interface name */ pkt.u.bind_ack.secondary_address = talloc_asprintf(call, "\\PIPE\\%s", iface->name); @@ -649,6 +658,8 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) pkt.u.bind_ack.num_results = 1; pkt.u.bind_ack.ctx_list = talloc(call, struct dcerpc_ack_ctx); if (!pkt.u.bind_ack.ctx_list) { + talloc_free(call->context); + call->context = NULL; return NT_STATUS_NO_MEMORY; } pkt.u.bind_ack.ctx_list[0].result = result; @@ -658,27 +669,22 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) status = dcesrv_auth_bind_ack(call, &pkt); if (!NT_STATUS_IS_OK(status)) { + talloc_free(call->context); + call->context = NULL; return dcesrv_bind_nak(call, 0); } - if (iface) { - status = iface->bind(call, iface); - if (!NT_STATUS_IS_OK(status)) { - char *uuid_str = GUID_string(call, &uuid); - DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n", - uuid_str, if_version, nt_errstr(status))); - talloc_free(uuid_str); - return dcesrv_bind_nak(call, 0); - } - } - rep = talloc(call, struct data_blob_list_item); if (!rep) { + talloc_free(call->context); + call->context = NULL; return NT_STATUS_NO_MEMORY; } status = ncacn_push_auth(&rep->blob, call, lp_iconv_convenience(call->conn->dce_ctx->lp_ctx), &pkt, call->conn->auth_state.auth_info); if (!NT_STATUS_IS_OK(status)) { + talloc_free(call->context); + call->context = NULL; return status; } @@ -747,16 +753,20 @@ static NTSTATUS dcesrv_alter_new_context(struct dcesrv_call_state *call, uint32_ context->conn = call->conn; context->iface = iface; context->context_id = context_id; + context->assoc_group_id = SAMBA_ASSOC_GROUP; context->private = NULL; context->handles = NULL; DLIST_ADD(call->conn->contexts, context); call->context = context; + talloc_set_destructor(context, dcesrv_connection_context_destructor); - if (iface) { - status = iface->bind(call, iface); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + status = iface->bind(call, iface); + if (!NT_STATUS_IS_OK(status)) { + /* we don't want to trigger the iface->unbind() hook */ + context->iface = NULL; + talloc_free(context); + call->context = NULL; + return status; } return NT_STATUS_OK; @@ -784,15 +794,26 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call) context_id = call->pkt.u.alter.ctx_list[0].context_id; /* see if they are asking for a new interface */ - if (result == 0 && - dcesrv_find_context(call->conn, context_id) == NULL) { - status = dcesrv_alter_new_context(call, context_id); - if (!NT_STATUS_IS_OK(status)) { - result = DCERPC_BIND_PROVIDER_REJECT; - reason = DCERPC_BIND_REASON_ASYNTAX; + if (result == 0) { + call->context = dcesrv_find_context(call->conn, context_id); + if (!call->context) { + status = dcesrv_alter_new_context(call, context_id); + if (!NT_STATUS_IS_OK(status)) { + result = DCERPC_BIND_PROVIDER_REJECT; + reason = DCERPC_BIND_REASON_ASYNTAX; + } } } + if (result == 0 && + call->pkt.u.alter.assoc_group_id != 0 && + lp_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) && + call->pkt.u.alter.assoc_group_id != call->context->assoc_group_id) { + /* TODO: work out what to return here */ + result = DCERPC_BIND_PROVIDER_REJECT; + reason = DCERPC_BIND_REASON_ASYNTAX; + } + /* setup a alter_resp */ dcesrv_init_hdr(&pkt, lp_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); pkt.auth_length = 0; @@ -801,7 +822,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call) pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; pkt.u.alter_resp.max_xmit_frag = 0x2000; pkt.u.alter_resp.max_recv_frag = 0x2000; - pkt.u.alter_resp.assoc_group_id = call->pkt.u.alter.assoc_group_id; + if (result == 0) { + pkt.u.alter_resp.assoc_group_id = call->context->assoc_group_id; + } else { + pkt.u.alter_resp.assoc_group_id = 0; + } pkt.u.alter_resp.num_results = 1; pkt.u.alter_resp.ctx_list = talloc_array(call, struct dcerpc_ack_ctx, 1); if (!pkt.u.alter_resp.ctx_list) { @@ -1398,6 +1423,38 @@ const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name) return NULL; } +void dcerpc_server_init(struct loadparm_context *lp_ctx) +{ + static bool initialized; + extern NTSTATUS dcerpc_server_wkssvc_init(void); + extern NTSTATUS dcerpc_server_drsuapi_init(void); + extern NTSTATUS dcerpc_server_winreg_init(void); + extern NTSTATUS dcerpc_server_spoolss_init(void); + extern NTSTATUS dcerpc_server_epmapper_init(void); + extern NTSTATUS dcerpc_server_srvsvc_init(void); + extern NTSTATUS dcerpc_server_netlogon_init(void); + extern NTSTATUS dcerpc_server_rpcecho_init(void); + extern NTSTATUS dcerpc_server_unixinfo_init(void); + extern NTSTATUS dcerpc_server_samr_init(void); + extern NTSTATUS dcerpc_server_remote_init(void); + extern NTSTATUS dcerpc_server_lsa_init(void); + extern NTSTATUS dcerpc_server_browser_init(void); + init_module_fn static_init[] = { STATIC_dcerpc_server_MODULES }; + init_module_fn *shared_init; + + if (initialized) { + return; + } + initialized = true; + + shared_init = load_samba_modules(NULL, lp_ctx, "dcerpc_server"); + + run_init_functions(static_init); + run_init_functions(shared_init); + + talloc_free(shared_init); +} + /* return the DCERPC module version, and the size of some critical types This can be used by endpoint server modules to either detect compilation errors, or provide @@ -1430,6 +1487,8 @@ _PUBLIC_ NTSTATUS dcesrv_init_ipc_context(TALLOC_CTX *mem_ctx, struct loadparm_c NTSTATUS status; struct dcesrv_context *dce_ctx; + dcerpc_server_init(lp_ctx); + status = dcesrv_init_context(mem_ctx, lp_ctx, lp_dcerpc_endpoint_servers(lp_ctx), &dce_ctx); NT_STATUS_NOT_OK_RETURN(status); diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 4788fb3a51..bcd3d61f13 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -153,6 +153,8 @@ struct dcesrv_connection_context { struct dcesrv_connection_context *next, *prev; uint32_t context_id; + uint32_t assoc_group_id; + /* the connection this is on */ struct dcesrv_connection *conn; diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ccc1fc515f..a2367c8a9b 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -803,7 +803,40 @@ static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALL static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_GetDcName *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + const char * const attrs[] = { NULL }; + void *sam_ctx; + struct ldb_message **res; + struct ldb_dn *domain_dn; + int ret; + const char *dcname; + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, + dce_call->conn->dce_ctx->lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx, + r->in.domainname); + if (domain_dn == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs); + if (ret != 1) { + return WERR_NO_SUCH_DOMAIN; + } + + /* TODO: - return real IP address + * - check all r->in.* parameters (server_unc is ignored by w2k3!) + */ + dcname = talloc_asprintf(mem_ctx, "\\\\%s", + lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx)); + W_ERROR_HAVE_NO_MEMORY(dcname); + + *r->out.dcname = dcname; + return WERR_OK; } @@ -823,7 +856,18 @@ static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLO static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_GetAnyDCName *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct netr_GetDcName r2; + WERROR werr; + + ZERO_STRUCT(r2); + + r2.in.logon_server = r->in.logon_server; + r2.in.domainname = r->in.domainname; + r2.out.dcname = r->out.dcname; + + werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2); + + return werr; } @@ -1383,11 +1427,11 @@ static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dc } -/* - netr_NETRSERVERGETTRUSTINFO +/* + netr_ServerGetTrustInfo */ -static WERROR dcesrv_netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct netr_NETRSERVERGETTRUSTINFO *r) +static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_ServerGetTrustInfo *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index e1fb187c52..df23e11a67 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -140,11 +140,13 @@ #define SET_PARAMETERS(msg, field, attr) do { \ struct ldb_message_element *set_el; \ - if (samdb_msg_add_parameters(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != 0) { \ - return NT_STATUS_NO_MEMORY; \ + if (r->in.info->field.length != 0) { \ + if (samdb_msg_add_parameters(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != 0) { \ + return NT_STATUS_NO_MEMORY; \ + } \ + set_el = ldb_msg_find_element(msg, attr); \ + set_el->flags = LDB_FLAG_MOD_REPLACE; \ } \ - set_el = ldb_msg_find_element(msg, attr); \ - set_el->flags = LDB_FLAG_MOD_REPLACE; \ } while (0) @@ -763,8 +765,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state, info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime", 0x0LL); - info->unknown1 = 0; - info->unknown2 = 0; + info->modified_count_at_last_promotion = 0; return NT_STATUS_OK; } @@ -3512,14 +3513,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_UINT (msg, info23.info.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) SET_UINT (msg, info23.info.code_page, "codePage"); - IFSET(SAMR_FIELD_PASSWORD) { + IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) { status = samr_set_password(dce_call, a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, mem_ctx, msg, &r->in.info->info23.password); - } else IFSET(SAMR_FIELD_PASSWORD2) { + } else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) { status = samr_set_password(dce_call, a_state->sam_ctx, a_state->account_dn, @@ -3568,14 +3569,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_UINT (msg, info25.info.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) SET_UINT (msg, info25.info.code_page, "codePage"); - IFSET(SAMR_FIELD_PASSWORD) { + IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) { status = samr_set_password_ex(dce_call, a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, mem_ctx, msg, &r->in.info->info25.password); - } else IFSET(SAMR_FIELD_PASSWORD2) { + } else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) { status = samr_set_password_ex(dce_call, a_state->sam_ctx, a_state->account_dn, diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index bb4d6bdaf2..6c19b2346b 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -425,25 +425,8 @@ static void dcesrv_task_init(struct task_server *task) NTSTATUS status; struct dcesrv_context *dce_ctx; struct dcesrv_endpoint *e; - extern NTSTATUS dcerpc_server_wkssvc_init(void); - extern NTSTATUS dcerpc_server_drsuapi_init(void); - extern NTSTATUS dcerpc_server_winreg_init(void); - extern NTSTATUS dcerpc_server_spoolss_init(void); - extern NTSTATUS dcerpc_server_epmapper_init(void); - extern NTSTATUS dcerpc_server_srvsvc_init(void); - extern NTSTATUS dcerpc_server_netlogon_init(void); - extern NTSTATUS dcerpc_server_rpcecho_init(void); - extern NTSTATUS dcerpc_server_unixinfo_init(void); - extern NTSTATUS dcerpc_server_samr_init(void); - extern NTSTATUS dcerpc_server_remote_init(void); - extern NTSTATUS dcerpc_server_lsa_init(void); - init_module_fn static_init[] = { STATIC_DCESRV_MODULES }; - init_module_fn *shared_init = load_samba_modules(NULL, task->lp_ctx, "dcerpc_server"); - - run_init_functions(static_init); - run_init_functions(shared_init); - - talloc_free(shared_init); + + dcerpc_server_init(task->lp_ctx); task_server_set_title(task, "task[dcesrv]"); diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index 9649a1f644..b05cc1e39d 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -5,8 +5,10 @@ # a successful run for any of these tests an error. local.resolve.*.async local.iconv.*.next_codepoint() +base.delete.*.deltest17 base.delete.*.deltest20a base.delete.*.deltest20b +base.delete.*.deltest21 rpc.winreg.*security samba4.local.registry.(dir|ldb).check hive security samba4.local.registry.local.security @@ -23,10 +25,8 @@ rpc.netlogon.*.LogonUasLogon rpc.netlogon.*.LogonUasLogoff rpc.netlogon.*.DatabaseSync rpc.netlogon.*.DatabaseSync2 -rpc.netlogon.*.GetDcName rpc.netlogon.*.LogonControl rpc.netlogon.*.LogonControl2 -rpc.netlogon.*.GetAnyDCName rpc.netlogon.*.DsrEnumerateDomainTrusts rpc.netlogon.*.NetrEnumerateTrustedDomains rpc.netlogon.*.NetrEnumerateTrustedDomainsEx @@ -36,6 +36,7 @@ rpc.netlogon.*.DsRAddressToSitenamesExW rpc.netlogon.*.GetPassword rpc.netlogon.*.GetTrustPasswords rpc.netlogon.*.DatabaseRedo +rpc.netlogon.*.ServerGetTrustInfo base.charset.*.Testing partial surrogate .*net.api.delshare.* # DelShare isn't implemented yet rap.*netservergetinfo diff --git a/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt new file mode 100644 index 0000000000..324a5bf3f9 --- /dev/null +++ b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt @@ -0,0 +1,15652 @@ +# © 2008 Microsoft Corporation. All rights reserved
+#
+# Intellectual Property Rights Notice for Protocol Documentation
+#
+# Copyrights.
+# This protocol documentation is covered by Microsoft
+# copyrights. Regardless of any other terms that are contained in the
+# terms of use for the Microsoft website that hosts this documentation,
+# you may make copies of it in order to develop implementations of the
+# protocols, and may distribute portions of it in your implementations
+# of the protocols or your documentation as necessary to properly
+# document the implementation. You may also distribute in your
+# implementation, with or without modification, any schema, IDL's, or
+# code samples that are included in the documentation. This permission
+# also applies to any documents that are referenced in the protocol
+# documentation.
+#
+# No Trade Secrets.
+# Microsoft does not claim any trade secret rights in this documentation.
+#
+# Patents.
+# Microsoft has patents that may cover your implementations of the
+# protocols. Neither this notice nor Microsoft's delivery of the
+# documentation grants any licenses under those or any other Microsoft
+# patents. However, the protocols may be covered by MicrosoftÂ’s Open
+# Specification Promise (available here:
+# http://www.microsoft.com/interop/osp). If you would prefer a written
+# license, or if the protocols are not covered by the OSP, patent
+# licenses are available by contacting protocol@microsoft.com.
+#
+# Trademarks.
+# The names of companies and products contained in this documentation
+# may be covered by trademarks or similar intellectual property
+# rights. This notice does not grant any licenses under those
+# rights.Reservation of Rights. All other rights are reserved, and this
+# notice does not grant any rights other than specifically described
+# above, whether by implication, estoppel, or otherwise.
+#
+# Tools.
+# This protocol documentation is intended for use in conjunction with
+# publicly available standard specifications and network programming
+# art, and assumes that the reader either is familiar with the
+# aforementioned material or has immediate access to it. A protocol
+# specification does not require the use of Microsoft programming tools
+# or programming environments in order for you to develop an
+# implementation. If you have access to Microsoft programming tools and
+# environments you are free to take advantage of them.
+
+cn: Account-Expires
+ldapDisplayName: accountExpires
+attributeId: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967915-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Enable-ACS-Service
+ldapDisplayName: aCSEnableACSService
+attributeId: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561287-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Catalogs
+ldapDisplayName: catalogs
+attributeId: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb81-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Categories
+ldapDisplayName: categories
+attributeId: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7e-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Id
+ldapDisplayName: categoryId
+attributeId: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e94-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Usages
+ldapDisplayName: cAUsages
+attributeId: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d2738-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-WEB-URL
+ldapDisplayName: cAWEBURL
+attributeId: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2736-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Authority-Object
+ldapDisplayName: certificateAuthorityObject
+attributeId: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2732-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Revocation-List
+ldapDisplayName: certificateRevocationList
+attributeId: 2.5.4.39
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1677579f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32790
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Templates
+ldapDisplayName: certificateTemplates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2a39c5b1-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Display-Name
+ldapDisplayName: classDisplayName
+attributeId: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 548e1c22-dea6-11d0-b010-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Common-Name
+ldapDisplayName: cn
+attributeId: 2.5.4.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14863
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Enable-RSVP-Accounting
+ldapDisplayName: aCSEnableRSVPAccounting
+attributeId: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f072230e-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Country
+ldapDisplayName: co
+attributeId: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa7-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14886
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Code-Page
+ldapDisplayName: codePage
+attributeId: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967938-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-ClassID
+ldapDisplayName: cOMClassID
+attributeId: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-CLSID
+ldapDisplayName: cOMCLSID
+attributeId: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416d9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-InterfaceID
+ldapDisplayName: cOMInterfaceID
+attributeId: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Comment
+ldapDisplayName: comment
+attributeId: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-Other-Prog-Id
+ldapDisplayName: cOMOtherProgId
+attributeId: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416dd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Company
+ldapDisplayName: company
+attributeId: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff88-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14870
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-ProgID
+ldapDisplayName: cOMProgID
+attributeId: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Treat-As-Class-Id
+ldapDisplayName: cOMTreatAsClassId
+attributeId: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416db-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Message-Logging
+ldapDisplayName: aCSEnableRSVPMessageLogging
+attributeId: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561285-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Typelib-Id
+ldapDisplayName: cOMTypelibId
+attributeId: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416de-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Unique-LIBID
+ldapDisplayName: cOMUniqueLIBID
+attributeId: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416da-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Content-Indexing-Allowed
+ldapDisplayName: contentIndexingAllowed
+attributeId: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967943-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Context-Menu
+ldapDisplayName: contextMenu
+attributeId: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d8601ee-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Rights
+ldapDisplayName: controlAccessRights
+attributeId: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 6da8a4fc-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cost
+ldapDisplayName: cost
+attributeId: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967944-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32872
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Code
+ldapDisplayName: countryCode
+attributeId: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd42471-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Dialog
+ldapDisplayName: createDialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b09958a-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Create-Time-Stamp
+ldapDisplayName: createTimeStamp
+attributeId: 2.5.18.1
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Wizard-Ext
+ldapDisplayName: createWizardExt
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2b09958b-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Event-Log-Level
+ldapDisplayName: aCSEventLogLevel
+attributeId: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561286-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creation-Time
+ldapDisplayName: creationTime
+attributeId: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967946-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Creation-Wizard
+ldapDisplayName: creationWizard
+attributeId: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d8601ed-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creator
+ldapDisplayName: creator
+attributeId: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb85-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Object
+ldapDisplayName: cRLObject
+attributeId: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2737-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Partitioned-Revocation-List
+ldapDisplayName: cRLPartitionedRevocationList
+attributeId: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2731-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Certificate-Pair
+ldapDisplayName: crossCertificatePair
+attributeId: 2.5.4.40
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b2-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+mapiID: 32805
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Location
+ldapDisplayName: currentLocation
+attributeId: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fc-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Parent-CA
+ldapDisplayName: currentParentCA
+attributeId: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Value
+ldapDisplayName: currentValue
+attributeId: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967947-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Curr-Machine-Id
+ldapDisplayName: currMachineId
+attributeId: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fe-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Identity-Name
+ldapDisplayName: aCSIdentityName
+attributeId: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dab029b6-ddf7-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DBCS-Pwd
+ldapDisplayName: dBCSPwd
+attributeId: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96799c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Component
+ldapDisplayName: dc
+attributeId: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19195a55-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Class-Store
+ldapDisplayName: defaultClassStore
+attributeId: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967948-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Group
+ldapDisplayName: defaultGroup
+attributeId: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 720bc4e2-a54a-11d0-afdf-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Hiding-Value
+ldapDisplayName: defaultHidingValue
+attributeId: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: b7b13116-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Local-Policy-Object
+ldapDisplayName: defaultLocalPolicyObject
+attributeId: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96799f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Object-Category
+ldapDisplayName: defaultObjectCategory
+attributeId: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97367-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Priority
+ldapDisplayName: defaultPriority
+attributeId: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c8-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Security-Descriptor
+ldapDisplayName: defaultSecurityDescriptor
+attributeId: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 807a6d30-1669-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Delta-Revocation-List
+ldapDisplayName: deltaRevocationList
+attributeId: 2.5.4.53
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b5-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 35910
+
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+ldapDisplayName: aCSMaxAggregatePeakRatePerUser
+attributeId: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230c-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Department
+ldapDisplayName: department
+attributeId: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96794f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14872
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: departmentNumber
+ldapDisplayName: departmentNumber
+attributeId: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Description
+ldapDisplayName: description
+attributeId: 2.5.4.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967950-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32879
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Desktop-Profile
+ldapDisplayName: desktopProfile
+attributeId: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: eea65906-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Destination-Indicator
+ldapDisplayName: destinationIndicator
+attributeId: 2.5.4.27
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967951-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32880
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Classes
+ldapDisplayName: dhcpClasses
+attributeId: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2750-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Flags
+ldapDisplayName: dhcpFlags
+attributeId: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2741-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Identification
+ldapDisplayName: dhcpIdentification
+attributeId: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2742-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Mask
+ldapDisplayName: dhcpMask
+attributeId: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2747-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-MaxKey
+ldapDisplayName: dhcpMaxKey
+attributeId: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2754-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Duration-Per-Flow
+ldapDisplayName: aCSMaxDurationPerFlow
+attributeId: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127e-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Description
+ldapDisplayName: dhcpObjDescription
+attributeId: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2744-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Name
+ldapDisplayName: dhcpObjName
+attributeId: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2743-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Options
+ldapDisplayName: dhcpOptions
+attributeId: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d274f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Properties
+ldapDisplayName: dhcpProperties
+attributeId: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2753-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Ranges
+ldapDisplayName: dhcpRanges
+attributeId: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2748-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Reservations
+ldapDisplayName: dhcpReservations
+attributeId: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Servers
+ldapDisplayName: dhcpServers
+attributeId: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2745-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+extendedCharsAllowed: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Sites
+ldapDisplayName: dhcpSites
+attributeId: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2749-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-State
+ldapDisplayName: dhcpState
+attributeId: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2752-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Subnets
+ldapDisplayName: dhcpSubnets
+attributeId: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2746-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Maximum-SDU-Size
+ldapDisplayName: aCSMaximumSDUSize
+attributeId: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 87a2d8f9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Type
+ldapDisplayName: dhcpType
+attributeId: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 963d273b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Unique-Key
+ldapDisplayName: dhcpUniqueKey
+attributeId: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d273a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Update-Time
+ldapDisplayName: dhcpUpdateTime
+attributeId: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2755-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Reports
+ldapDisplayName: directReports
+attributeId: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a1c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 43
+mapiID: 32782
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Display-Name
+ldapDisplayName: displayName
+attributeId: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967953-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Display-Name-Printable
+ldapDisplayName: displayNamePrintable
+attributeId: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: bf967954-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14847
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Obj-Dist-Name
+ldapDisplayName: distinguishedName
+attributeId: 2.5.4.49
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679e4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32828
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DIT-Content-Rules
+ldapDisplayName: dITContentRules
+attributeId: 2.5.21.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Division
+ldapDisplayName: division
+attributeId: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: fe6136a0-2073-11d0-a9c2-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DMD-Location
+ldapDisplayName: dMDLocation
+attributeId: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8b-1191-11d0-a060-00aa006c33ed
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Max-No-Of-Account-Files
+ldapDisplayName: aCSMaxNoOfAccountFiles
+attributeId: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722310-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DMD-Name
+ldapDisplayName: dmdName
+attributeId: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 167757b9-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35926
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DN-Reference-Update
+ldapDisplayName: dNReferenceUpdate
+attributeId: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d86-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Allow-Dynamic
+ldapDisplayName: dnsAllowDynamic
+attributeId: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e65-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Allow-XFR
+ldapDisplayName: dnsAllowXFR
+attributeId: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e66-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Host-Name
+ldapDisplayName: dNSHostName
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Notify-Secondaries
+ldapDisplayName: dnsNotifySecondaries
+attributeId: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e68-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Property
+ldapDisplayName: dNSProperty
+attributeId: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 675a15fe-3b70-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Record
+ldapDisplayName: dnsRecord
+attributeId: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e69-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Root
+ldapDisplayName: dnsRoot
+attributeId: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967959-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Secure-Secondaries
+ldapDisplayName: dnsSecureSecondaries
+attributeId: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e67-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Log-Files
+ldapDisplayName: aCSMaxNoOfLogFiles
+attributeId: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559c-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Tombstoned
+ldapDisplayName: dNSTombstoned
+attributeId: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d5eb2eb7-be4e-463b-a214-634a44d7392e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: documentAuthor
+ldapDisplayName: documentAuthor
+attributeId: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f18a8e19-af5f-4478-b096-6f35c27eb83f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: documentIdentifier
+ldapDisplayName: documentIdentifier
+attributeId: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0b21ce82-ff63-46d9-90fb-c8b9f24e97b9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentLocation
+ldapDisplayName: documentLocation
+attributeId: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b958b14e-ac6d-4ec4-8892-be70b69f7281
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentPublisher
+ldapDisplayName: documentPublisher
+attributeId: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 170f09d7-eb69-448a-9a30-f1afecfd32d7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentTitle
+ldapDisplayName: documentTitle
+attributeId: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: de265a9c-ff2c-47b9-91dc-6e6fe2c43062
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentVersion
+ldapDisplayName: documentVersion
+attributeId: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 94b3a8a9-d613-4cec-9aad-5fbcc1046b43
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Domain-Certificate-Authorities
+ldapDisplayName: domainCAs
+attributeId: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7a-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Cross-Ref
+ldapDisplayName: domainCrossRef
+attributeId: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7b-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-ID
+ldapDisplayName: domainID
+attributeId: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2734-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Account-Name-History
+ldapDisplayName: accountNameHistory
+attributeId: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 031952ec-3b72-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth
+ldapDisplayName: aCSMaxPeakBandwidth
+attributeId: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561284-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Identifier
+ldapDisplayName: domainIdentifier
+attributeId: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561278-5301-11d1-a9c5-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Object
+ldapDisplayName: domainPolicyObject
+attributeId: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96795d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Reference
+ldapDisplayName: domainPolicyReference
+attributeId: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e2a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Replica
+ldapDisplayName: domainReplica
+attributeId: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96795e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Wide-Policy
+ldapDisplayName: domainWidePolicy
+attributeId: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e29-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: drink
+ldapDisplayName: drink
+attributeId: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Driver-Name
+ldapDisplayName: driverName
+attributeId: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c5-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Driver-Version
+ldapDisplayName: driverVersion
+attributeId: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6e-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DSA-Signature
+ldapDisplayName: dSASignature
+attributeId: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 167757bc-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32887
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Core-Propagation-Data
+ldapDisplayName: dSCorePropagationData
+attributeId: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: d167aa4b-8b08-11d2-9939-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+ldapDisplayName: aCSMaxPeakBandwidthPerFlow
+attributeId: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127c-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-Heuristics
+ldapDisplayName: dSHeuristics
+attributeId: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff86-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-UI-Admin-Maximum
+ldapDisplayName: dSUIAdminMaximum
+attributeId: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee8d0ae0-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Admin-Notification
+ldapDisplayName: dSUIAdminNotification
+attributeId: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f6ea0a94-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Shell-Maximum
+ldapDisplayName: dSUIShellMaximum
+attributeId: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fcca766a-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-LDAP-Server
+ldapDisplayName: dynamicLDAPServer
+attributeId: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52458021-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: EFSPolicy
+ldapDisplayName: eFSPolicy
+attributeId: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Employee-ID
+ldapDisplayName: employeeID
+attributeId: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967962-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Number
+ldapDisplayName: employeeNumber
+attributeId: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73ef-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+mapiID: 35943
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Type
+ldapDisplayName: employeeType
+attributeId: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73f0-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 256
+mapiID: 35945
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Enabled
+ldapDisplayName: Enabled
+attributeId: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8df73f2-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 35873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Max-Size-Of-RSVP-Account-File
+ldapDisplayName: aCSMaxSizeOfRSVPAccountFile
+attributeId: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722311-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Enabled-Connection
+ldapDisplayName: enabledConnection
+attributeId: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967963-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enrollment-Providers
+ldapDisplayName: enrollmentProviders
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b3-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Entry-TTL
+ldapDisplayName: entryTTL
+attributeId: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d213decc-d81a-4384-aac2-dcfcfd631cf8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 31557600
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+
+cn: Extended-Attribute-Info
+ldapDisplayName: extendedAttributeInfo
+attributeId: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Chars-Allowed
+ldapDisplayName: extendedCharsAllowed
+attributeId: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967966-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32935
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemOnly: TRUE
+
+cn: Extended-Class-Info
+ldapDisplayName: extendedClassInfo
+attributeId: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extension-Name
+ldapDisplayName: extensionName
+attributeId: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967972-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+mapiID: 32937
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Extra-Columns
+ldapDisplayName: extraColumns
+attributeId: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d24e2846-1dd9-4bcf-99d7-a6227cc86da7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Facsimile-Telephone-Number
+ldapDisplayName: facsimileTelephoneNumber
+attributeId: 2.5.4.23
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967974-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14883
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Ext-Priority
+ldapDisplayName: fileExtPriority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18315-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Log-File
+ldapDisplayName: aCSMaxSizeOfRSVPLogFile
+attributeId: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559d-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flags
+ldapDisplayName: flags
+attributeId: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967976-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flat-Name
+ldapDisplayName: flatName
+attributeId: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b13117-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Force-Logoff
+ldapDisplayName: forceLogoff
+attributeId: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967977-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Foreign-Identifier
+ldapDisplayName: foreignIdentifier
+attributeId: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e97891e-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Friendly-Names
+ldapDisplayName: friendlyNames
+attributeId: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb88-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: From-Entry
+ldapDisplayName: fromEntry
+attributeId: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: From-Server
+ldapDisplayName: fromServer
+attributeId: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf967979-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Frs-Computer-Reference
+ldapDisplayName: frsComputerReference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132578-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 102
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: Frs-Computer-Reference-BL
+ldapDisplayName: frsComputerReferenceBL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a132579-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Control-Data-Creation
+ldapDisplayName: fRSControlDataCreation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257a-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Bucket-Per-Flow
+ldapDisplayName: aCSMaxTokenBucketPerFlow
+attributeId: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 81f6e0df-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Inbound-Backlog
+ldapDisplayName: fRSControlInboundBacklog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257b-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Outbound-Backlog
+ldapDisplayName: fRSControlOutboundBacklog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257c-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Directory-Filter
+ldapDisplayName: fRSDirectoryFilter
+attributeId: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f171-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-DS-Poll
+ldapDisplayName: fRSDSPoll
+attributeId: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f177-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Extensions
+ldapDisplayName: fRSExtensions
+attributeId: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458020-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Fault-Condition
+ldapDisplayName: fRSFaultCondition
+attributeId: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f178-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-File-Filter
+ldapDisplayName: fRSFileFilter
+attributeId: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f170-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Flags
+ldapDisplayName: fRSFlags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a13257d-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Level-Limit
+ldapDisplayName: fRSLevelLimit
+attributeId: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5245801e-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Member-Reference
+ldapDisplayName: fRSMemberReference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a13257e-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 104
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: ACS-Max-Token-Rate-Per-Flow
+ldapDisplayName: aCSMaxTokenRatePerFlow
+attributeId: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127b-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Member-Reference-BL
+ldapDisplayName: fRSMemberReferenceBL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a13257f-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Partner-Auth-Level
+ldapDisplayName: fRSPartnerAuthLevel
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a132580-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Primary-Member
+ldapDisplayName: fRSPrimaryMember
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132581-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-GUID
+ldapDisplayName: fRSReplicaSetGUID
+attributeId: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5245801a-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-Type
+ldapDisplayName: fRSReplicaSetType
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 26d9736b-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Path
+ldapDisplayName: fRSRootPath
+attributeId: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f174-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Security
+ldapDisplayName: fRSRootSecurity
+attributeId: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 5245801f-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command
+ldapDisplayName: fRSServiceCommand
+attributeId: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ddac0cee-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command-Status
+ldapDisplayName: fRSServiceCommandStatus
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132582-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Staging-Path
+ldapDisplayName: fRSStagingPath
+attributeId: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f175-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Delay-Variation
+ldapDisplayName: aCSMinimumDelayVariation
+attributeId: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9c65329b-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Command
+ldapDisplayName: fRSTimeLastCommand
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132583-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Config-Change
+ldapDisplayName: fRSTimeLastConfigChange
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132584-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Update-Timeout
+ldapDisplayName: fRSUpdateTimeout
+attributeId: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f172-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version
+ldapDisplayName: fRSVersion
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132585-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version-GUID
+ldapDisplayName: fRSVersionGUID
+attributeId: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 26d9736c-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Working-Path
+ldapDisplayName: fRSWorkingPath
+attributeId: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f173-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FSMO-Role-Owner
+ldapDisplayName: fSMORoleOwner
+attributeId: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171887-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Garbage-Coll-Period
+ldapDisplayName: garbageCollPeriod
+attributeId: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a1-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32943
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Gecos
+ldapDisplayName: gecos
+attributeId: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a3e03f1f-1d55-4253-a0af-30c2a784e46e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Generated-Connection
+ldapDisplayName: generatedConnection
+attributeId: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96797a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Latency
+ldapDisplayName: aCSMinimumLatency
+attributeId: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9517fefb-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Generation-Qualifier
+ldapDisplayName: generationQualifier
+attributeId: 2.5.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775804-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 35923
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GidNumber
+ldapDisplayName: gidNumber
+attributeId: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5b95f0c-ec9e-41c4-849c-b46597ed6696
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: Given-Name
+ldapDisplayName: givenName
+attributeId: 2.5.4.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8e-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14854
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List
+ldapDisplayName: globalAddressList
+attributeId: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f754c748-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Governs-ID
+ldapDisplayName: governsID
+attributeId: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf96797d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: GPC-File-Sys-Path
+ldapDisplayName: gPCFileSysPath
+attributeId: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc1-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Functionality-Version
+ldapDisplayName: gPCFunctionalityVersion
+attributeId: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc0-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Machine-Extension-Names
+ldapDisplayName: gPCMachineExtensionNames
+attributeId: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 32ff8ecc-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-User-Extension-Names
+ldapDisplayName: gPCUserExtensionNames
+attributeId: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 42a75fc6-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-WQL-Filter
+ldapDisplayName: gPCWQLFilter
+attributeId: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bd4c7a6-1add-4436-8c04-3999a880154c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Policed-Size
+ldapDisplayName: aCSMinimumPolicedSize
+attributeId: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 8d0e7195-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Link
+ldapDisplayName: gPLink
+attributeId: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbe-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Options
+ldapDisplayName: gPOptions
+attributeId: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbf-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Attributes
+ldapDisplayName: groupAttributes
+attributeId: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96797e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Membership-SAM
+ldapDisplayName: groupMembershipSAM
+attributeId: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967980-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Priority
+ldapDisplayName: groupPriority
+attributeId: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65905-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Groups-to-Ignore
+ldapDisplayName: groupsToIgnore
+attributeId: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65904-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Type
+ldapDisplayName: groupType
+attributeId: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Master-NCs
+ldapDisplayName: hasMasterNCs
+attributeId: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967982-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 76
+mapiID: 32950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Partial-Replica-NCs
+ldapDisplayName: hasPartialReplicaNCs
+attributeId: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967981-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 74
+mapiID: 32949
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data16
+ldapDisplayName: helpData16
+attributeId: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a7-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32826
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Non-Reserved-Max-SDU-Size
+ldapDisplayName: aCSNonReservedMaxSDUSize
+attributeId: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: aec2cfe3-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Help-Data32
+ldapDisplayName: helpData32
+attributeId: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a8-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32784
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-File-Name
+ldapDisplayName: helpFileName
+attributeId: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a9-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 13
+mapiID: 32827
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Hide-From-AB
+ldapDisplayName: hideFromAB
+attributeId: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Home-Directory
+ldapDisplayName: homeDirectory
+attributeId: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967985-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Home-Drive
+ldapDisplayName: homeDrive
+attributeId: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967986-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Phone-Home-Primary
+ldapDisplayName: homePhone
+attributeId: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14857
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+systemFlags: 0
+
+cn: Address-Home
+ldapDisplayName: homePostalAddress
+attributeId: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775781-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14941
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: host
+ldapDisplayName: host
+attributeId: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 6043df71-fa48-46cf-ab7c-cbd54644b22d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: houseIdentifier
+ldapDisplayName: houseIdentifier
+attributeId: 2.5.4.51
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: a45398b7-c44a-4eb6-82d3-13c10946dbfe
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+
+cn: Icon-Path
+ldapDisplayName: iconPath
+attributeId: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ff83-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Aggregate-Token-Rate-Per-User
+ldapDisplayName: aCSAggregateTokenRatePerUser
+attributeId: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127d-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Min-Policed-Size
+ldapDisplayName: aCSNonReservedMinPolicedSize
+attributeId: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: b6873917-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Implemented-Categories
+ldapDisplayName: implementedCategories
+attributeId: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e92-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IndexedScopes
+ldapDisplayName: indexedScopes
+attributeId: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb87-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Comment
+ldapDisplayName: info
+attributeId: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 12292
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Initial-Auth-Incoming
+ldapDisplayName: initialAuthIncoming
+attributeId: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458023-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initial-Auth-Outgoing
+ldapDisplayName: initialAuthOutgoing
+attributeId: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458024-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initials
+ldapDisplayName: initials
+attributeId: 2.5.4.43
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff90-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 6
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14858
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Install-Ui-Level
+ldapDisplayName: installUiLevel
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd64-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Instance-Type
+ldapDisplayName: instanceType
+attributeId: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96798c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+mapiID: 32957
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: International-ISDN-Number
+ldapDisplayName: internationalISDNNumber
+attributeId: 2.5.4.25
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf96798d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32958
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Topology-Failover
+ldapDisplayName: interSiteTopologyFailover
+attributeId: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e60-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Non-Reserved-Peak-Rate
+ldapDisplayName: aCSNonReservedPeakRate
+attributeId: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a331a73f-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Topology-Generator
+ldapDisplayName: interSiteTopologyGenerator
+attributeId: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5e-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Renew
+ldapDisplayName: interSiteTopologyRenew
+attributeId: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5f-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Invocation-Id
+ldapDisplayName: invocationId
+attributeId: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX
+mapiID: 32959
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+searchFlags: 0
+
+cn: IpHostNumber
+ldapDisplayName: ipHostNumber
+attributeId: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: de8bb721-85dc-4fde-b687-9657688e667e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetmaskNumber
+ldapDisplayName: ipNetmaskNumber
+attributeId: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 6ff64fcd-462e-4f62-b44a-9a5347659eb9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetworkNumber
+ldapDisplayName: ipNetworkNumber
+attributeId: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4e3854f4-3087-42a4-a813-bb0c528958d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: Phone-Ip-Primary
+ldapDisplayName: ipPhone
+attributeId: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d146e4a-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpProtocolNumber
+ldapDisplayName: ipProtocolNumber
+attributeId: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ebf5c6eb-0e2d-4415-9670-1081993b4211
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Ipsec-Data
+ldapDisplayName: ipsecData
+attributeId: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: b40ff81f-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Data-Type
+ldapDisplayName: ipsecDataType
+attributeId: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b40ff81e-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Token-Size
+ldapDisplayName: aCSNonReservedTokenSize
+attributeId: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a916d7c9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter-Reference
+ldapDisplayName: ipsecFilterReference
+attributeId: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff823-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ID
+ldapDisplayName: ipsecID
+attributeId: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81d-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Reference
+ldapDisplayName: ipsecISAKMPReference
+attributeId: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff820-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Name
+ldapDisplayName: ipsecName
+attributeId: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81c-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Action
+ldapDisplayName: iPSECNegotiationPolicyAction
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383075-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy-Reference
+ldapDisplayName: ipsecNegotiationPolicyReference
+attributeId: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff822-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Type
+ldapDisplayName: iPSECNegotiationPolicyType
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383074-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA-Reference
+ldapDisplayName: ipsecNFAReference
+attributeId: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff821-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Owners-Reference
+ldapDisplayName: ipsecOwnersReference
+attributeId: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff824-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy-Reference
+ldapDisplayName: ipsecPolicyReference
+attributeId: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13118-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Limit
+ldapDisplayName: aCSNonReservedTxLimit
+attributeId: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a2-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpServicePort
+ldapDisplayName: ipServicePort
+attributeId: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff2daebf-f463-495a-8405-3e483641eaa2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: IpServiceProtocol
+ldapDisplayName: ipServiceProtocol
+attributeId: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: cd96ec0b-1ed6-43b4-b26b-f170b645883f
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Is-Critical-System-Object
+ldapDisplayName: isCriticalSystemObject
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 00fbf30d-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Defunct
+ldapDisplayName: isDefunct
+attributeId: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 28630ebe-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Deleted
+ldapDisplayName: isDeleted
+attributeId: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96798f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Ephemeral
+ldapDisplayName: isEphemeral
+attributeId: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f4c453f0-c5f1-11d1-bbcb-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Is-Member-Of-Partial-Attribute-Set
+ldapDisplayName: isMemberOfPartialAttributeSet
+attributeId: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 19405b9d-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Privilege-Holder
+ldapDisplayName: isPrivilegeHolder
+attributeId: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9c-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 71
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Is-Single-Valued
+ldapDisplayName: isSingleValued
+attributeId: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967992-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32961
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: jpegPhoto
+ldapDisplayName: jpegPhoto
+attributeId: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: ACS-Non-Reserved-Tx-Size
+ldapDisplayName: aCSNonReservedTxSize
+attributeId: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230d-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Keywords
+ldapDisplayName: keywords
+attributeId: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967993-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Knowledge-Information
+ldapDisplayName: knowledgeInformation
+attributeId: 2.5.4.2
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: 1677581f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32963
+
+cn: Locality-Name
+ldapDisplayName: l
+attributeId: 2.5.4.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14887
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: labeledURI
+ldapDisplayName: labeledURI
+attributeId: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Last-Backup-Restoration-Time
+ldapDisplayName: lastBackupRestorationTime
+attributeId: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1fbb0be8-ba63-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Content-Indexed
+ldapDisplayName: lastContentIndexed
+attributeId: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967995-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Known-Parent
+ldapDisplayName: lastKnownParent
+attributeId: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52ab8670-5709-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logoff
+ldapDisplayName: lastLogoff
+attributeId: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967996-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon
+ldapDisplayName: lastLogon
+attributeId: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967997-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon-Timestamp
+ldapDisplayName: lastLogonTimestamp
+attributeId: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Permission-Bits
+ldapDisplayName: aCSPermissionBits
+attributeId: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561282-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Set-Time
+ldapDisplayName: lastSetTime
+attributeId: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967998-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Update-Sequence
+ldapDisplayName: lastUpdateSequence
+attributeId: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9c-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LDAP-Admin-Limits
+ldapDisplayName: lDAPAdminLimits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7359a352-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-Display-Name
+ldapDisplayName: lDAPDisplayName
+attributeId: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96799a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+mapiID: 33137
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-IPDeny-List
+ldapDisplayName: lDAPIPDenyList
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7359a353-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LSA-Creation-Time
+ldapDisplayName: lSACreationTime
+attributeId: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ad-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Modified-Count
+ldapDisplayName: lSAModifiedCount
+attributeId: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ae-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Legacy-Exchange-DN
+ldapDisplayName: legacyExchangeDN
+attributeId: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 28630ebc-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE| fANR | fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-ID
+ldapDisplayName: linkID
+attributeId: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32965
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-Track-Secret
+ldapDisplayName: linkTrackSecret
+attributeId: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2ae80fe2-47b4-11d0-a1a4-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Policy-Name
+ldapDisplayName: aCSPolicyName
+attributeId: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559a-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lm-Pwd-History
+ldapDisplayName: lmPwdHistory
+attributeId: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf96799d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Locale-ID
+ldapDisplayName: localeID
+attributeId: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf9679a1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Localization-Display-Id
+ldapDisplayName: localizationDisplayId
+attributeId: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a746f0d1-78d0-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Localized-Description
+ldapDisplayName: localizedDescription
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18316-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Local-Policy-Flags
+ldapDisplayName: localPolicyFlags
+attributeId: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Local-Policy-Reference
+ldapDisplayName: localPolicyReference
+attributeId: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4d-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Location
+ldapDisplayName: location
+attributeId: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb79f-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lockout-Duration
+ldapDisplayName: lockoutDuration
+attributeId: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lock-Out-Observation-Window
+ldapDisplayName: lockOutObservationWindow
+attributeId: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Threshold
+ldapDisplayName: lockoutThreshold
+attributeId: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679a6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Priority
+ldapDisplayName: aCSPriority
+attributeId: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561281-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lockout-Time
+ldapDisplayName: lockoutTime
+attributeId: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LoginShell
+ldapDisplayName: loginShell
+attributeId: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a553d12c-3231-4c5e-8adf-8d189697721e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Logon-Count
+ldapDisplayName: logonCount
+attributeId: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679aa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Hours
+ldapDisplayName: logonHours
+attributeId: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ab-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Workstation
+ldapDisplayName: logonWorkstation
+attributeId: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ac-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Account-Files-Location
+ldapDisplayName: aCSRSVPAccountFilesLocation
+attributeId: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f072230f-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Log-Files-Location
+ldapDisplayName: aCSRSVPLogFilesLocation
+attributeId: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559b-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Allocable-RSVP-Bandwidth
+ldapDisplayName: aCSAllocableRSVPBandwidth
+attributeId: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561283-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Server-List
+ldapDisplayName: aCSServerList
+attributeId: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7cbd59a5-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Service-Type
+ldapDisplayName: aCSServiceType
+attributeId: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127f-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Time-Of-Day
+ldapDisplayName: aCSTimeOfDay
+attributeId: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f561279-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Total-No-Of-Flows
+ldapDisplayName: aCSTotalNoOfFlows
+attributeId: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561280-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Trusted-Service-Names
+ldapDisplayName: additionalTrustedServiceNames
+attributeId: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160be-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Book-Roots
+ldapDisplayName: addressBookRoots
+attributeId: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f70b6e48-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table
+ldapDisplayName: addressEntryDisplayTable
+attributeId: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42461-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32791
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table-MSDOS
+ldapDisplayName: addressEntryDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42462-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32839
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Syntax
+ldapDisplayName: addressSyntax
+attributeId: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42463-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+mapiID: 32792
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Type
+ldapDisplayName: addressType
+attributeId: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 5fd42464-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+mapiID: 32840
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Cache-Timeout
+ldapDisplayName: aCSCacheTimeout
+attributeId: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a1-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Context-Menu
+ldapDisplayName: adminContextMenu
+attributeId: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd038-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Count
+ldapDisplayName: adminCount
+attributeId: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967918-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Description
+ldapDisplayName: adminDescription
+attributeId: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967919-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32842
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Display-Name
+ldapDisplayName: adminDisplayName
+attributeId: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96791a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 32843
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Multiselect-Property-Pages
+ldapDisplayName: adminMultiselectPropertyPages
+attributeId: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Property-Pages
+ldapDisplayName: adminPropertyPages
+attributeId: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458038-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Allowed-Attributes
+ldapDisplayName: allowedAttributes
+attributeId: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Attributes-Effective
+ldapDisplayName: allowedAttributesEffective
+attributeId: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes
+ldapDisplayName: allowedChildClasses
+attributeId: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes-Effective
+ldapDisplayName: allowedChildClassesEffective
+attributeId: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ACS-Direction
+ldapDisplayName: aCSDirection
+attributeId: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127a-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Alt-Security-Identities
+ldapDisplayName: altSecurityIdentities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 00fbf30c-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ANR
+ldapDisplayName: aNR
+attributeId: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Application-Name
+ldapDisplayName: applicationName
+attributeId: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: dd712226-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Applies-To
+ldapDisplayName: appliesTo
+attributeId: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8297931d-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: App-Schema-Version
+ldapDisplayName: appSchemaVersion
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd65-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Asset-Number
+ldapDisplayName: assetNumber
+attributeId: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f75-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Assistant
+ldapDisplayName: assistant
+attributeId: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c11c-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: associatedDomain
+ldapDisplayName: associatedDomain
+attributeId: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 3320fc38-c379-4c17-a510-1bdf6133c5da
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: associatedName
+ldapDisplayName: associatedName
+attributeId: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f7fbfc45-85ab-42a4-a435-780e62f7858b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Assoc-NT-Account
+ldapDisplayName: assocNTAccount
+attributeId: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 398f63c0-ca60-11d1-bbd1-0000f81f10c0
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ACS-DSBM-DeadTime
+ldapDisplayName: aCSDSBMDeadTime
+attributeId: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a0-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: attributeCertificateAttribute
+ldapDisplayName: attributeCertificateAttribute
+attributeId: 2.5.4.58
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Attribute-Display-Names
+ldapDisplayName: attributeDisplayNames
+attributeId: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: cb843f80-48d9-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Attribute-ID
+ldapDisplayName: attributeID
+attributeId: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967922-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Security-GUID
+ldapDisplayName: attributeSecurityGUID
+attributeId: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967924-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Syntax
+ldapDisplayName: attributeSyntax
+attributeId: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967925-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Types
+ldapDisplayName: attributeTypes
+attributeId: 2.5.21.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: audio
+ldapDisplayName: audio
+attributeId: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d0e1d224-e1a0-42ce-a2da-793ba5244f35
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+
+cn: Auditing-Policy
+ldapDisplayName: auditingPolicy
+attributeId: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6da8a4fe-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authentication-Options
+ldapDisplayName: authenticationOptions
+attributeId: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967928-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authority-Revocation-List
+ldapDisplayName: authorityRevocationList
+attributeId: 2.5.4.38
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677578d-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32806
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Priority
+ldapDisplayName: aCSDSBMPriority
+attributeId: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559e-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Auxiliary-Class
+ldapDisplayName: auxiliaryClass
+attributeId: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf96792c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Password-Time
+ldapDisplayName: badPasswordTime
+attributeId: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Pwd-Count
+ldapDisplayName: badPwdCount
+attributeId: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Birth-Location
+ldapDisplayName: birthLocation
+attributeId: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075f9-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: BootFile
+ldapDisplayName: bootFile
+attributeId: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e3f3cb4e-0f20-42eb-9703-d2ff26e52667
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: BootParameter
+ldapDisplayName: bootParameter
+attributeId: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: d72a0750-8c7c-416e-8714-e65f11e908be
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Bridgehead-Server-List-BL
+ldapDisplayName: bridgeheadServerListBL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdb-8951-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 99
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bridgehead-Transport-List
+ldapDisplayName: bridgeheadTransportList
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cda-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 98
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: buildingName
+ldapDisplayName: buildingName
+attributeId: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f87fa54b-b2c5-4fd7-88c0-daccb21d93c5
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Builtin-Creation-Time
+ldapDisplayName: builtinCreationTime
+attributeId: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Refresh
+ldapDisplayName: aCSDSBMRefresh
+attributeId: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559f-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Builtin-Modified-Count
+ldapDisplayName: builtinModifiedCount
+attributeId: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967930-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Business-Category
+ldapDisplayName: businessCategory
+attributeId: 2.5.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967931-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32855
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Bytes-Per-Minute
+ldapDisplayName: bytesPerMinute
+attributeId: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f76-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Country-Name
+ldapDisplayName: c
+attributeId: 2.5.4.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967945-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 3
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32873
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: CA-Certificate
+ldapDisplayName: cACertificate
+attributeId: 2.5.4.37
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967932-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32771
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate-DN
+ldapDisplayName: cACertificateDN
+attributeId: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2740-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Connect
+ldapDisplayName: cAConnect
+attributeId: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2735-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Canonical-Name
+ldapDisplayName: canonicalName
+attributeId: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Can-Upgrade-Script
+ldapDisplayName: canUpgradeScript
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18314-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: carLicense
+ldapDisplayName: carLicense
+attributeId: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: MacAddress
+ldapDisplayName: macAddress
+attributeId: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e6a522dd-9770-43e1-89de-1de5044328f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: Manager
+ldapDisplayName: manager
+attributeId: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679b5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 42
+mapiID: 32773
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-NamedPipe
+ldapDisplayName: mS-SQL-NamedPipe
+attributeId: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b91c840-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-PublicationURL
+ldapDisplayName: mS-SQL-PublicationURL
+attributeId: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ae0c11b8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Publisher
+ldapDisplayName: mS-SQL-Publisher
+attributeId: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c1676858-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-RegisteredOwner
+ldapDisplayName: mS-SQL-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 48fd44ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ServiceAccount
+ldapDisplayName: mS-SQL-ServiceAccount
+attributeId: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 64933a3e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Size
+ldapDisplayName: mS-SQL-Size
+attributeId: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e9098084-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SortOrder
+ldapDisplayName: mS-SQL-SortOrder
+attributeId: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6ddc42c0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SPX
+ldapDisplayName: mS-SQL-SPX
+attributeId: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b08004-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Status
+ldapDisplayName: mS-SQL-Status
+attributeId: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9a7d4770-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-TCPIP
+ldapDisplayName: mS-SQL-TCPIP
+attributeId: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ac263a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MAPI-ID
+ldapDisplayName: mAPIID
+attributeId: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679b7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32974
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-SQL-ThirdParty
+ldapDisplayName: mS-SQL-ThirdParty
+attributeId: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4e311fc-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Type
+ldapDisplayName: mS-SQL-Type
+attributeId: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca48eba8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-UnicodeSortOrder
+ldapDisplayName: mS-SQL-UnicodeSortOrder
+attributeId: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 72dc918a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Version
+ldapDisplayName: mS-SQL-Version
+attributeId: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c07cc1d0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Vines
+ldapDisplayName: mS-SQL-Vines
+attributeId: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94c56394-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-DefaultPartitionLink
+ldapDisplayName: msCOM-DefaultPartitionLink
+attributeId: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 998b10f7-aa1a-4364-b867-753d197fe670
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-ObjectId
+ldapDisplayName: msCOM-ObjectId
+attributeId: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 430f678b-889f-41f2-9843-203b5a65572f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionLink
+ldapDisplayName: msCOM-PartitionLink
+attributeId: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 09abac62-043f-4702-ac2b-6ca15eee5754
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1040
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSetLink
+ldapDisplayName: msCOM-PartitionSetLink
+attributeId: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1041
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserLink
+ldapDisplayName: msCOM-UserLink
+attributeId: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9e6f3a4d-242c-4f37-b068-36b57f9fc852
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1049
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Marshalled-Interface
+ldapDisplayName: marshalledInterface
+attributeId: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679b9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-UserPartitionSetLink
+ldapDisplayName: msCOM-UserPartitionSetLink
+attributeId: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 8e940c8a-e477-4367-b08d-ff2ff942dcd7
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mscope-Id
+ldapDisplayName: mscopeId
+attributeId: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: 963d2751-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-CachePolicy
+ldapDisplayName: msDFSR-CachePolicy
+attributeId: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db7a08e7-fc76-4569-a45f-f5ecb66a88b5
+searchFlags: 0
+
+cn: ms-DFSR-CommonStagingPath
+ldapDisplayName: msDFSR-CommonStagingPath
+attributeId: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 936eac41-d257-4bb9-bd55-f310a3cf09ad
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-CommonStagingSizeInMb
+ldapDisplayName: msDFSR-CommonStagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 135eb00e-4846-458b-8ea2-a37559afd405
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ComputerReference
+ldapDisplayName: msDFSR-ComputerReference
+attributeId: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 6c7b5785-3d21-41bf-8a8a-627941544d5a
+searchFlags: 0
+linkID: 2050
+
+cn: ms-DFSR-ComputerReferenceBL
+ldapDisplayName: msDFSR-ComputerReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5eb526d7-d71b-44ae-8cc6-95460052e6ac
+searchFlags: 0
+linkID: 2051
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-ConflictPath
+ldapDisplayName: msDFSR-ConflictPath
+attributeId: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5cf0bcc8-60f7-4bff-bda6-aea0344eb151
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-ConflictSizeInMb
+ldapDisplayName: msDFSR-ConflictSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ContentSetGuid
+ldapDisplayName: msDFSR-ContentSetGuid
+attributeId: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1035a8e1-67a8-4c21-b7bb-031cdf99d7a0
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: Mastered-By
+ldapDisplayName: masteredBy
+attributeId: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e48e64e0-12c9-11d3-9102-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 77
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter
+attributeId: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87811bd5-cd8b-45cb-9f5d-980f3a9e0c97
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedPath
+ldapDisplayName: msDFSR-DeletedPath
+attributeId: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 817cf0b8-db95-4914-b833-5a079ef65764
+searchFlags: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedSizeInMb
+ldapDisplayName: msDFSR-DeletedSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 53ed9ad1-9975-41f4-83f5-0c061a12553a
+searchFlags: 0
+rangeUpper: -1
+
+cn: ms-DFSR-DfsLinkTarget
+ldapDisplayName: msDFSR-DfsLinkTarget
+attributeId: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f7b85ba9-3bf9-428f-aab4-2eee6d56f063
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DfsPath
+ldapDisplayName: msDFSR-DfsPath
+attributeId: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2cc903e2-398c-443b-ac86-ff6b01eac7ba
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DirectoryFilter
+ldapDisplayName: msDFSR-DirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 93c7b477-1f2e-4b40-b7bf-007e8d038ccf
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DisablePacketPrivacy
+ldapDisplayName: msDFSR-DisablePacketPrivacy
+attributeId: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 6a84ede5-741e-43fd-9dd6-aa0f61578621
+searchFlags: 0
+
+cn: ms-DFSR-Enabled
+ldapDisplayName: msDFSR-Enabled
+attributeId: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 03726ae7-8e7d-4446-8aae-a91657c00993
+searchFlags: 0
+
+cn: ms-DFSR-Extension
+ldapDisplayName: msDFSR-Extension
+attributeId: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 78f011ec-a766-4b19-adcf-7b81ed781a4d
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+
+cn: ms-DFSR-FileFilter
+ldapDisplayName: msDFSR-FileFilter
+attributeId: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d68270ac-a5dc-4841-a6ac-cd68be38c181
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: Max-Pwd-Age
+ldapDisplayName: maxPwdAge
+attributeId: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DFSR-Flags
+ldapDisplayName: msDFSR-Flags
+attributeId: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe515695-3f61-45c8-9bfa-19c148c57b09
+searchFlags: 0
+
+cn: ms-DFSR-Keywords
+ldapDisplayName: msDFSR-Keywords
+attributeId: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 048b4692-6227-4b67-a074-c4437083e14b
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-MaxAgeInCacheInMin
+ldapDisplayName: msDFSR-MaxAgeInCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2ab0e48d-ac4e-4afc-83e5-a34240db6198
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-MemberReference
+ldapDisplayName: msDFSR-MemberReference
+attributeId: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 261337aa-f1c3-44b2-bbea-c88d49e6f0c7
+searchFlags: 0
+linkID: 2052
+
+cn: ms-DFSR-MemberReferenceBL
+ldapDisplayName: msDFSR-MemberReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: adde62c6-1880-41ed-bd3c-30b7d25e14f0
+searchFlags: 0
+linkID: 2053
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-MinDurationCacheInMin
+ldapDisplayName: msDFSR-MinDurationCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4c5d607a-ce49-444a-9862-82a95f5d1fcc
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d523aff-9012-49b2-9925-f922a0018656
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-OnDemandExclusionFileFilter
+ldapDisplayName: msDFSR-OnDemandExclusionFileFilter
+attributeId: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a68359dc-a581-4ee6-9015-5382c60f0fb4
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Options
+ldapDisplayName: msDFSR-Options
+attributeId: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d6d67084-c720-417d-8647-b696237a114c
+searchFlags: 0
+
+cn: ms-DFSR-Options2
+ldapDisplayName: msDFSR-Options2
+attributeId: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11e24318-4ca6-4f49-9afe-e5eb1afa3473
+searchFlags: 0
+
+cn: Max-Renew-Age
+ldapDisplayName: maxRenewAge
+attributeId: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DFSR-Priority
+ldapDisplayName: msDFSR-Priority
+attributeId: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb20e7d6-32ad-42de-b141-16ad2631b01b
+searchFlags: 0
+
+cn: ms-DFSR-RdcEnabled
+ldapDisplayName: msDFSR-RdcEnabled
+attributeId: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e3b44e05-f4a7-4078-a730-f48670a743f8
+searchFlags: 0
+
+cn: ms-DFSR-RdcMinFileSizeInKb
+ldapDisplayName: msDFSR-RdcMinFileSizeInKb
+attributeId: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f402a330-ace5-4dc1-8cc9-74d900bf8ae0
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ReadOnly
+ldapDisplayName: msDFSR-ReadOnly
+attributeId: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5ac48021-e447-46e7-9d23-92c0c6a90dfb
+searchFlags: 0
+
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent
+attributeId: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d64b9c23-e1fa-467b-b317-6964d744d633
+searchFlags: 0
+
+cn: ms-DFSR-ReplicationGroupGuid
+ldapDisplayName: msDFSR-ReplicationGroupGuid
+attributeId: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2dad8796-7619-4ff8-966e-0a5cc67b287f
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-ReplicationGroupType
+ldapDisplayName: msDFSR-ReplicationGroupType
+attributeId: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eeed0fc8-1001-45ed-80cc-bbf744930720
+searchFlags: 0
+
+cn: ms-DFSR-RootFence
+ldapDisplayName: msDFSR-RootFence
+attributeId: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 51928e94-2cd8-4abe-b552-e50412444370
+searchFlags: 0
+
+cn: ms-DFSR-RootPath
+ldapDisplayName: msDFSR-RootPath
+attributeId: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-RootSizeInMb
+ldapDisplayName: msDFSR-RootSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: Max-Storage
+ldapDisplayName: maxStorage
+attributeId: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-Schedule
+ldapDisplayName: msDFSR-Schedule
+attributeId: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4699f15f-a71f-48e2-9ff5-5897c0759205
+searchFlags: 0
+rangeLower: 336
+rangeUpper: 336
+
+cn: ms-DFSR-StagingPath
+ldapDisplayName: msDFSR-StagingPath
+attributeId: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b9a69e-f0a6-405d-99bb-77d977992c2a
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-StagingSizeInMb
+ldapDisplayName: msDFSR-StagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 250a8f20-f6fc-4559-ae65-e4b24c67aebe
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-TombstoneExpiryInMin
+ldapDisplayName: msDFSR-TombstoneExpiryInMin
+attributeId: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 23e35d4c-e324-4861-a22f-e199140dae00
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-Version
+ldapDisplayName: msDFSR-Version
+attributeId: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1a861408-38c3-49ea-ba75-85481a77c655
+searchFlags: 0
+rangeUpper: 256
+
+cn: MS-DRM-Identity-Certificate
+ldapDisplayName: msDRM-IdentityCertificate
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e85e1204-3434-41ad-9b56-e2901228fff0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Additional-Dns-Host-Name
+ldapDisplayName: msDS-AdditionalDnsHostName
+attributeId: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Additional-Sam-Account-Name
+ldapDisplayName: msDS-AdditionalSamAccountName
+attributeId: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 975571df-a4d5-429a-9f59-cdc6581d91e6
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-DNS-Suffixes
+ldapDisplayName: msDS-AllowedDNSSuffixes
+attributeId: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8469441b-9ac4-4e45-8205-bd219dbf672d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-To-Delegate-To
+ldapDisplayName: msDS-AllowedToDelegateTo
+attributeId: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Ticket-Age
+ldapDisplayName: maxTicketAge
+attributeId: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679be-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-All-Users-Trust-Quota
+ldapDisplayName: msDS-AllUsersTrustQuota
+attributeId: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d3aa4a5c-4e03-4810-97aa-2b339e7a434b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Approx-Immed-Subordinates
+ldapDisplayName: msDS-Approx-Immed-Subordinates
+attributeId: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e185d243-f6ce-4adb-b496-b0c005d7823c
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedAt-DC
+ldapDisplayName: msDS-AuthenticatedAtDC
+attributeId: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e1ee99c-6604-4489-89d9-84798a89515a
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedTo-Accountlist
+ldapDisplayName: msDS-AuthenticatedToAccountlist
+attributeId: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e8b2c971-a6df-47bc-8d6f-62770d527aa5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2113
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Auxiliary-Classes
+ldapDisplayName: msDS-Auxiliary-Classes
+attributeId: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: c4af1073-ee50-4be0-b8c0-89a41fe99abe
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Application-Data
+ldapDisplayName: msDS-AzApplicationData
+attributeId: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 503fc3e8-1cc6-461a-99a3-9eee04f402a7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Name
+ldapDisplayName: msDS-AzApplicationName
+attributeId: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: db5b0728-6208-4876-83b7-95d3e5695275
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Version
+ldapDisplayName: msDS-AzApplicationVersion
+attributeId: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7184a120-3ac4-47ae-848f-fe0ab20784d4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule
+ldapDisplayName: msDS-AzBizRule
+attributeId: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 33d41ea8-c0c9-4c92-9494-f104878413fd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule-Language
+ldapDisplayName: msDS-AzBizRuleLanguage
+attributeId: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: May-Contain
+ldapDisplayName: mayContain
+attributeId: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679bf-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Class-ID
+ldapDisplayName: msDS-AzClassId
+attributeId: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 013a7277-5c2d-49ef-a7de-b765b36a3f6f
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 40
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Domain-Timeout
+ldapDisplayName: msDS-AzDomainTimeout
+attributeId: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generate-Audits
+ldapDisplayName: msDS-AzGenerateAudits
+attributeId: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f90abab0-186c-4418-bb85-88447c87222a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generic-Data
+ldapDisplayName: msDS-AzGenericData
+attributeId: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b5f7e349-7a5b-407c-a334-a31c3f538b98
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+ldapDisplayName: msDS-AzLastImportedBizRulePath
+attributeId: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 665acb5c-bb92-4dbc-8c59-b3638eab09b3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-LDAP-Query
+ldapDisplayName: msDS-AzLDAPQuery
+attributeId: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5e53368b-fc94-45c8-9d7d-daf31ee7112d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 4096
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Major-Version
+ldapDisplayName: msDS-AzMajorVersion
+attributeId: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: cfb9adb7-c4b7-4059-9568-1ed9db6b7248
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Minor-Version
+ldapDisplayName: msDS-AzMinorVersion
+attributeId: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee85ed93-b209-4788-8165-e702f51bfbf3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Object-Guid
+ldapDisplayName: msDS-AzObjectGuid
+attributeId: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8491e548-6c38-4365-a732-af041569b02c
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation-ID
+ldapDisplayName: msDS-AzOperationID
+attributeId: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a5f3b553-5d76-4cbe-ba3f-4312152cab18
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingAdvertiseScope
+ldapDisplayName: meetingAdvertiseScope
+attributeId: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8b-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope-Name
+ldapDisplayName: msDS-AzScopeName
+attributeId: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 515a6b06-2617-4173-8099-d5605df043c6
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Engine-Cache-Max
+ldapDisplayName: msDS-AzScriptEngineCacheMax
+attributeId: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Timeout
+ldapDisplayName: msDS-AzScriptTimeout
+attributeId: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task-Is-Role-Definition
+ldapDisplayName: msDS-AzTaskIsRoleDefinition
+attributeId: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7b078544-6c82-4fe9-872f-ff48ad2b2e26
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Behavior-Version
+ldapDisplayName: msDS-Behavior-Version
+attributeId: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Byte-Array
+ldapDisplayName: msDS-ByteArray
+attributeId: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+
+cn: ms-DS-Cached-Membership
+ldapDisplayName: msDS-Cached-Membership
+attributeId: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Cached-Membership-Time-Stamp
+ldapDisplayName: msDS-Cached-Membership-Time-Stamp
+attributeId: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Date-Time
+ldapDisplayName: msDS-DateTime
+attributeId: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ms-DS-Default-Quota
+ldapDisplayName: msDS-DefaultQuota
+attributeId: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6818f726-674b-441b-8a3a-f40596374cea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Machine-Architecture
+ldapDisplayName: machineArchitecture
+attributeId: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679af-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingApplication
+ldapDisplayName: meetingApplication
+attributeId: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc83-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-DnsRootAlias
+ldapDisplayName: msDS-DnsRootAlias
+attributeId: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2143acca-eead-4d29-b591-85fa49ce9173
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Entry-Time-To-Die
+ldapDisplayName: msDS-Entry-Time-To-Die
+attributeId: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: e1e9bad7-c6dd-4101-a843-794cec85b038
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ExecuteScriptPassword
+ldapDisplayName: msDS-ExecuteScriptPassword
+attributeId: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9d054a5a-d187-46c1-9d85-42dfc44a56dd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-External-Key
+ldapDisplayName: msDS-ExternalKey
+attributeId: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b92fd528-38ac-40d4-818d-0433380837c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-External-Store
+ldapDisplayName: msDS-ExternalStore
+attributeId: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 604877cd-9cdb-47c7-b03d-3daadb044910
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-Failed-Interactive-Logon-Count
+ldapDisplayName: msDS-FailedInteractiveLogonCount
+attributeId: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: dc3ca86f-70ad-4960-8425-a4d6313d93dd
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+attributeId: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5d234e5-644a-4403-a665-e26e0aef5e98
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Filter-Containers
+ldapDisplayName: msDS-FilterContainers
+attributeId: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fb00dcdf-ac37-483a-9c12-ac53a6603033
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-HAB-Seniority-Index
+ldapDisplayName: msDS-HABSeniorityIndex
+attributeId: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: def449f1-fd3b-4045-98cf-d9658da788b5
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 36000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Has-Domain-NCs
+ldapDisplayName: msDS-HasDomainNCs
+attributeId: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 6f17e347-a842-4498-b8b3-15e007da4fed
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingBandwidth
+ldapDisplayName: meetingBandwidth
+attributeId: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc92-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Has-Full-Replica-NCs
+ldapDisplayName: msDS-hasFullReplicaNCs
+attributeId: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2104
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Instantiated-NCs
+ldapDisplayName: msDS-HasInstantiatedNCs
+attributeId: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 11e9a5bc-4517-4049-af9c-51554fb0fc09
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Master-NCs
+ldapDisplayName: msDS-hasMasterNCs
+attributeId: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Integer
+ldapDisplayName: msDS-Integer
+attributeId: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ms-DS-IntId
+ldapDisplayName: msDS-IntId
+attributeId: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bc60096a-1b47-4b30-8877-602c93f56532
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Domain-For
+ldapDisplayName: msDS-IsDomainFor
+attributeId: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ff155a2a-44e5-4de0-8318-13a58988de4f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2027
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Is-Full-Replica-For
+ldapDisplayName: msDS-IsFullReplicaFor
+attributeId: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c8bc72e0-a6b4-48f0-94a5-fd76a88c9987
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isGC
+ldapDisplayName: msDS-isGC
+attributeId: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1df5cf33-0fe5-499e-90e1-e94b42718a46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Partial-Replica-For
+ldapDisplayName: msDS-IsPartialReplicaFor
+attributeId: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 37c94ff6-c6d4-498f-b2f9-c6f7f8647809
+systemOnly: TRUE
+searchFlags: 0
+linkID: 75
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isRODC
+ldapDisplayName: msDS-isRODC
+attributeId: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingBlob
+ldapDisplayName: meetingBlob
+attributeId: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc93-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-KeyVersionNumber
+ldapDisplayName: msDS-KeyVersionNumber
+attributeId: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link
+ldapDisplayName: msDS-KrbTgtLink
+attributeId: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 778ff5c9-6f4e-4b74-856a-d68383313910
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link-BL
+ldapDisplayName: msDS-KrbTgtLinkBl
+attributeId: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5dd68c41-bfdf-438b-9b5d-39d9618bf260
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+ldapDisplayName: msDS-LastFailedInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c7e7dafa-10c3-4b8b-9acd-54f11063742e
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 011929e6-8b5d-4258-b64a-00b0b4949747
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Duration
+ldapDisplayName: msDS-LockoutDuration
+attributeId: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Threshold
+ldapDisplayName: msDS-LockoutThreshold
+attributeId: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid:: b8c8c35e-4a19-4a95-99d0-69fe4446286f
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Observation-Window
+ldapDisplayName: msDS-LockoutObservationWindow
+attributeId: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: b05bda89-76af-468a-b892-1be55558ecc8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Logon-Time-Sync-Interval
+ldapDisplayName: msDS-LogonTimeSyncInterval
+attributeId: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ad7940f8-e43a-4a42-83bc-d688e59ea605
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Mastered-By
+ldapDisplayName: msDs-masteredBy
+attributeId: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 60234769-4819-4615-a1b2-49d2f119acb5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingContactInfo
+ldapDisplayName: meetingContactInfo
+attributeId: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc87-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Maximum-Password-Age
+ldapDisplayName: msDS-MaximumPasswordAge
+attributeId: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Max-Values
+ldapDisplayName: msDs-MaxValues
+attributeId: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d1e169a4-ebe9-49bf-8fcb-8aef3874592d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Members-For-Az-Role
+ldapDisplayName: msDS-MembersForAzRole
+attributeId: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cbf7e6cd-85a4-4314-8939-8bfe80597835
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2016
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Members-For-Az-Role-BL
+ldapDisplayName: msDS-MembersForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ececcd20-a7e0-4688-9ccf-02ece5e287f5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2017
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Minimum-Password-Age
+ldapDisplayName: msDS-MinimumPasswordAge
+attributeId: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Minimum-Password-Length
+ldapDisplayName: msDS-MinimumPasswordLength
+attributeId: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: b21b3439-4c3a-441c-bb5f-08f20e9b315e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Replica-Locations
+ldapDisplayName: msDS-NC-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 97de9615-b537-46bc-ac0f-10720f3909f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1044
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations
+ldapDisplayName: msDS-NC-RO-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3df793df-9858-4417-a701-735a1ecebf74
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2114
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations-BL
+ldapDisplayName: msDS-NC-RO-Replica-Locations-BL
+attributeId: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f547511c-5b2a-44cc-8358-992a88258164
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2115
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-NC-Type
+ldapDisplayName: msDS-NcType
+attributeId: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingDescription
+ldapDisplayName: meetingDescription
+attributeId: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-NC-Repl-Cursors
+ldapDisplayName: msDS-NCReplCursors
+attributeId: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+ldapDisplayName: msDS-NCReplInboundNeighbors
+attributeId: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+ldapDisplayName: msDS-NCReplOutboundNeighbors
+attributeId: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Never-Reveal-Group
+ldapDisplayName: msDS-NeverRevealGroup
+attributeId: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 15585999-fd49-4d66-b25d-eeb96aba8174
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Non-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2de144fc-1f52-486f-bdf4-16fcc3084e54
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Non-Members
+ldapDisplayName: msDS-NonMembers
+attributeId: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cafcb1de-f23c-46b5-adf7-1e64957bd5db
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members-BL
+ldapDisplayName: msDS-NonMembersBL
+attributeId: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Object-Reference
+ldapDisplayName: msDS-ObjectReference
+attributeId: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 638ec2e8-22e7-409c-85d2-11b21bee72de
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2038
+
+cn: ms-DS-Object-Reference-BL
+ldapDisplayName: msDS-ObjectReferenceBL
+attributeId: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2039
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Role
+ldapDisplayName: msDS-OperationsForAzRole
+attributeId: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 93f701be-fa4c-43b6-bc2f-4dbea718ffab
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingEndTime
+ldapDisplayName: meetingEndTime
+attributeId: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc91-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Role-BL
+ldapDisplayName: msDS-OperationsForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f85b6228-3734-4525-b6b7-3f3bb220902c
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2023
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Task
+ldapDisplayName: msDS-OperationsForAzTask
+attributeId: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1aacb436-2e9d-44a9-9298-ce4debeb6ebf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2018
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Task-BL
+ldapDisplayName: msDS-OperationsForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a637d211-5739-4ed1-89b2-88974548bc59
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2019
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Other-Settings
+ldapDisplayName: msDS-Other-Settings
+attributeId: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 79d2f34c-9d7d-42bb-838f-866b3e4400e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Complexity-Enabled
+ldapDisplayName: msDS-PasswordComplexityEnabled
+attributeId: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: db68054b-c9c3-4bf0-b15b-0fb52552a610
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-History-Length
+ldapDisplayName: msDS-PasswordHistoryLength
+attributeId: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: fed81bb7-768c-4c2f-9641-2245de34794d
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled
+attributeId: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Settings-Precedence
+ldapDisplayName: msDS-PasswordSettingsPrecedence
+attributeId: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Quota
+ldapDisplayName: msDS-PerUserTrustQuota
+attributeId: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d161adf0-ca24-4993-a3aa-8b2c981302e8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+ldapDisplayName: msDS-PerUserTrustTombstonesQuota
+attributeId: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingID
+ldapDisplayName: meetingID
+attributeId: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Company-Name
+ldapDisplayName: msDS-PhoneticCompanyName
+attributeId: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5bd5208d-e5f4-46ae-a514-543bc9c47659
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35985
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Department
+ldapDisplayName: msDS-PhoneticDepartment
+attributeId: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6cd53daf-003e-49e7-a702-6fa896e7a6ef
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35984
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Display-Name
+ldapDisplayName: msDS-PhoneticDisplayName
+attributeId: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e21a94e4-2d66-4ce5-b30d-0ef87a776ff0
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35986
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Phonetic-First-Name
+ldapDisplayName: msDS-PhoneticFirstName
+attributeId: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b1cba4e-302f-4134-ac7c-f01f6c797843
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35982
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Last-Name
+ldapDisplayName: msDS-PhoneticLastName
+attributeId: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f217e4ec-0836-4b90-88af-2f5d4bbda2bc
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35983
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Preferred-GC-Site
+ldapDisplayName: msDS-Preferred-GC-Site
+attributeId: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: d921b50a-0ab2-42cd-87f6-09cf83a91854
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Principal-Name
+ldapDisplayName: msDS-PrincipalName
+attributeId: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 564e9325-d057-c143-9e3b-4f9e5ef46f93
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Promotion-Settings
+ldapDisplayName: msDS-PromotionSettings
+attributeId: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c881b4e2-43c0-4ebe-b9bb-5250aa9b434c
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-PSO-Applied
+ldapDisplayName: msDS-PSOApplied
+attributeId: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b
+linkID: 2119
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-PSO-Applies-To
+ldapDisplayName: msDS-PSOAppliesTo
+attributeId: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 64c80f48-cdd2-4881-a86d-4e97b6f561fc
+linkID: 2118
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIP
+ldapDisplayName: meetingIP
+attributeId: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc89-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Amount
+ldapDisplayName: msDS-QuotaAmount
+attributeId: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fbb9a00d-3a8c-4233-9cf9-7189264903a1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Effective
+ldapDisplayName: msDS-QuotaEffective
+attributeId: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6655b152-101c-48b4-b347-e1fcebc60157
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Trustee
+ldapDisplayName: msDS-QuotaTrustee
+attributeId: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 16378906-4ea5-49be-a8d1-bfd41dff4f65
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 28
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Used
+ldapDisplayName: msDS-QuotaUsed
+attributeId: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b5a84308-615d-4bb7-b05f-2f1746aa439f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Attribute-Meta-Data
+ldapDisplayName: msDS-ReplAttributeMetaData
+attributeId: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d7c53242-724e-4c39-9d4c-2df8c9d66c7a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ReplicationEpoch
+ldapDisplayName: msDS-ReplicationEpoch
+attributeId: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Value-Meta-Data
+ldapDisplayName: msDS-ReplValueMetaData
+attributeId: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Resultant-PSO
+ldapDisplayName: msDS-ResultantPSO
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingIsEncrypted
+ldapDisplayName: meetingIsEncrypted
+attributeId: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Retired-Repl-NC-Signatures
+ldapDisplayName: msDS-RetiredReplNCSignatures
+attributeId: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d5b35506-19d6-4d26-9afb-11357ac99b5e
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-DSAs
+ldapDisplayName: msDS-RevealedDSAs
+attributeId: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 94f6f2ac-c76d-4b5e-b71f-f332c3e93c22
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List
+ldapDisplayName: msDS-RevealedList
+attributeId: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.12
+isSingleValued: FALSE
+schemaIdGuid: cbdad11c-7fec-387b-6219-3a0627d9af81
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List-BL
+ldapDisplayName: msDS-RevealedListBL
+attributeId: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: aa1c88fd-b0f6-429f-b2ca-9d902266e808
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-Users
+ldapDisplayName: msDS-RevealedUsers
+attributeId: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 185c7821-3749-443a-bd6a-288899071adb
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2102
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Reveal-OnDemand-Group
+ldapDisplayName: msDS-RevealOnDemandGroup
+attributeId: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 303d9f4a-1dd6-4b38-8fc5-33afe8c988ad
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2110
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-ds-Schema-Extensions
+ldapDisplayName: msDs-Schema-Extensions
+attributeId: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b39a61be-ed07-4cab-9a4a-4963ed0141e1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-SD-Reference-Domain
+ldapDisplayName: msDS-SDReferenceDomain
+attributeId: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 4c51e316-f628-43a5-b06b-ffb695fcb4f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Secondary-KrbTgt-Number
+ldapDisplayName: msDS-SecondaryKrbTgtNumber
+attributeId: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: aa156612-2396-467e-ad6a-28d23fdb1865
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 65536
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4f146ae8-a4fe-4801-a731-f51848a4f4e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingKeyword
+ldapDisplayName: meetingKeyword
+attributeId: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc7f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Settings
+ldapDisplayName: msDS-Settings
+attributeId: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+
+cn: ms-DS-SiteName
+ldapDisplayName: msDS-SiteName
+attributeId: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 98a7f36d-3595-448a-9e6f-6b8965baed9c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Site-Affinity
+ldapDisplayName: msDS-Site-Affinity
+attributeId: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c17c5602-bcb7-46f0-9656-6370ca884b72
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Source-Object-DN
+ldapDisplayName: msDS-SourceObjectDN
+attributeId: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 773e93af-d3b4-48d4-b3f9-06457602d3d0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10240
+
+cn: ms-DS-SPN-Suffixes
+ldapDisplayName: msDS-SPNSuffixes
+attributeId: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Supported-Encryption-Types
+ldapDisplayName: msDS-SupportedEncryptionTypes
+attributeId: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 20119867-1d04-4ab7-9371-cfc3d5df0afd
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Tasks-For-Az-Role
+ldapDisplayName: msDS-TasksForAzRole
+attributeId: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 35319082-8c4a-4646-9386-c2949d49894d
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Role-BL
+ldapDisplayName: msDS-TasksForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a0dcd536-5158-42fe-8c40-c00a7ad37959
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2025
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tasks-For-Az-Task
+ldapDisplayName: msDS-TasksForAzTask
+attributeId: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b11c8ee2-5fcd-46a7-95f0-f38333f096cf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2020
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Password-Change-Interval
+ldapDisplayName: machinePasswordChangeInterval
+attributeId: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c9b6358e-bb38-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLanguage
+ldapDisplayName: meetingLanguage
+attributeId: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc84-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Task-BL
+ldapDisplayName: msDS-TasksForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: df446e52-b5fa-4ca2-a42f-13f98a526c8f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tombstone-Quota-Factor
+ldapDisplayName: msDS-TombstoneQuotaFactor
+attributeId: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 461744d7-f3b6-45ba-8753-fb9552a5df32
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Top-Quota-Usage
+ldapDisplayName: msDS-TopQuotaUsage
+attributeId: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7b7cce4f-f1f5-4bb6-b7eb-23504af19e75
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Trust-Forest-Trust-Info
+ldapDisplayName: msDS-TrustForestTrustInfo
+attributeId: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 29cc866e-49d3-4969-942e-1dbc0925d183
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-UpdateScript
+ldapDisplayName: msDS-UpdateScript
+attributeId: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 146eb639-bb9f-4fc1-a825-e29e00c77920
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Account-Control-Computed
+ldapDisplayName: msDS-User-Account-Control-Computed
+attributeId: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2cc4b836-b63f-4940-8d23-ea7acf06af56
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Password-Expiry-Time-Computed
+ldapDisplayName: msDS-UserPasswordExpiryTimeComputed
+attributeId: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-Exch-Assistant-Name
+ldapDisplayName: msExchAssistantName
+attributeId: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7394-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 14896
+
+cn: ms-Exch-House-Identifier
+ldapDisplayName: msExchHouseIdentifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7407-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 35924
+
+cn: ms-Exch-LabeledURI
+ldapDisplayName: msExchLabeledURI
+attributeId: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 16775820-47f3-11d1-a9c3-0000f80367c1
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35921
+
+cn: meetingLocation
+ldapDisplayName: meetingLocation
+attributeId: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc80-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FRS-Hub-Member
+ldapDisplayName: msFRS-Hub-Member
+attributeId: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5643ff81-35b6-4ca9-9512-baf0bd0a2772
+searchFlags: 0
+linkID: 1046
+
+cn: ms-FRS-Topology-Pref
+ldapDisplayName: msFRS-Topology-Pref
+attributeId: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 92aa27e0-5c50-402d-9ec1-ee847def9788
+searchFlags: 0
+
+cn: ms-FVE-KeyPackage
+ldapDisplayName: msFVE-KeyPackage
+attributeId: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+rangeUpper: 102400
+schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa-97186a54
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryGuid
+ldapDisplayName: msFVE-RecoveryGuid
+attributeId: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryPassword
+ldapDisplayName: msFVE-RecoveryPassword
+attributeId: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 256
+schemaIdGuid: 43061ac1-c8ad-4ccc-b785-2bfac20fc60a
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-VolumeGuid
+ldapDisplayName: msFVE-VolumeGuid
+attributeId: 1.2.840.113556.1.4.1965
+attributeId: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data
+ldapDisplayName: msieee80211-Data
+attributeId: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0e0d0938-2658-4580-a9f6-7a0ac7b566cb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data-Type
+ldapDisplayName: msieee80211-DataType
+attributeId: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6558b180-35da-4efe-beed-521f8f48cafb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-ID
+ldapDisplayName: msieee80211-ID
+attributeId: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f73ef75-14c9-4c23-81de-dd07a06f9e8b
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-File-List
+ldapDisplayName: msiFileList
+attributeId: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7d-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingMaxParticipants
+ldapDisplayName: meetingMaxParticipants
+attributeId: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc85-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Dir
+ldapDisplayName: msIIS-FTPDir
+attributeId: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Root
+ldapDisplayName: msIIS-FTPRoot
+attributeId: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a7827a4-1483-49a5-9d84-52e3812156b4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script
+ldapDisplayName: msiScript
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18313-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Name
+ldapDisplayName: msiScriptName
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd62-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Path
+ldapDisplayName: msiScriptPath
+attributeId: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967937-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Size
+ldapDisplayName: msiScriptSize
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd63-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Multicast-Address
+ldapDisplayName: MSMQ-MulticastAddress
+attributeId: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1d2f4412-f10d-4337-9b48-6e5b125cd265
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 9
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Recipient-FormatName
+ldapDisplayName: msMQ-Recipient-FormatName
+attributeId: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3bfe6748-b544-485a-b067-1b310c4334bf
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Secured-Source
+ldapDisplayName: MSMQ-SecuredSource
+attributeId: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8bf0221b-7a06-4d63-91f0-1499941813d3
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Authenticate
+ldapDisplayName: mSMQAuthenticate
+attributeId: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc326-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingName
+ldapDisplayName: meetingName
+attributeId: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Base-Priority
+ldapDisplayName: mSMQBasePriority
+attributeId: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc323-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type
+ldapDisplayName: mSMQComputerType
+attributeId: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type-Ex
+ldapDisplayName: mSMQComputerTypeEx
+attributeId: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 18120de8-f4c4-4341-bd95-32eb5bcf7c80
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Cost
+ldapDisplayName: mSMQCost
+attributeId: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-CSP-Name
+ldapDisplayName: mSMQCSPName
+attributeId: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc334-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Service
+ldapDisplayName: mSMQDependentClientService
+attributeId: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d83-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Services
+ldapDisplayName: mSMQDependentClientServices
+attributeId: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d76-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests
+ldapDisplayName: mSMQDigests
+attributeId: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc33c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests-Mig
+ldapDisplayName: mSMQDigestsMig
+attributeId: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Service
+ldapDisplayName: mSMQDsService
+attributeId: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d82-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOriginator
+ldapDisplayName: meetingOriginator
+attributeId: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc86-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Services
+ldapDisplayName: mSMQDsServices
+attributeId: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d78-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Encrypt-Key
+ldapDisplayName: mSMQEncryptKey
+attributeId: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc331-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Foreign
+ldapDisplayName: mSMQForeign
+attributeId: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-In-Routing-Servers
+ldapDisplayName: mSMQInRoutingServers
+attributeId: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval1
+ldapDisplayName: mSMQInterval1
+attributeId: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval2
+ldapDisplayName: mSMQInterval2
+attributeId: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal
+ldapDisplayName: mSMQJournal
+attributeId: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc321-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal-Quota
+ldapDisplayName: mSMQJournalQuota
+attributeId: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc324-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label
+ldapDisplayName: mSMQLabel
+attributeId: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc325-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label-Ex
+ldapDisplayName: mSMQLabelEx
+attributeId: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4580ad25-d407-48d2-ad24-43e6e56793d7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOwner
+ldapDisplayName: meetingOwner
+attributeId: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc88-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Long-Lived
+ldapDisplayName: mSMQLongLived
+attributeId: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc335-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated
+ldapDisplayName: mSMQMigrated
+attributeId: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Name-Style
+ldapDisplayName: mSMQNameStyle
+attributeId: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc333-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Flags
+ldapDisplayName: mSMQNt4Flags
+attributeId: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb38a158-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Stub
+ldapDisplayName: mSMQNt4Stub
+attributeId: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6f914be6-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-OS-Type
+ldapDisplayName: mSMQOSType
+attributeId: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc330-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Out-Routing-Servers
+ldapDisplayName: mSMQOutRoutingServers
+attributeId: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Owner-ID
+ldapDisplayName: mSMQOwnerID
+attributeId: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc328-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MSMQ-Prev-Site-Gates
+ldapDisplayName: mSMQPrevSiteGates
+attributeId: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d75-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Privacy-Level
+ldapDisplayName: mSMQPrivacyLevel
+attributeId: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc327-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingProtocol
+ldapDisplayName: meetingProtocol
+attributeId: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc81-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-QM-ID
+ldapDisplayName: mSMQQMID
+attributeId: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Journal-Quota
+ldapDisplayName: mSMQQueueJournalQuota
+attributeId: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8e441266-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Name-Ext
+ldapDisplayName: mSMQQueueNameExt
+attributeId: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2df90d87-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 92
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Quota
+ldapDisplayName: mSMQQueueQuota
+attributeId: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3f6b8e12-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Type
+ldapDisplayName: mSMQQueueType
+attributeId: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc320-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Quota
+ldapDisplayName: mSMQQuota
+attributeId: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc322-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Service
+ldapDisplayName: mSMQRoutingService
+attributeId: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d81-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Services
+ldapDisplayName: mSMQRoutingServices
+attributeId: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d77-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Services
+ldapDisplayName: mSMQServices
+attributeId: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Service-Type
+ldapDisplayName: mSMQServiceType
+attributeId: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRating
+ldapDisplayName: meetingRating
+attributeId: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates
+ldapDisplayName: mSMQSignCertificates
+attributeId: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates-Mig
+ldapDisplayName: mSMQSignCertificatesMig
+attributeId: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Key
+ldapDisplayName: mSMQSignKey
+attributeId: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc332-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-1
+ldapDisplayName: mSMQSite1
+attributeId: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc337-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-2
+ldapDisplayName: mSMQSite2
+attributeId: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc338-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Foreign
+ldapDisplayName: mSMQSiteForeign
+attributeId: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: fd129d8a-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates
+ldapDisplayName: mSMQSiteGates
+attributeId: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc339-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates-Mig
+ldapDisplayName: mSMQSiteGatesMig
+attributeId: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e2704852-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-ID
+ldapDisplayName: mSMQSiteID
+attributeId: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc340-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name
+ldapDisplayName: mSMQSiteName
+attributeId: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: ffadb4b2-de39-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRecurrence
+ldapDisplayName: meetingRecurrence
+attributeId: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name-Ex
+ldapDisplayName: mSMQSiteNameEx
+attributeId: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 422144fa-c17f-4649-94d6-9731ed2784ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sites
+ldapDisplayName: mSMQSites
+attributeId: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Transactional
+ldapDisplayName: mSMQTransactional
+attributeId: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc329-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-User-Sid
+ldapDisplayName: mSMQUserSid
+attributeId: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Version
+ldapDisplayName: mSMQVersion
+attributeId: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc336-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPAllowDialin
+ldapDisplayName: msNPAllowDialin
+attributeId: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCalledStationID
+ldapDisplayName: msNPCalledStationID
+attributeId: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCallingStationID
+ldapDisplayName: msNPCallingStationID
+attributeId: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908a-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPSavedCallingStationID
+ldapDisplayName: msNPSavedCallingStationID
+attributeId: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908e-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Cert-Template-OID
+ldapDisplayName: msPKI-Cert-Template-OID
+attributeId: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3164c36a-ba26-468c-8bda-c1e5cc256728
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingScope
+ldapDisplayName: meetingScope
+attributeId: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8a-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Application-Policy
+ldapDisplayName: msPKI-Certificate-Application-Policy
+attributeId: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dbd90548-aa37-4202-9966-8c537ba5ce32
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Name-Flag
+ldapDisplayName: msPKI-Certificate-Name-Flag
+attributeId: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea1dddc4-60ff-416e-8cc0-17cee534bce7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Policy
+ldapDisplayName: msPKI-Certificate-Policy
+attributeId: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enrollment-Flag
+ldapDisplayName: msPKI-Enrollment-Flag
+attributeId: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d15ef7d8-f226-46db-ae79-b34e560bd12c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Minimal-Key-Size
+ldapDisplayName: msPKI-Minimal-Key-Size
+attributeId: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e96a63f5-417f-46d3-be52-db7703c503df
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-Attribute
+ldapDisplayName: msPKI-OID-Attribute
+attributeId: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8c9e1288-5028-4f4f-a704-76d026f246ef
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-CPS
+ldapDisplayName: msPKI-OID-CPS
+attributeId: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 5f49940e-a79f-4a51-bb6f-3d446a54dc6b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-User-Notice
+ldapDisplayName: msPKI-OID-User-Notice
+attributeId: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 04c4da7a-e114-4e69-88de-e293f2d3b395
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-LocalizedName
+ldapDisplayName: msPKI-OIDLocalizedName
+attributeId: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7d59a816-bb05-4a72-971f-5c1331f67559
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Flag
+ldapDisplayName: msPKI-Private-Key-Flag
+attributeId: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bab04ac2-0435-4709-9307-28380e7c7001
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Role
+ldapDisplayName: machineRole
+attributeId: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679b2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingStartTime
+ldapDisplayName: meetingStartTime
+attributeId: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc90-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Application-Policies
+ldapDisplayName: msPKI-RA-Application-Policies
+attributeId: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Policies
+ldapDisplayName: msPKI-RA-Policies
+attributeId: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d546ae22-0951-4d47-817e-1c9f96faad46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Signature
+ldapDisplayName: msPKI-RA-Signature
+attributeId: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe17e04b-937d-4f7e-8e0e-9292c8d5683e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Supersede-Templates
+ldapDisplayName: msPKI-Supersede-Templates
+attributeId: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Minor-Revision
+ldapDisplayName: msPKI-Template-Minor-Revision
+attributeId: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 13f5236c-1884-46b1-b5d0-484e38990d58
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Schema-Version
+ldapDisplayName: msPKI-Template-Schema-Version
+attributeId: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0c15e9f5-491d-4594-918f-32813a091da9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-AccountCredentials
+ldapDisplayName: msPKIAccountCredentials
+attributeId: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-DPAPIMasterKeys
+ldapDisplayName: msPKIDPAPIMasterKeys
+attributeId: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b3f93023-9239-4f7c-b99c-6745d87adbc2
+systemOnly: FALSE
+searchFlags: fCONFIDENTAIL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2046
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RoamingTimeStamp
+ldapDisplayName: msPKIRoamingTimeStamp
+attributeId: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6617e4ac-a2f1-43ab-b60c-11fbd1facf05
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSCallbackNumber
+ldapDisplayName: msRADIUSCallbackNumber
+attributeId: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c909c-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingType
+ldapDisplayName: meetingType
+attributeId: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc82-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedInterfaceId
+ldapDisplayName: msRADIUS-FramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a6f24a23-d65c-4d65-a64f-35fb6873c2b9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSFramedIPAddress
+ldapDisplayName: msRADIUSFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90a4-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Prefix
+ldapDisplayName: msRADIUS-FramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: f63ed610-d67c-494d-87be-cd1e24359a38
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Route
+ldapDisplayName: msRADIUS-FramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 5a5aa804-3083-4863-94e5-018a79a22ec0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSFramedRoute
+ldapDisplayName: msRADIUSFramedRoute
+attributeId: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90a9-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedInterfaceId
+ldapDisplayName: msRADIUS-SavedFramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a4da7289-92a3-42e5-b6b6-dad16d280ac9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 0965a062-b1e1-403b-b48d-5c0eb0e952cc
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Route
+ldapDisplayName: msRADIUS-SavedFramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9666bb5c-df9d-4d41-b437-2eec7e27c9b3
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSServiceType
+ldapDisplayName: msRADIUSServiceType
+attributeId: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90b6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedCallbackNumber
+ldapDisplayName: msRASSavedCallbackNumber
+attributeId: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c90c5-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingURL
+ldapDisplayName: meetingURL
+attributeId: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedIPAddress
+ldapDisplayName: msRASSavedFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90c6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedRoute
+ldapDisplayName: msRASSavedFramedRoute
+attributeId: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90c7-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Attribute
+ldapDisplayName: msRRASAttribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ad-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Vendor-Attribute-Entry
+ldapDisplayName: msRRASVendorAttributeEntry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ac-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msSFU-30-Aliases
+ldapDisplayName: msSFU30Aliases
+attributeId: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 20ebf171-c69a-4c31-b29d-dcb837d8912d
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: msSFU-30-Crypt-Method
+ldapDisplayName: msSFU30CryptMethod
+attributeId: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4503d2a3-3d70-41b8-b077-dff123c15865
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Domains
+ldapDisplayName: msSFU30Domains
+attributeId: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 93095ed3-6f30-4bdd-b734-65d569f5f7c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 256000
+
+cn: msSFU-30-Field-Separator
+ldapDisplayName: msSFU30FieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a2e11a42-e781-4ca1-a7fa-ec307f62b6a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Intra-Field-Separator
+ldapDisplayName: msSFU30IntraFieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Is-Valid-Container
+ldapDisplayName: msSFU30IsValidContainer
+attributeId: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0dea42f5-278d-4157-b4a7-49b59664915b
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: Member
+ldapDisplayName: member
+attributeId: 2.5.4.31
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 2
+mapiID: 32777
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: msSFU-30-Key-Attributes
+ldapDisplayName: msSFU30KeyAttributes
+attributeId: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 32ecd698-ce9e-4894-a134-7ad76b082e83
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Key-Values
+ldapDisplayName: msSFU30KeyValues
+attributeId: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 37830235-e5e9-46f2-922b-d8d44f03e7ae
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: msSFU-30-Map-Filter
+ldapDisplayName: msSFU30MapFilter
+attributeId: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b16e01-024f-4e23-ad0d-71f1a406b684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Master-Server-Name
+ldapDisplayName: msSFU30MasterServerName
+attributeId: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4cc908a2-9e18-410e-8459-f17cc422020a
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Max-Gid-Number
+ldapDisplayName: msSFU30MaxGidNumber
+attributeId: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 04ee6aa6-f83b-469a-bf5a-3c00d3634669
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Max-Uid-Number
+ldapDisplayName: msSFU30MaxUidNumber
+attributeId: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec998437-d944-4a28-8500-217588adfc75
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Name
+ldapDisplayName: msSFU30Name
+attributeId: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 16c5d1d3-35c2-4061-a870-a5cefda804f0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Netgroup-Host-At-Domain
+ldapDisplayName: msSFU30NetgroupHostAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 97d2bf65-0466-4852-a25a-ec20f57ee36c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Netgroup-User-At-Domain
+ldapDisplayName: msSFU30NetgroupUserAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a9e84eed-e630-4b67-b4b3-cad2a82d345e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Nis-Domain
+ldapDisplayName: msSFU30NisDomain
+attributeId: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeUpper: 1024
+
+cn: MemberNisNetgroup
+ldapDisplayName: memberNisNetgroup
+attributeId: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 0f6a17dc-53e5-4be8-9442-8f3ce2f9012a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: msSFU-30-NSMAP-Field-Position
+ldapDisplayName: msSFU30NSMAPFieldPosition
+attributeId: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 585c9d5e-f599-4f07-9cf9-4373af4b89d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Order-Number
+ldapDisplayName: msSFU30OrderNumber
+attributeId: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 02625f05-d1ee-4f9f-b366-55266becb95c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Posix-Member
+ldapDisplayName: msSFU30PosixMember
+attributeId: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c875d82d-2848-4cec-bb50-3c5486d09d57
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2030
+
+cn: msSFU-30-Posix-Member-Of
+ldapDisplayName: msSFU30PosixMemberOf
+attributeId: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2031
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: msSFU-30-Result-Attributes
+ldapDisplayName: msSFU30ResultAttributes
+attributeId: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: e167b0b6-4045-4433-ac35-53f972d45cba
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Attributes
+ldapDisplayName: msSFU30SearchAttributes
+attributeId: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ef9a2df0-2e57-48c8-8950-0cc674004733
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Container
+ldapDisplayName: msSFU30SearchContainer
+attributeId: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27eebfa2-fbeb-4f8e-aad6-c50247994291
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: msSFU-30-Yp-Servers
+ldapDisplayName: msSFU30YpServers
+attributeId: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 084a944b-e150-4bfe-9345-40e1aedaebba
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+
+cn: ms-TAPI-Conference-Blob
+ldapDisplayName: msTAPI-ConferenceBlob
+attributeId: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4cc4601e-7201-4141-abc8-3e529ae88863
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Ip-Address
+ldapDisplayName: msTAPI-IpAddress
+attributeId: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: efd7d7f7-178e-4767-87fa-f8a16b840544
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Is-Member-Of-DL
+ldapDisplayName: memberOf
+attributeId: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967991-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fCOPY
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 3
+mapiID: 32776
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-TAPI-Protocol-Id
+ldapDisplayName: msTAPI-ProtocolId
+attributeId: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 89c1ebcf-7a5f-41fd-99ca-c900b32299ab
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Unique-Identifier
+ldapDisplayName: msTAPI-uid
+attributeId: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70a4e7ea-b3b9-4643-8918-e6dd2471bfd4
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TPM-OwnerInformation
+ldapDisplayName: msTPM-OwnerInformation
+attributeId: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe
+searchFlags: fRODCFilteredAttribute | fCOPY | fPRESERVEONDELETE |fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Allow-Logon
+ldapDisplayName: msTSAllowLogon
+attributeId: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 3a0cd464-bc54-40e7-93ae-a646a6ecc4b4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Broken-Connection-Action
+ldapDisplayName: msTSBrokenConnectionAction
+attributeId: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1cf41bba-5604-463e-94d6-1a1287b72ca3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Client-Drives
+ldapDisplayName: msTSConnectClientDrives
+attributeId: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 23572aaf-29dd-44ea-b0fa-7e8438b9a4a3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Printer-Drives
+ldapDisplayName: msTSConnectPrinterDrives
+attributeId: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8ce6a937-871b-4c92-b285-d99d4036681c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Default-To-Main-Printer
+ldapDisplayName: msTSDefaultToMainPrinter
+attributeId: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ExpireDate
+ldapDisplayName: msTSExpireDate
+attributeId: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 70004ef5-25c3-446a-97c8-996ae8566776
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate2
+ldapDisplayName: msTSExpireDate2
+attributeId: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MemberUid
+ldapDisplayName: memberUid
+attributeId: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 03dab236-672e-4f61-ab64-f77d2dc2ffab
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256000
+
+cn: MS-TS-ExpireDate3
+ldapDisplayName: msTSExpireDate3
+attributeId: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 41bc7f04-be72-4930-bd10-1f3439412387
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate4
+ldapDisplayName: msTSExpireDate4
+attributeId: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 5e11dc43-204a-4faf-a008-6863621c6f5f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: ms-TS-Home-Directory
+ldapDisplayName: msTSHomeDirectory
+attributeId: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5d3510f0-c4e7-4122-b91f-a20add90e246
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Home-Drive
+ldapDisplayName: msTSHomeDrive
+attributeId: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5f0a24d9-dffa-4cd9-acbf-a0680c03731e
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Initial-Program
+ldapDisplayName: msTSInitialProgram
+attributeId: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9201ac6f-1d69-4dfb-802e-d95510109599
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion
+ldapDisplayName: msTSLicenseVersion
+attributeId: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0ae94a89-372f-4df2-ae8a-c64a2bc47278
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion2
+ldapDisplayName: msTSLicenseVersion2
+attributeId: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b0df103-8d97-45d9-ad69-85c3080ba4e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion3
+ldapDisplayName: msTSLicenseVersion3
+attributeId: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f8ba8f81-4cab-4973-a3c8-3a6da62a5e31
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion4
+ldapDisplayName: msTSLicenseVersion4
+attributeId: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70ca5d97-2304-490a-8a27-52678c8d2095
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property01
+ldapDisplayName: msTSLSProperty01
+attributeId: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 87e53590-971d-4a52-955b-4794d15a84ae
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MHS-OR-Address
+ldapDisplayName: mhsORAddress
+attributeId: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c122-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property02
+ldapDisplayName: msTSLSProperty02
+attributeId: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 47c77bb0-316e-4e2f-97f1-0d4c48fca9dd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS
+ldapDisplayName: msTSManagingLS
+attributeId: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f3bcc547-85b0-432c-9ac0-304506bf2c83
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS2
+ldapDisplayName: msTSManagingLS2
+attributeId: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: 349f0757-51bd-4fc8-9d66-3eceea8a25be
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS3
+ldapDisplayName: msTSManagingLS3
+attributeId: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: fad5dcc1-2130-4c87-a118-75322cd67050
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS4
+ldapDisplayName: msTSManagingLS4
+attributeId: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: f7a3b6a0-2107-4140-b306-75cb521731e5
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Connection-Time
+ldapDisplayName: msTSMaxConnectionTime
+attributeId: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1d960ee2-6464-4e95-a781-e3b5cd5f9588
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Disconnection-Time
+ldapDisplayName: msTSMaxDisconnectionTime
+attributeId: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 326f7089-53d8-4784-b814-46d8535110d2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Idle-Time
+ldapDisplayName: msTSMaxIdleTime
+attributeId: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff739e9c-6bb7-460e-b221-e250f3de0f95
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Profile-Path
+ldapDisplayName: msTSProfilePath
+attributeId: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e65c30db-316c-4060-a3a0-387b083f09cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property01
+ldapDisplayName: msTSProperty01
+attributeId: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: faaea977-9655-49d7-853d-f27bb7aaca0f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Name
+ldapDisplayName: middleName
+attributeId: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property02
+ldapDisplayName: msTSProperty02
+attributeId: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3586f6ac-51b7-4978-ab42-f936463198e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Reconnection-Action
+ldapDisplayName: msTSReconnectionAction
+attributeId: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 366ed7ca-3e18-4c7f-abae-351a01e4b4f7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Remote-Control
+ldapDisplayName: msTSRemoteControl
+attributeId: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 15177226-8642-468b-8c48-03ddfd004982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Work-Directory
+ldapDisplayName: msTSWorkDirectory
+attributeId: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a744f666-3d3c-4cc8-834b-9d4f6f687b8b
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Author
+ldapDisplayName: msWMI-Author
+attributeId: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ChangeDate
+ldapDisplayName: msWMI-ChangeDate
+attributeId: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Class
+ldapDisplayName: msWMI-Class
+attributeId: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 90c1925f-4a24-4b07-b202-be32eb3c8b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ClassDefinition
+ldapDisplayName: msWMI-ClassDefinition
+attributeId: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b9c0ebc-c272-45cb-99d2-4d0e691632e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-CreationDate
+ldapDisplayName: msWMI-CreationDate
+attributeId: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 748b0a2e-3351-4b3f-b171-2f17414ea779
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Genus
+ldapDisplayName: msWMI-Genus
+attributeId: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 50c8673a-8f56-4614-9308-9e1340fb9af3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Pwd-Age
+ldapDisplayName: minPwdAge
+attributeId: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-WMI-ID
+ldapDisplayName: msWMI-ID
+attributeId: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Default
+ldapDisplayName: msWMI-Int8Default
+attributeId: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f4d8085a-8c5b-4785-959b-dc585566e445
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Max
+ldapDisplayName: msWMI-Int8Max
+attributeId: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Min
+ldapDisplayName: msWMI-Int8Min
+attributeId: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8ValidValues
+ldapDisplayName: msWMI-Int8ValidValues
+attributeId: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: FALSE
+schemaIdGuid: 103519a9-c002-441b-981a-b0b3e012c803
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intDefault
+ldapDisplayName: msWMI-IntDefault
+attributeId: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags1
+ldapDisplayName: msWMI-intFlags1
+attributeId: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 18e006b9-6445-48e3-9dcf-b5ecfbc4df8e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags2
+ldapDisplayName: msWMI-intFlags2
+attributeId: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 075a42c9-c55a-45b1-ac93-eb086b31f610
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags3
+ldapDisplayName: msWMI-intFlags3
+attributeId: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f29fa736-de09-4be4-b23a-e734c124bacc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags4
+ldapDisplayName: msWMI-intFlags4
+attributeId: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Wide-Policy
+ldapDisplayName: machineWidePolicy
+attributeId: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e4f-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Pwd-Length
+ldapDisplayName: minPwdLength
+attributeId: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679c3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-WMI-intMax
+ldapDisplayName: msWMI-IntMax
+attributeId: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intMin
+ldapDisplayName: msWMI-IntMin
+attributeId: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intValidValues
+ldapDisplayName: msWMI-IntValidValues
+attributeId: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6af565f6-a749-4b72-9634-3c5d47e6b4e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Mof
+ldapDisplayName: msWMI-Mof
+attributeId: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Name
+ldapDisplayName: msWMI-Name
+attributeId: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-NormalizedClass
+ldapDisplayName: msWMI-NormalizedClass
+attributeId: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eaba628f-eb8e-4fe9-83fc-693be695559b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm1
+ldapDisplayName: msWMI-Parm1
+attributeId: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27e81485-b1b0-4a8b-bedd-ce19a837e26e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm2
+ldapDisplayName: msWMI-Parm2
+attributeId: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0003508e-9c42-4a76-a8f4-38bf64bab0de
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm3
+ldapDisplayName: msWMI-Parm3
+attributeId: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45958fb6-52bd-48ce-9f9f-c2712d9f2bfc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm4
+ldapDisplayName: msWMI-Parm4
+attributeId: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3800d5a3-f1ce-4b82-a59a-1528ea795f59
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Ticket-Age
+ldapDisplayName: minTicketAge
+attributeId: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-WMI-PropertyName
+ldapDisplayName: msWMI-PropertyName
+attributeId: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ab920883-e7f8-4d72-b4a0-c0449897509d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Query
+ldapDisplayName: msWMI-Query
+attributeId: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-QueryLanguage
+ldapDisplayName: msWMI-QueryLanguage
+attributeId: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d3cfa98-c17b-4254-8bd7-4de9b932a345
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ScopeGuid
+ldapDisplayName: msWMI-ScopeGuid
+attributeId: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87b78d51-405f-4b7f-80ed-2bd28786f48d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SourceOrganization
+ldapDisplayName: msWMI-SourceOrganization
+attributeId: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 34f7ed6c-615d-418d-aa00-549a7d7be03e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringDefault
+ldapDisplayName: msWMI-StringDefault
+attributeId: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 152e42b6-37c5-4f55-ab48-1606384a9aea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringValidValues
+ldapDisplayName: msWMI-StringValidValues
+attributeId: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 37609d31-a2bf-4b58-8f53-2b64e57a076d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetClass
+ldapDisplayName: msWMI-TargetClass
+attributeId: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetNameSpace
+ldapDisplayName: msWMI-TargetNameSpace
+attributeId: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1c4ab61f-3420-44e5-849d-8b5dbf60feb7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetObject
+ldapDisplayName: msWMI-TargetObject
+attributeId: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c44f67a5-7de5-4a1f-92d9-662b57364b77
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Primary
+ldapDisplayName: mobile
+attributeId: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa3-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14876
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetPath
+ldapDisplayName: msWMI-TargetPath
+attributeId: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5006a79a-6bfe-4561-9f52-13cf4dd3e560
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetType
+ldapDisplayName: msWMI-TargetType
+attributeId: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca2a281e-262b-4ff7-b419-bc123352a4e9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Must-Contain
+ldapDisplayName: mustContain
+attributeId: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679d3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count
+ldapDisplayName: modifiedCount
+attributeId: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count-At-Last-Prom
+ldapDisplayName: modifiedCountAtLastProm
+attributeId: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modify-Time-Stamp
+ldapDisplayName: modifyTimeStamp
+attributeId: 2.5.18.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Moniker
+ldapDisplayName: moniker
+attributeId: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679c7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Moniker-Display-Name
+ldapDisplayName: monikerDisplayName
+attributeId: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679c8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Move-Tree-State
+ldapDisplayName: moveTreeState
+attributeId: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Consistency-Child-Count
+ldapDisplayName: mS-DS-ConsistencyChildCount
+attributeId: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: E-mail-Addresses
+ldapDisplayName: mail
+attributeId: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967961-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14846
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Consistency-Guid
+ldapDisplayName: mS-DS-ConsistencyGuid
+attributeId: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 23773dc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Creator-SID
+ldapDisplayName: mS-DS-CreatorSID
+attributeId: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c5e60132-1480-11d3-91c1-0000f87a57d4
+systemOnly: TRUE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Machine-Account-Quota
+ldapDisplayName: ms-DS-MachineAccountQuota
+attributeId: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d064fb68-1480-11d3-91c1-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Replicates-NC-Reason
+ldapDisplayName: mS-DS-ReplicatesNCReason
+attributeId: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 0ea12b84-08b3-11d3-91bc-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-net-ieee-80211-GP-PolicyData
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9c1495a5-4d76-468e-991e-1433b0a67855
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 35697062-1eaf-448b-ac1e-388e0be4fdee
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0f69c62e-088e-4ff5-a53a-e923cec07c0a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyData
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8398948b-7457-4d91-bd4d-8d7ed669c9f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94a7b05a-b8b2-4f59-9c25-39e69baa1684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d3c527c7-2606-4deb-8cfd-18426feec8ce
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SMTP-Mail-Address
+ldapDisplayName: mailAddress
+attributeId: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d9736f-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-SQL-Alias
+ldapDisplayName: mS-SQL-Alias
+attributeId: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e0c6baae-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowAnonymousSubscription
+ldapDisplayName: mS-SQL-AllowAnonymousSubscription
+attributeId: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db77be4a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4186b6e-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowKnownPullSubscription
+ldapDisplayName: mS-SQL-AllowKnownPullSubscription
+attributeId: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c3bb7054-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c458ca80-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+ldapDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+attributeId: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c49b8be8-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AppleTalk
+ldapDisplayName: mS-SQL-AppleTalk
+attributeId: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8fda89f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Applications
+ldapDisplayName: mS-SQL-Applications
+attributeId: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fbcda2ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Build
+ldapDisplayName: mS-SQL-Build
+attributeId: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 603e94c4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CharacterSet
+ldapDisplayName: mS-SQL-CharacterSet
+attributeId: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 696177a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Managed-By
+ldapDisplayName: managedBy
+attributeId: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c120-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 72
+mapiID: 32780
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-SQL-Clustered
+ldapDisplayName: mS-SQL-Clustered
+attributeId: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7778bd90-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ConnectionURL
+ldapDisplayName: mS-SQL-ConnectionURL
+attributeId: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a92d23da-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Contact
+ldapDisplayName: mS-SQL-Contact
+attributeId: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4f6cbdd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CreationDate
+ldapDisplayName: mS-SQL-CreationDate
+attributeId: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ede14754-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Database
+ldapDisplayName: mS-SQL-Database
+attributeId: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d5a0dbdc-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Description
+ldapDisplayName: mS-SQL-Description
+attributeId: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8386603c-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSHeight
+ldapDisplayName: mS-SQL-GPSHeight
+attributeId: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bcdd4f0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLatitude
+ldapDisplayName: mS-SQL-GPSLatitude
+attributeId: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b222ba0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLongitude
+ldapDisplayName: mS-SQL-GPSLongitude
+attributeId: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7577c94-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationDirectory
+ldapDisplayName: mS-SQL-InformationDirectory
+attributeId: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d0aedb2e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Managed-Objects
+ldapDisplayName: managedObjects
+attributeId: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 0296c124-40da-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 73
+mapiID: 32804
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: MS-SQL-InformationURL
+ldapDisplayName: mS-SQL-InformationURL
+attributeId: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a42cd510-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Keywords
+ldapDisplayName: mS-SQL-Keywords
+attributeId: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 01e9a98a-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Language
+ldapDisplayName: mS-SQL-Language
+attributeId: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c57f72f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastBackupDate
+ldapDisplayName: mS-SQL-LastBackupDate
+attributeId: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f2b6abca-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastDiagnosticDate
+ldapDisplayName: mS-SQL-LastDiagnosticDate
+attributeId: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f6d6dd88-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastUpdatedDate
+ldapDisplayName: mS-SQL-LastUpdatedDate
+attributeId: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9fcc43d4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Location
+ldapDisplayName: mS-SQL-Location
+attributeId: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 561c9644-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Memory
+ldapDisplayName: mS-SQL-Memory
+attributeId: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 5b5d448c-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-MultiProtocol
+ldapDisplayName: mS-SQL-MultiProtocol
+attributeId: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8157fa38-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Name
+ldapDisplayName: mS-SQL-Name
+attributeId: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3532dfd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Comment-v2
+ldapDisplayName: msDFS-Commentv2
+attributeId: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4fb42f00-29bd-4f82-b94b-07c7fa61e449
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Generation-GUID-v2
+ldapDisplayName: msDFS-GenerationGUIDv2
+attributeId: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 62a45d41-424c-4905-b728-e5ef1fc4fe42
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFS-Last-Modified-v2
+ldapDisplayName: msDFS-LastModifiedv2
+attributeId: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: d6147e9b-b369-4b98-9f7b-1f345bb0680a
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: ms-DFS-Link-Identity-GUID-v2
+ldapDisplayName: msDFS-LinkIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 19e2bd91-e8fa-49b2-be2b-7efd5ae5676d
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower:16
+rangeUpper: 16
+
+cn: ms-DFS-Link-Path-v2
+ldapDisplayName: msDFS-LinkPathv2
+attributeId: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5882bb1e-3101-4845-a21e-1516e59279f2
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Link-Security-Descriptor-v2
+ldapDisplayName: msDFS-LinkSecurityDescriptorv2
+attributeId: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: d780b945-3caa-4d28-975b-eb3f08e455e1
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: ms-DFS-Namespace-Identity-GUID-v2
+ldapDisplayName: msDFS-NamespaceIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 87011f22-e651-4c27-b55b-51daf9f9d364
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFS-Properties-v2
+ldapDisplayName: msDFS-Propertiesv2
+attributeId: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1c070014-ebf6-4088-95b4-28b16cc31241
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+
+cn: ms-DFS-Schema-Major-Version
+ldapDisplayName: msDFS-SchemaMajorVersion
+attributeId: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2bcf447b-39d8-4ee8-909a-bb0755cc2f8d
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 2
+rangeUpper: 2
+
+cn: ms-DFS-Schema-Minor-Version
+ldapDisplayName: msDFS-SchemaMinorVersion
+attributeId: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d1e1dafb-8559-4519-866e-89e775557b9c
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 0
+
+cn: ms-DFS-Short-Name-Link-Path-v2
+ldapDisplayName: msDFS-ShortNameLinkPathv2
+attributeId: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52bfc673-9713-4e9b-aafd-56ee72fd16a4
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Target-List-v2
+ldapDisplayName: msDFS-TargetListv2
+attributeId: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9649b643-59a7-4791-999d-79100cf871d7
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2097152
+
+cn: ms-DFS-Ttl-v2
+ldapDisplayName: msDFS-Ttlv2
+attributeId: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 81ee1500-467e-4c83-a41a-295d12bdcc23
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: ms-DS-Is-User-Cachable-At-Rodc
+ldapDisplayName: msDS-IsUserCachableAtRodc
+attributeId: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe01245a-341f-4556-951f-48c033a89050
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN
+ldapDisplayName: name
+attributeId: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a0e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33282
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Netboot-Initialization
+ldapDisplayName: netbootInitialization
+attributeId: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978920-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Key-Usage
+ldapDisplayName: pKIKeyUsage
+attributeId: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Max-Issuing-Depth
+ldapDisplayName: pKIMaxIssuingDepth
+attributeId: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Overlap-Period
+ldapDisplayName: pKIOverlapPeriod
+attributeId: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1219a3ec-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT
+ldapDisplayName: pKT
+attributeId: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f1-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT-Guid
+ldapDisplayName: pKTGuid
+attributeId: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f0-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Policy-Replication-Flags
+ldapDisplayName: policyReplicationFlags
+attributeId: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b96-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Port-Name
+ldapDisplayName: portName
+attributeId: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416c4-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Possible-Inferiors
+ldapDisplayName: possibleInferiors
+attributeId: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Poss-Superiors
+ldapDisplayName: possSuperiors
+attributeId: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679fa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Postal-Address
+ldapDisplayName: postalAddress
+attributeId: 2.5.4.16
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-IntelliMirror-OSes
+ldapDisplayName: netbootIntelliMirrorOSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307e-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Postal-Code
+ldapDisplayName: postalCode
+attributeId: 2.5.4.17
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679fd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14890
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Post-Office-Box
+ldapDisplayName: postOfficeBox
+attributeId: 2.5.4.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14891
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Preferred-Delivery-Method
+ldapDisplayName: preferredDeliveryMethod
+attributeId: 2.5.4.28
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679fe-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: preferredLanguage
+ldapDisplayName: preferredLanguage
+attributeId: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Preferred-OU
+ldapDisplayName: preferredOU
+attributeId: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679ff-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prefix-Map
+ldapDisplayName: prefixMap
+attributeId: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458022-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Presentation-Address
+ldapDisplayName: presentationAddress
+attributeId: 2.5.4.29
+attributeSyntax: 2.5.5.13
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.732
+isSingleValued: TRUE
+schemaIdGuid: a8df744b-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-CA-Certificates
+ldapDisplayName: previousCACertificates
+attributeId: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2739-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-Parent-CA
+ldapDisplayName: previousParentCA
+attributeId: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Primary-Group-ID
+ldapDisplayName: primaryGroupID
+attributeId: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a00-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: netboot-Limit-Clients
+ldapDisplayName: netbootLimitClients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383077-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Primary-Group-Token
+ldapDisplayName: primaryGroupToken
+attributeId: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c0ed8738-7efd-4481-84d9-66d2db8be369
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Phone-ISDN-Primary
+ldapDisplayName: primaryInternationalISDNNumber
+attributeId: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c11f-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Primary
+ldapDisplayName: primaryTelexNumber
+attributeId: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c121-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Attributes
+ldapDisplayName: printAttributes
+attributeId: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Bin-Names
+ldapDisplayName: printBinNames
+attributeId: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416cd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Collate
+ldapDisplayName: printCollate
+attributeId: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d2-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Color
+ldapDisplayName: printColor
+attributeId: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d3-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Duplex-Supported
+ldapDisplayName: printDuplexSupported
+attributeId: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416cc-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-End-Time
+ldapDisplayName: printEndTime
+attributeId: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416ca-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Printer-Name
+ldapDisplayName: printerName
+attributeId: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 244b296e-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Locally-Installed-OSes
+ldapDisplayName: netbootLocallyInstalledOSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 07383080-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Form-Name
+ldapDisplayName: printFormName
+attributeId: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416cb-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Keep-Printed-Jobs
+ldapDisplayName: printKeepPrintedJobs
+attributeId: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f6d-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Language
+ldapDisplayName: printLanguage
+attributeId: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-MAC-Address
+ldapDisplayName: printMACAddress
+attributeId: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f7a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Copies
+ldapDisplayName: printMaxCopies
+attributeId: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d1-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Resolution-Supported
+ldapDisplayName: printMaxResolutionSupported
+attributeId: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416cf-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-X-Extent
+ldapDisplayName: printMaxXExtent
+attributeId: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6f-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Y-Extent
+ldapDisplayName: printMaxYExtent
+attributeId: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f70-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Ready
+ldapDisplayName: printMediaReady
+attributeId: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Supported
+ldapDisplayName: printMediaSupported
+attributeId: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b296f-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Machine-File-Path
+ldapDisplayName: netbootMachineFilePath
+attributeId: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978923-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Memory
+ldapDisplayName: printMemory
+attributeId: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f74-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-X-Extent
+ldapDisplayName: printMinXExtent
+attributeId: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f71-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-Y-Extent
+ldapDisplayName: printMinYExtent
+attributeId: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f72-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Network-Address
+ldapDisplayName: printNetworkAddress
+attributeId: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f79-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Notify
+ldapDisplayName: printNotify
+attributeId: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Number-Up
+ldapDisplayName: printNumberUp
+attributeId: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Orientations-Supported
+ldapDisplayName: printOrientationsSupported
+attributeId: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d0-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Owner
+ldapDisplayName: printOwner
+attributeId: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f69-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Pages-Per-Minute
+ldapDisplayName: printPagesPerMinute
+attributeId: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b97-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate
+ldapDisplayName: printRate
+attributeId: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f77-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Max-Clients
+ldapDisplayName: netbootMaxClients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383078-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate-Unit
+ldapDisplayName: printRateUnit
+attributeId: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f78-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Separator-File
+ldapDisplayName: printSeparatorFile
+attributeId: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Share-Name
+ldapDisplayName: printShareName
+attributeId: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba305f68-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Spooling
+ldapDisplayName: printSpooling
+attributeId: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6c-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Stapling-Supported
+ldapDisplayName: printStaplingSupported
+attributeId: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f73-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Start-Time
+ldapDisplayName: printStartTime
+attributeId: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Status
+ldapDisplayName: printStatus
+attributeId: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6b-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Priority
+ldapDisplayName: priority
+attributeId: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prior-Set-Time
+ldapDisplayName: priorSetTime
+attributeId: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a01-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Prior-Value
+ldapDisplayName: priorValue
+attributeId: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a02-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Netboot-Mirror-Data-File
+ldapDisplayName: netbootMirrorDataFile
+attributeId: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d85-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Private-Key
+ldapDisplayName: privateKey
+attributeId: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a03-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Privilege-Attributes
+ldapDisplayName: privilegeAttributes
+attributeId: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b9a-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Display-Name
+ldapDisplayName: privilegeDisplayName
+attributeId: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19405b98-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Holder
+ldapDisplayName: privilegeHolder
+attributeId: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9b-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 70
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Value
+ldapDisplayName: privilegeValue
+attributeId: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 19405b99-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Product-Code
+ldapDisplayName: productCode
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18317-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Profile-Path
+ldapDisplayName: profilePath
+attributeId: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a05-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxied-Object-Name
+ldapDisplayName: proxiedObjectName
+attributeId: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: TRUE
+schemaIdGuid: e1aea402-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Addresses
+ldapDisplayName: proxyAddresses
+attributeId: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a06-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 1123
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32783
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Generation-Enabled
+ldapDisplayName: proxyGenerationEnabled
+attributeId: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d6-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33201
+
+cn: netboot-New-Machine-Naming-Policy
+ldapDisplayName: netbootNewMachineNamingPolicy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307c-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Proxy-Lifetime
+ldapDisplayName: proxyLifetime
+attributeId: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a07-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Public-Key-Policy
+ldapDisplayName: publicKeyPolicy
+attributeId: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 80a67e28-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Purported-Search
+ldapDisplayName: purportedSearch
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b4b54e50-943a-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pwd-History-Length
+ldapDisplayName: pwdHistoryLength
+attributeId: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a09-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Last-Set
+ldapDisplayName: pwdLastSet
+attributeId: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a0a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Properties
+ldapDisplayName: pwdProperties
+attributeId: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Quality-Of-Service
+ldapDisplayName: qualityOfService
+attributeId: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4e-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Filter
+ldapDisplayName: queryFilter
+attributeId: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: cbf70a26-7e78-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: QueryPoint
+ldapDisplayName: queryPoint
+attributeId: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb86-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy-BL
+ldapDisplayName: queryPolicyBL
+attributeId: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e1aea404-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 69
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: netboot-New-Machine-OU
+ldapDisplayName: netbootNewMachineOU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0738307d-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy-Object
+ldapDisplayName: queryPolicyObject
+attributeId: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: e1aea403-cd5b-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 68
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Lower
+ldapDisplayName: rangeLower
+attributeId: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33043
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Upper
+ldapDisplayName: rangeUpper
+attributeId: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33044
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN-Att-ID
+ldapDisplayName: rDNAttID
+attributeId: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a0f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Registered-Address
+ldapDisplayName: registeredAddress
+attributeId: 2.5.4.26
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a10-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33049
+
+cn: Remote-Server-Name
+ldapDisplayName: remoteServerName
+attributeId: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a12-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source
+ldapDisplayName: remoteSource
+attributeId: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a14-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source-Type
+ldapDisplayName: remoteSourceType
+attributeId: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a15-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-GUID
+ldapDisplayName: remoteStorageGUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b0-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Replica-Source
+ldapDisplayName: replicaSource
+attributeId: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a18-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-SCP-BL
+ldapDisplayName: netbootSCPBL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 07383082-91df-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+isSingleValued: TRUE
+
+cn: Repl-Interval
+ldapDisplayName: replInterval
+attributeId: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 45ba9d1a-56fa-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Property-Meta-Data
+ldapDisplayName: replPropertyMetaData
+attributeId: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+
+cn: Repl-Topology-Stay-Of-Execution
+ldapDisplayName: replTopologyStayOfExecution
+attributeId: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb83-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-UpToDate-Vector
+ldapDisplayName: replUpToDateVector
+attributeId: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a16-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reps-From
+ldapDisplayName: repsFrom
+attributeId: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reps-To
+ldapDisplayName: repsTo
+attributeId: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Required-Categories
+ldapDisplayName: requiredCategories
+attributeId: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e93-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Retired-Repl-DSA-Signatures
+ldapDisplayName: retiredReplDSASignatures
+attributeId: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Revision
+ldapDisplayName: revision
+attributeId: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a21-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rid
+ldapDisplayName: rid
+attributeId: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a22-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Name-Service-Flags
+ldapDisplayName: nameServiceFlags
+attributeId: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212840-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Server
+ldapDisplayName: netbootServer
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 07383081-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RID-Allocation-Pool
+ldapDisplayName: rIDAllocationPool
+attributeId: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171889-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Available-Pool
+ldapDisplayName: rIDAvailablePool
+attributeId: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171888-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Manager-Reference
+ldapDisplayName: rIDManagerReference
+attributeId: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171886-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Next-RID
+ldapDisplayName: rIDNextRID
+attributeId: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Previous-Allocation-Pool
+ldapDisplayName: rIDPreviousAllocationPool
+attributeId: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188a-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Set-References
+ldapDisplayName: rIDSetReferences
+attributeId: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Used-Pool
+ldapDisplayName: rIDUsedPool
+attributeId: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188b-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rights-Guid
+ldapDisplayName: rightsGuid
+attributeId: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8297931c-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Role-Occupant
+ldapDisplayName: roleOccupant
+attributeId: 2.5.4.33
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a8df7465-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33061
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: roomNumber
+ldapDisplayName: roomNumber
+attributeId: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Netboot-SIF-File
+ldapDisplayName: netbootSIFFile
+attributeId: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d84-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Root-Trust
+ldapDisplayName: rootTrust
+attributeId: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb80-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: rpc-Ns-Annotation
+ldapDisplayName: rpcNsAnnotation
+attributeId: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 88611bde-8cf4-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Bindings
+ldapDisplayName: rpcNsBindings
+attributeId: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a23-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Codeset
+ldapDisplayName: rpcNsCodeset
+attributeId: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7a0ba0e0-8e98-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Entry-Flags
+ldapDisplayName: rpcNsEntryFlags
+attributeId: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212841-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Group
+ldapDisplayName: rpcNsGroup
+attributeId: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a24-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Interface-ID
+ldapDisplayName: rpcNsInterfaceID
+attributeId: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a25-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Object-ID
+ldapDisplayName: rpcNsObjectID
+attributeId: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 29401c48-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Priority
+ldapDisplayName: rpcNsPriority
+attributeId: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a27-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Profile-Entry
+ldapDisplayName: rpcNsProfileEntry
+attributeId: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a28-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Tools
+ldapDisplayName: netbootTools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307f-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Transfer-Syntax
+ldapDisplayName: rpcNsTransferSyntax
+attributeId: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 29401c4a-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SAM-Account-Name
+ldapDisplayName: sAMAccountName
+attributeId: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e0abfd0-126a-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Account-Type
+ldapDisplayName: sAMAccountType
+attributeId: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6e7b626c-64f2-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Domain-Updates
+ldapDisplayName: samDomainUpdates
+attributeId: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schedule
+ldapDisplayName: schedule
+attributeId: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: dd712224-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Flags-Ex
+ldapDisplayName: schemaFlagsEx
+attributeId: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-ID-GUID
+ldapDisplayName: schemaIDGUID
+attributeId: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967923-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Info
+ldapDisplayName: schemaInfo
+attributeId: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f9fb64ae-93b4-11d2-9945-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Update
+ldapDisplayName: schemaUpdate
+attributeId: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Schema-Version
+ldapDisplayName: schemaVersion
+attributeId: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a2c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33148
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Network-Address
+ldapDisplayName: networkAddress
+attributeId: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: bf9679d9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 256
+mapiID: 33136
+
+cn: Scope-Flags
+ldapDisplayName: scopeFlags
+attributeId: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16f3a4c2-7e79-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Script-Path
+ldapDisplayName: scriptPath
+attributeId: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SD-Rights-Effective
+ldapDisplayName: sDRightsEffective
+attributeId: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Flags
+ldapDisplayName: searchFlags
+attributeId: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf967a2d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+mapiID: 33069
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Guide
+ldapDisplayName: searchGuide
+attributeId: 2.5.4.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a2e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33070
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: secretary
+ldapDisplayName: secretary
+attributeId: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Security-Identifier
+ldapDisplayName: securityIdentifier
+attributeId: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a2f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: See-Also
+ldapDisplayName: seeAlso
+attributeId: 2.5.4.34
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a31-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33071
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Seq-Notification
+ldapDisplayName: seqNotification
+attributeId: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf2-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Serial-Number
+ldapDisplayName: serialNumber
+attributeId: 2.5.4.5
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967a32-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 33072
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Next-Level-Store
+ldapDisplayName: nextLevelStore
+attributeId: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679da-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-Name
+ldapDisplayName: serverName
+attributeId: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb7a0-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference
+ldapDisplayName: serverReference
+attributeId: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d9736d-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 94
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference-BL
+ldapDisplayName: serverReferenceBL
+attributeId: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 26d9736e-6070-11d1-a9c6-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 95
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+isSingleValued: TRUE
+
+cn: Server-Role
+ldapDisplayName: serverRole
+attributeId: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-State
+ldapDisplayName: serverState
+attributeId: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a34-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Service-Binding-Information
+ldapDisplayName: serviceBindingInformation
+attributeId: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b7b1311c-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-ID
+ldapDisplayName: serviceClassID
+attributeId: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a35-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Info
+ldapDisplayName: serviceClassInfo
+attributeId: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a36-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Name
+ldapDisplayName: serviceClassName
+attributeId: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b1311d-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name
+ldapDisplayName: serviceDNSName
+attributeId: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eb8-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Next-Rid
+ldapDisplayName: nextRid
+attributeId: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679db-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Service-DNS-Name-Type
+ldapDisplayName: serviceDNSNameType
+attributeId: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eba-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance-Version
+ldapDisplayName: serviceInstanceVersion
+attributeId: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a37-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 8
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Principal-Name
+ldapDisplayName: servicePrincipalName
+attributeId: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Setup-Command
+ldapDisplayName: setupCommand
+attributeId: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e97-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowExpire
+ldapDisplayName: shadowExpire
+attributeId: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 75159a00-1fff-4cf4-8bff-4ef2695cf643
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowFlag
+ldapDisplayName: shadowFlag
+attributeId: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8dfeb70d-c5db-46b6-b15e-a4389e6cee9b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowInactive
+ldapDisplayName: shadowInactive
+attributeId: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 86871d1f-3310-4312-8efd-af49dcfb2671
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowLastChange
+ldapDisplayName: shadowLastChange
+attributeId: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f8f2689c-29e8-4843-8177-e8b98e15eeac
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMax
+ldapDisplayName: shadowMax
+attributeId: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f285c952-50dd-449e-9160-3b880d99988d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMin
+ldapDisplayName: shadowMin
+attributeId: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a76b8737-e5a1-4568-b057-dc12e04be4b2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: NisMapEntry
+ldapDisplayName: nisMapEntry
+attributeId: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4a95216e-fcc0-402e-b57f-5971626148a9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: ShadowWarning
+ldapDisplayName: shadowWarning
+attributeId: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7ae89c9c-2976-4a46-bb8a-340f88560117
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Shell-Context-Menu
+ldapDisplayName: shellContextMenu
+attributeId: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd039-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Shell-Property-Pages
+ldapDisplayName: shellPropertyPages
+attributeId: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458039-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Short-Server-Name
+ldapDisplayName: shortServerName
+attributeId: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01501-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Show-In-Address-Book
+ldapDisplayName: showInAddressBook
+attributeId: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e74f60e-3e73-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Show-In-Advanced-View-Only
+ldapDisplayName: showInAdvancedViewOnly
+attributeId: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967984-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SID-History
+ldapDisplayName: sIDHistory
+attributeId: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 17eb4278-d167-11d0-b002-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemOnly: TRUE
+
+cn: Signature-Algorithms
+ldapDisplayName: signatureAlgorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b2-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-GUID
+ldapDisplayName: siteGUID
+attributeId: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978924-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-List
+ldapDisplayName: siteLinkList
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdd-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 142
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NisMapName
+ldapDisplayName: nisMapName
+attributeId: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Site-List
+ldapDisplayName: siteList
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdc-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 144
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object
+ldapDisplayName: siteObject
+attributeId: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 3e10944c-c354-11d0-aff8-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 46
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object-BL
+ldapDisplayName: siteObjectBL
+attributeId: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e10944d-c354-11d0-aff8-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 47
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Site-Server
+ldapDisplayName: siteServer
+attributeId: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Surname
+ldapDisplayName: sn
+attributeId: 2.5.4.4
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a41-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14865
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SPN-Mappings
+ldapDisplayName: sPNMappings
+attributeId: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2ab0e76c-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: State-Or-Province-Name
+ldapDisplayName: st
+attributeId: 2.5.4.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a39-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14888
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Street-Address
+ldapDisplayName: street
+attributeId: 2.5.4.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a3a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33082
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address
+ldapDisplayName: streetAddress
+attributeId: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff84-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14889
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Structural-Object-Class
+ldapDisplayName: structuralObjectClass
+attributeId: 2.5.21.9
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 3860949f-f6a8-4b38-9950-81ecb6bc2982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NisNetgroupTriple
+ldapDisplayName: nisNetgroupTriple
+attributeId: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a8032e74-30ef-4ff5-affc-0fc217783fec
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: Sub-Class-Of
+ldapDisplayName: subClassOf
+attributeId: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a3b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Refs
+ldapDisplayName: subRefs
+attributeId: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a3c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33083
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SubSchemaSubEntry
+ldapDisplayName: subSchemaSubEntry
+attributeId: 2.5.18.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Superior-DNS-Root
+ldapDisplayName: superiorDNSRoot
+attributeId: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5245801d-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Super-Scope-Description
+ldapDisplayName: superScopeDescription
+attributeId: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Super-Scopes
+ldapDisplayName: superScopes
+attributeId: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Supplemental-Credentials
+ldapDisplayName: supplementalCredentials
+attributeId: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a3f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Supported-Application-Context
+ldapDisplayName: supportedApplicationContext
+attributeId: 2.5.4.30
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677588f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33085
+
+cn: Sync-Attributes
+ldapDisplayName: syncAttributes
+attributeId: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 037651e4-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-Membership
+ldapDisplayName: syncMembership
+attributeId: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 037651e3-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 78
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Non-Security-Member
+ldapDisplayName: nonSecurityMember
+attributeId: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458018-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 50
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-Object
+ldapDisplayName: syncWithObject
+attributeId: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 037651e2-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-SID
+ldapDisplayName: syncWithSID
+attributeId: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 037651e5-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: System-Auxiliary-Class
+ldapDisplayName: systemAuxiliaryClass
+attributeId: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a43-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Flags
+ldapDisplayName: systemFlags
+attributeId: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e62-9b45-11d0-afdd-00c04fd930c9
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-May-Contain
+ldapDisplayName: systemMayContain
+attributeId: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a44-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Must-Contain
+ldapDisplayName: systemMustContain
+attributeId: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a45-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Only
+ldapDisplayName: systemOnly
+attributeId: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967a46-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Poss-Superiors
+ldapDisplayName: systemPossSuperiors
+attributeId: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a47-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Telephone-Number
+ldapDisplayName: telephoneNumber
+attributeId: 2.5.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a49-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14856
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Teletex-Terminal-Identifier
+ldapDisplayName: teletexTerminalIdentifier
+attributeId: 2.5.4.22
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33091
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NC-Name
+ldapDisplayName: nCName
+attributeId: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679d6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Non-Security-Member-BL
+ldapDisplayName: nonSecurityMemberBL
+attributeId: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458019-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 51
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Telex-Number
+ldapDisplayName: telexNumber
+attributeId: 2.5.4.21
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14892
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Template-Roots
+ldapDisplayName: templateRoots
+attributeId: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ed9de9a0-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Terminal-Server
+ldapDisplayName: terminalServer
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 20480
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Encoded-OR-Address
+ldapDisplayName: textEncodedORAddress
+attributeId: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7489-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35969
+
+cn: Logo
+ldapDisplayName: thumbnailLogo
+attributeId: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679a9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Picture
+ldapDisplayName: thumbnailPhoto
+attributeId: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8d3bca50-1d7e-11d0-a081-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 102400
+mapiId: 35998
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Time-Refresh
+ldapDisplayName: timeRefresh
+attributeId: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf1-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Time-Vol-Change
+ldapDisplayName: timeVolChange
+attributeId: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf0-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Title
+ldapDisplayName: title
+attributeId: 2.5.4.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a55-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14871
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Token-Groups
+ldapDisplayName: tokenGroups
+attributeId: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Additional-Information
+ldapDisplayName: notes
+attributeId: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6d05fb41-246b-11d0-a9c8-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Token-Groups-Global-And-Universal
+ldapDisplayName: tokenGroupsGlobalAndUniversal
+attributeId: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-No-GC-Acceptable
+ldapDisplayName: tokenGroupsNoGCAcceptable
+attributeId: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Tombstone-Lifetime
+ldapDisplayName: tombstoneLifetime
+attributeId: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16c3a860-1273-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33093
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Address-Attribute
+ldapDisplayName: transportAddressAttribute
+attributeId: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: c1dc867c-a261-11d1-b606-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-DLL-Name
+ldapDisplayName: transportDLLName
+attributeId: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d97372-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Type
+ldapDisplayName: transportType
+attributeId: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97374-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Treat-As-Leaf
+ldapDisplayName: treatAsLeaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fd044e3-771f-11d1-aeae-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Tree-Name
+ldapDisplayName: treeName
+attributeId: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebd-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trust-Attributes
+ldapDisplayName: trustAttributes
+attributeId: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e5a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Incoming
+ldapDisplayName: trustAuthIncoming
+attributeId: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a59-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Notification-List
+ldapDisplayName: notificationList
+attributeId: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 19195a56-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trust-Auth-Outgoing
+ldapDisplayName: trustAuthOutgoing
+attributeId: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a5f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Direction
+ldapDisplayName: trustDirection
+attributeId: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Parent
+ldapDisplayName: trustParent
+attributeId: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7a-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Partner
+ldapDisplayName: trustPartner
+attributeId: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a5d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Posix-Offset
+ldapDisplayName: trustPosixOffset
+attributeId: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Type
+ldapDisplayName: trustType
+attributeId: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a60-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: UAS-Compat
+ldapDisplayName: uASCompat
+attributeId: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a61-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uid
+ldapDisplayName: uid
+attributeId: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+
+cn: UidNumber
+ldapDisplayName: uidNumber
+attributeId: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 850fcc8f-9c6b-47e1-b671-7c654be4d5b3
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: UNC-Name
+ldapDisplayName: uNCName
+attributeId: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a64-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Group-Members
+ldapDisplayName: nTGroupMembers
+attributeId: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679df-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Unicode-Pwd
+ldapDisplayName: unicodePwd
+attributeId: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uniqueIdentifier
+ldapDisplayName: uniqueIdentifier
+attributeId: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba0184c7-38c5-4bed-a526-75421470580c
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: uniqueMember
+ldapDisplayName: uniqueMember
+attributeId: 2.5.4.50
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8
+systemOnly: FALSE
+searchFlags: 0
+
+cn: UnixHomeDirectory
+ldapDisplayName: unixHomeDirectory
+attributeId: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: bc2dba12-000f-464d-bf1d-0808465d8843
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: UnixUserPassword
+ldapDisplayName: unixUserPassword
+attributeId: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 612cb747-c0e8-4f92-9221-fdd5f15b550d
+systemOnly: FALSE
+searchFlags:fCONFIDENTIAL
+rangeLower: 1
+rangeUpper: 128
+
+cn: unstructuredAddress
+ldapDisplayName: unstructuredAddress
+attributeId: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: unstructuredName
+ldapDisplayName: unstructuredName
+attributeId: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: Upgrade-Product-Code
+ldapDisplayName: upgradeProductCode
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d9e18312-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: UPN-Suffixes
+ldapDisplayName: uPNSuffixes
+attributeId: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: WWW-Page-Other
+ldapDisplayName: url
+attributeId: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+mapiID: 33141
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Mixed-Domain
+ldapDisplayName: nTMixedDomain
+attributeId: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3e97891f-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Account-Control
+ldapDisplayName: userAccountControl
+attributeId: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a68-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fPRESERVEONDELETE | fATTINDEX
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Cert
+ldapDisplayName: userCert
+attributeId: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a69-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14882
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: X509-Cert
+ldapDisplayName: userCertificate
+attributeId: 2.5.4.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a7f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35946
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: userClass
+ldapDisplayName: userClass
+attributeId: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11732a8a-e14d-4cc5-b92f-d93f51c6d8e4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: User-Parameters
+ldapDisplayName: userParameters
+attributeId: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Password
+ldapDisplayName: userPassword
+attributeId: 2.5.4.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a6e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 33107
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: userPKCS12
+ldapDisplayName: userPKCS12
+attributeId: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: User-Principal-Name
+ldapDisplayName: userPrincipalName
+attributeId: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Shared-Folder
+ldapDisplayName: userSharedFolder
+attributeId: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Shared-Folder-Other
+ldapDisplayName: userSharedFolderOther
+attributeId: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Nt-Pwd-History
+ldapDisplayName: ntPwdHistory
+attributeId: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679e2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-SMIME-Certificate
+ldapDisplayName: userSMIMECertificate
+attributeId: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e16a9db2-403c-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14960
+isMemberOfPartialAttributeSet: TRUE
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Workstations
+ldapDisplayName: userWorkstations
+attributeId: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Changed
+ldapDisplayName: uSNChanged
+attributeId: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a6f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 32809
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Created
+ldapDisplayName: uSNCreated
+attributeId: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a70-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 33108
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-DSA-Last-Obj-Removed
+ldapDisplayName: uSNDSALastObjRemoved
+attributeId: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a71-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33109
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Intersite
+ldapDisplayName: USNIntersite
+attributeId: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a8df7498-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+mapiID: 33146
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: USN-Last-Obj-Rem
+ldapDisplayName: uSNLastObjRem
+attributeId: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a73-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33110
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Source
+ldapDisplayName: uSNSource
+attributeId: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 167758ad-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33111
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Valid-Accesses
+ldapDisplayName: validAccesses
+attributeId: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4d2fa380-7f54-11d2-992a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Vendor
+ldapDisplayName: vendor
+attributeId: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416df-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Security-Descriptor
+ldapDisplayName: nTSecurityDescriptor
+attributeId: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+rangeLower: 0
+rangeUpper: 132096
+mapiID: 32787
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: Version-Number
+ldapDisplayName: versionNumber
+attributeId: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a76-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Hi
+ldapDisplayName: versionNumberHi
+attributeId: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9a-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Lo
+ldapDisplayName: versionNumberLo
+attributeId: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9b-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-GUID
+ldapDisplayName: volTableGUID
+attributeId: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fd-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-Idx-GUID
+ldapDisplayName: volTableIdxGUID
+attributeId: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fb-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume-Count
+ldapDisplayName: volumeCount
+attributeId: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa217-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Wbem-Path
+ldapDisplayName: wbemPath
+attributeId: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b2970-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Well-Known-Objects
+ldapDisplayName: wellKnownObjects
+attributeId: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 05308983-7688-11d1-aded-00c04fd8d5cd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Changed
+ldapDisplayName: whenChanged
+attributeId: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a77-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12296
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Created
+ldapDisplayName: whenCreated
+attributeId: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12295
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organization-Name
+ldapDisplayName: o
+attributeId: 2.5.4.10
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679ef-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33025
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Winsock-Addresses
+ldapDisplayName: winsockAddresses
+attributeId: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a79-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Home-Page
+ldapDisplayName: wWWHomePage
+attributeId: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a7a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2048
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: X121-Address
+ldapDisplayName: x121Address
+attributeId: 2.5.4.24
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf967a7b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: x500uniqueIdentifier
+ldapDisplayName: x500uniqueIdentifier
+attributeId: 2.5.4.45
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Object-Category
+ldapDisplayName: objectCategory
+attributeId: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97369-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class
+ldapDisplayName: objectClass
+attributeId: 2.5.4.0
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NETBIOS-Name
+ldapDisplayName: nETBIOSName
+attributeId: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class-Category
+ldapDisplayName: objectClassCategory
+attributeId: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679e6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+mapiID: 33014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Classes
+ldapDisplayName: objectClasses
+attributeId: 2.5.21.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Count
+ldapDisplayName: objectCount
+attributeId: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa216-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Object-Guid
+ldapDisplayName: objectGUID
+attributeId: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35949
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Sid
+ldapDisplayName: objectSid
+attributeId: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 0
+rangeUpper: 28
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32807
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+systemOnly: FALSE
+
+cn: Object-Version
+ldapDisplayName: objectVersion
+attributeId: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16775848-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OEM-Information
+ldapDisplayName: oEMInformation
+attributeId: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679ea-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Object-Class
+ldapDisplayName: oMObjectClass
+attributeId: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ec-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Syntax
+ldapDisplayName: oMSyntax
+attributeId: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ed-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+mapiID: 33022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OMT-Guid
+ldapDisplayName: oMTGuid
+attributeId: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf3-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Allow-New-Clients
+ldapDisplayName: netbootAllowNewClients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OMT-Indx-Guid
+ldapDisplayName: oMTIndxGuid
+attributeId: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fa-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpcNumber
+ldapDisplayName: oncRpcNumber
+attributeId: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 966825f5-01d9-4a5c-a011-d15ae84efa55
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Operating-System
+ldapDisplayName: operatingSystem
+attributeId: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978925-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Hotfix
+ldapDisplayName: operatingSystemHotfix
+attributeId: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bd951b3c-9c96-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Operating-System-Service-Pack
+ldapDisplayName: operatingSystemServicePack
+attributeId: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978927-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Version
+ldapDisplayName: operatingSystemVersion
+attributeId: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978926-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operator-Count
+ldapDisplayName: operatorCount
+attributeId: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ee-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Option-Description
+ldapDisplayName: optionDescription
+attributeId: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Options
+ldapDisplayName: options
+attributeId: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19195a53-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Options-Location
+ldapDisplayName: optionsLocation
+attributeId: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Only-Valid-Clients
+ldapDisplayName: netbootAnswerOnlyValidClients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: organizationalStatus
+ldapDisplayName: organizationalStatus
+attributeId: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 28596019-7349-4d2f-adff-5a629961f942
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Original-Display-Table
+ldapDisplayName: originalDisplayTable
+attributeId: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424ce-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33027
+
+cn: Original-Display-Table-MSDOS
+ldapDisplayName: originalDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424cf-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33028
+
+cn: Phone-Fax-Other
+ldapDisplayName: otherFacsimileTelephoneNumber
+attributeId: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11d-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Other
+ldapDisplayName: otherHomePhone
+attributeId: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa2-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14895
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Other
+ldapDisplayName: otherIpPhone
+attributeId: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d146e4b-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Login-Workstations
+ldapDisplayName: otherLoginWorkstations
+attributeId: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Mailbox
+ldapDisplayName: otherMailbox
+attributeId: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c123-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+
+cn: Phone-Mobile-Other
+ldapDisplayName: otherMobile
+attributeId: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11e-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Other
+ldapDisplayName: otherPager
+attributeId: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa4-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Requests
+ldapDisplayName: netbootAnswerRequests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Office-Other
+ldapDisplayName: otherTelephone
+attributeId: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa5-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Well-Known-Objects
+ldapDisplayName: otherWellKnownObjects
+attributeId: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Organizational-Unit-Name
+ldapDisplayName: ou
+attributeId: 2.5.4.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33026
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Owner
+ldapDisplayName: owner
+attributeId: 2.5.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679f3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+linkID: 44
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Exch-Owner-BL
+ldapDisplayName: ownerBL
+attributeId: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679f4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 45
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Package-Flags
+ldapDisplayName: packageFlags
+attributeId: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e99-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Name
+ldapDisplayName: packageName
+attributeId: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e98-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Type
+ldapDisplayName: packageType
+attributeId: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e96-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Primary
+ldapDisplayName: pager
+attributeId: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa6-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14881
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA
+ldapDisplayName: parentCA
+attributeId: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5245801b-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Current-Client-Count
+ldapDisplayName: netbootCurrentClientCount
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383079-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA-Certificate-Chain
+ldapDisplayName: parentCACertificateChain
+attributeId: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2733-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-GUID
+ldapDisplayName: parentGUID
+attributeId: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Deletion-List
+ldapDisplayName: partialAttributeDeletionList
+attributeId: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 28630ec0-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Set
+ldapDisplayName: partialAttributeSet
+attributeId: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 19405b9e-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pek-Key-Change-Interval
+ldapDisplayName: pekKeyChangeInterval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 07383084-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pek-List
+ldapDisplayName: pekList
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 07383083-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pending-CA-Certificates
+ldapDisplayName: pendingCACertificates
+attributeId: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d273c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pending-Parent-CA
+ldapDisplayName: pendingParentCA
+attributeId: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Per-Msg-Dialog-Display-Table
+ldapDisplayName: perMsgDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d3-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33032
+
+cn: Per-Recip-Dialog-Display-Table
+ldapDisplayName: perRecipDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d4-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33033
+
+cn: Netboot-GUID
+ldapDisplayName: netbootGUID
+attributeId: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978921-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Personal-Title
+ldapDisplayName: personalTitle
+attributeId: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775858-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35947
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: photo
+ldapDisplayName: photo
+attributeId: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Physical-Delivery-Office-Name
+ldapDisplayName: physicalDeliveryOfficeName
+attributeId: 2.5.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location-Object
+ldapDisplayName: physicalLocationObject
+attributeId: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13119-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Critical-Extensions
+ldapDisplayName: pKICriticalExtensions
+attributeId: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fc5a9106-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-CSPs
+ldapDisplayName: pKIDefaultCSPs
+attributeId: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1ef6336e-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-Key-Spec
+ldapDisplayName: pKIDefaultKeySpec
+attributeId: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 426cae6e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Access
+ldapDisplayName: pKIEnrollmentAccess
+attributeId: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: FALSE
+schemaIdGuid: 926be278-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Expiration-Period
+ldapDisplayName: pKIExpirationPeriod
+attributeId: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 041570d2-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Extended-Key-Usage
+ldapDisplayName: pKIExtendedKeyUsage
+attributeId: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18976af6-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt b/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt new file mode 100644 index 0000000000..cd784edfc3 --- /dev/null +++ b/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt @@ -0,0 +1,3418 @@ +# © 2008 Microsoft Corporation. All rights reserved
+#
+# Intellectual Property Rights Notice for Protocol Documentation
+#
+# Copyrights.
+# This protocol documentation is covered by Microsoft
+# copyrights. Regardless of any other terms that are contained in the
+# terms of use for the Microsoft website that hosts this documentation,
+# you may make copies of it in order to develop implementations of the
+# protocols, and may distribute portions of it in your implementations
+# of the protocols or your documentation as necessary to properly
+# document the implementation. You may also distribute in your
+# implementation, with or without modification, any schema, IDL's, or
+# code samples that are included in the documentation. This permission
+# also applies to any documents that are referenced in the protocol
+# documentation.
+#
+# No Trade Secrets.
+# Microsoft does not claim any trade secret rights in this documentation.
+#
+# Patents.
+# Microsoft has patents that may cover your implementations of the
+# protocols. Neither this notice nor Microsoft's delivery of the
+# documentation grants any licenses under those or any other Microsoft
+# patents. However, the protocols may be covered by MicrosoftÂ’s Open
+# Specification Promise (available here:
+# http://www.microsoft.com/interop/osp). If you would prefer a written
+# license, or if the protocols are not covered by the OSP, patent
+# licenses are available by contacting protocol@microsoft.com.
+#
+# Trademarks.
+# The names of companies and products contained in this documentation
+# may be covered by trademarks or similar intellectual property
+# rights. This notice does not grant any licenses under those
+# rights.Reservation of Rights. All other rights are reserved, and this
+# notice does not grant any rights other than specifically described
+# above, whether by implication, estoppel, or otherwise.
+#
+# Tools.
+# This protocol documentation is intended for use in conjunction with
+# publicly available standard specifications and network programming
+# art, and assumes that the reader either is familiar with the
+# aforementioned material or has immediate access to it. A protocol
+# specification does not require the use of Microsoft programming tools
+# or programming environments in order for you to develop an
+# implementation. If you have access to Microsoft programming tools and
+# environments you are free to take advantage of them.
+
+cn: account
+ldapDisplayName: account
+governsId: 0.9.2342.19200300.100.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: uid, host, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Application-Site-Settings
+ldapDisplayName: applicationSiteSettings
+governsId: 1.2.840.113556.1.5.68
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, applicationName
+systemPossSuperiors: site
+schemaIdGuid:19195a5c-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-ReplicationGroup
+ldapDisplayName: msDFSR-ReplicationGroup
+governsId: 1.2.840.113556.1.6.13.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-DirectoryFilter, msDFSR-FileFilter, msDFSR-ConflictSizeInMb,msDFSR-StagingSizeInMb, msDFSR-RootSizeInMb, description,msDFSR-TombstoneExpiryInMin, msDFSR-Flags, msDFSR-Options,msDFSR-Extension, msDFSR-Schedule, msDFSR-Version
+possSuperiors: msDFSR-GlobalSettings
+schemaIdGuid:1c332fe0-0c2a-4f32-afca-23c5e45a9e77
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscriber
+ldapDisplayName: msDFSR-Subscriber
+governsId: 1.2.840.113556.1.6.13.4.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-MemberReference, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-LocalSettings
+schemaIdGuid:e11505d7-92c4-43e7-bf5c-295832ffc896
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscription
+ldapDisplayName: msDFSR-Subscription
+governsId: 1.2.840.113556.1.6.13.4.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ContentSetGuid, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-StagingCleanupTriggerInPercent, msDFSR-Options2,msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter, msDFSR-MaxAgeInCacheInMin,msDFSR-MinDurationCacheInMin, msDFSR-CachePolicy, msDFSR-ReadOnly,msDFSR-DeletedSizeInMb, msDFSR-DeletedPath, msDFSR-RootPath,msDFSR-RootSizeInMb, msDFSR-StagingPath, msDFSR-StagingSizeInMb,msDFSR-ConflictPath, msDFSR-ConflictSizeInMb, msDFSR-Enabled,msDFSR-RootFence, msDFSR-DfsLinkTarget, msDFSR-Flags,msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Subscriber
+schemaIdGuid:67212414-7bcc-4609-87e0-088dad8abdee
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Topology
+ldapDisplayName: msDFSR-Topology
+governsId: 1.2.840.113556.1.6.13.4.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:04828aa9-6e42-4e80-b962-e2fe00754d17
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Configuration
+ldapDisplayName: msDS-App-Configuration
+governsId: 1.2.840.113556.1.5.220
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:90df3c3e-1854-4455-a5d7-cad40d56657a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Data
+ldapDisplayName: msDS-AppData
+governsId: 1.2.840.113556.1.5.241
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:9e67d761-e327-4d55-bc95-682f875e2f8e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-Az-Admin-Manager
+ldapDisplayName: msDS-AzAdminManager
+governsId: 1.2.840.113556.1.5.234
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzMinorVersion, msDS-AzMajorVersion, msDS-AzApplicationData,msDS-AzGenerateAudits, msDS-AzScriptTimeout,msDS-AzScriptEngineCacheMax, msDS-AzDomainTimeout, description
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:cfee1051-5f28-4bae-a863-5d0cc18a8ed1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application
+ldapDisplayName: msDS-AzApplication
+governsId: 1.2.840.113556.1.5.235
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-AzGenerateAudits,msDS-AzApplicationVersion, msDS-AzClassId, msDS-AzApplicationName,description
+systemPossSuperiors: msDS-AzAdminManager
+schemaIdGuid:ddf8de9b-cba5-4e12-842e-28d8b66f75ec
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation
+ldapDisplayName: msDS-AzOperation
+governsId: 1.2.840.113556.1.5.236
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzOperationID
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: container, msDS-AzApplication
+schemaIdGuid:860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Role
+ldapDisplayName: msDS-AzRole
+governsId: 1.2.840.113556.1.5.239
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-TasksForAzRole,msDS-OperationsForAzRole, msDS-MembersForAzRole, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:8213eac9-9d55-44dc-925c-e9a52b927644
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Version
+ldapDisplayName: applicationVersion
+governsId: 1.2.840.113556.1.5.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, managedBy, keywords, versionNumberLo,versionNumberHi, versionNumber, vendor, appSchemaVersion
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:ddc790ac-af4d-442a-8f0f-a1d4caa7dd92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-Az-Scope
+ldapDisplayName: msDS-AzScope
+governsId: 1.2.840.113556.1.5.237
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzScopeName
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: msDS-AzApplication
+schemaIdGuid:4feae054-ce55-47bb-860e-5b12063a51de
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task
+ldapDisplayName: msDS-AzTask
+governsId: 1.2.840.113556.1.5.238
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-TasksForAzTask, msDS-OperationsForAzTask,msDS-AzApplicationData, msDS-AzTaskIsRoleDefinition,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:1ed3a473-9b1b-418a-bfa0-3a37b95a5306
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings
+ldapDisplayName: msDS-PasswordSettings
+governsId: 1.2.840.113556.1.5.255
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength
+systemMayContain: msDS-PSOAppliesTo
+systemPossSuperiors: msDS-PasswordSettingsContainer
+schemaIdGuid:: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings
+ldapDisplayName: msDS-PasswordSettingsContainer
+governsId: 1.2.840.113556.1.5.256
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: Container
+schemaIdGuid:: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Container
+ldapDisplayName: msDS-QuotaContainer
+governsId: 1.2.840.113556.1.5.242
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-TopQuotaUsage, msDS-QuotaUsed,msDS-QuotaEffective, msDS-TombstoneQuotaFactor, msDS-DefaultQuota
+systemPossSuperiors: configuration, domainDNS
+schemaIdGuid:da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Control
+ldapDisplayName: msDS-QuotaControl
+governsId: 1.2.840.113556.1.5.243
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-QuotaAmount, msDS-QuotaTrustee, cn
+systemPossSuperiors: msDS-QuotaContainer
+schemaIdGuid:de91fc26-bd02-4b52-ae26-795999e96fc7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Exch-Configuration-Container
+ldapDisplayName: msExchConfigurationContainer
+governsId: 1.2.840.113556.1.5.176
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: templateRoots, addressBookRoots, globalAddressList,templateRoots2, addressBookRoots2, globalAddressList2
+schemaIdGuid:d03d6858-06f4-11d2-aa53-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryInformation
+ldapDisplayName: msFVE-RecoveryInformation
+governsId: 1.2.840.113556.1.5.253
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid
+mayContain: msFVE-KeyPackage, msFVE-VolumeGuid
+systemPossSuperiors: computer
+schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Policy
+ldapDisplayName: msieee80211-Policy
+governsId: 1.2.840.113556.1.5.240
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msieee80211-ID, msieee80211-DataType,msieee80211-Data
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:7b9a2d92-b7eb-4382-9772-c3e0f9baaf94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Custom-Recipient
+ldapDisplayName: msMQ-Custom-Recipient
+governsId: 1.2.840.113556.1.5.218
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msMQ-Recipient-FormatName
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:876d6817-35cc-436c-acea-5ef7174dd9be
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Attribute-Schema
+ldapDisplayName: attributeSchema
+governsId: 1.2.840.113556.1.3.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: schemaIDGUID, oMSyntax, lDAPDisplayName,isSingleValued, cn, attributeSyntax, attributeID
+systemMayContain: systemOnly, searchFlags, schemaFlagsEx,rangeUpper, rangeLower, oMObjectClass, msDs-Schema-Extensions,msDS-IntId, mAPIID, linkID, isMemberOfPartialAttributeSet,isEphemeral, isDefunct, extendedCharsAllowed, classDisplayName,attributeSecurityGUID
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Group
+ldapDisplayName: msMQ-Group
+governsId: 1.2.840.113556.1.5.219
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:46b27aac-aafa-4ffb-b773-e5bf621ee87b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Configuration
+ldapDisplayName: mSMQConfiguration
+governsId: 1.2.840.113556.1.5.162
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSites, mSMQSignKey, mSMQServiceType,mSMQRoutingServices, mSMQQuota, mSMQOwnerID, mSMQOutRoutingServers,mSMQOSType, mSMQJournalQuota, mSMQInRoutingServers, mSMQForeign,mSMQEncryptKey, mSMQDsServices, mSMQDependentClientServices,mSMQComputerTypeEx, mSMQComputerType
+systemPossSuperiors: computer
+schemaIdGuid:9a0dc344-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Enterprise-Settings
+ldapDisplayName: mSMQEnterpriseSettings
+governsId: 1.2.840.113556.1.5.163
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQVersion, mSMQNameStyle, mSMQLongLived,mSMQInterval2, mSMQInterval1, mSMQCSPName
+systemPossSuperiors: container
+schemaIdGuid:9a0dc345-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated-User
+ldapDisplayName: mSMQMigratedUser
+governsId: 1.2.840.113556.1.5.179
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQUserSid, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, objectSid
+systemPossSuperiors: organizationalUnit, domainDNS, builtinDomain
+schemaIdGuid:50776997-3c3d-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue
+ldapDisplayName: mSMQQueue
+governsId: 1.2.840.113556.1.5.161
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQTransactional, MSMQ-SecuredSource,mSMQQueueType, mSMQQueueQuota, mSMQQueueNameExt,mSMQQueueJournalQuota, mSMQPrivacyLevel, mSMQOwnerID,MSMQ-MulticastAddress, mSMQLabelEx, mSMQLabel, mSMQJournal,mSMQBasePriority, mSMQAuthenticate
+systemPossSuperiors: mSMQConfiguration
+schemaIdGuid:9a0dc343-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Settings
+ldapDisplayName: mSMQSettings
+governsId: 1.2.840.113556.1.5.165
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSiteNameEx, mSMQSiteName, mSMQServices,mSMQRoutingService, mSMQQMID, mSMQOwnerID, mSMQNt4Flags,mSMQMigrated, mSMQDsService, mSMQDependentClientService
+systemPossSuperiors: server
+schemaIdGuid:9a0dc347-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Link
+ldapDisplayName: mSMQSiteLink
+governsId: 1.2.840.113556.1.5.164
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: mSMQSite2, mSMQSite1, mSMQCost
+systemMayContain: mSMQSiteGatesMig, mSMQSiteGates
+systemPossSuperiors: mSMQEnterpriseSettings
+schemaIdGuid:9a0dc346-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enterprise-Oid
+ldapDisplayName: msPKI-Enterprise-Oid
+governsId: 1.2.840.113556.1.5.196
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msPKI-OID-User-Notice, msPKI-OIDLocalizedName,msPKI-OID-CPS, msPKI-OID-Attribute, msPKI-Cert-Template-OID
+systemPossSuperiors: msPKI-Enterprise-Oid, container
+schemaIdGuid:37cfd85c-6719-4ad8-8f9e-8678ba627563
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Key-Recovery-Agent
+ldapDisplayName: msPKI-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.195
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+systemPossSuperiors: container
+schemaIdGuid:26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Recovery-Agent
+ldapDisplayName: msPKI-PrivateKeyRecoveryAgent
+governsId: 1.2.840.113556.1.5.223
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: userCertificate
+systemPossSuperiors: container
+schemaIdGuid:1562a632-44b9-4a7e-a2d3-e426c96a3acc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: BootableDevice
+ldapDisplayName: bootableDevice
+governsId: 1.3.6.1.1.1.2.12
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, bootParameter, bootFile
+schemaIdGuid:4bcb2477-4bb3-4545-a9fc-fb66e136b435
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-Print-ConnectionPolicy
+ldapDisplayName: msPrint-ConnectionPolicy
+governsId: 1.2.840.113556.1.6.23.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: printerName, printAttributes, serverName, uNCName
+possSuperiors: container
+schemaIdGuid:a16f33c7-7fd6-4828-9364-435138fda08d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Domain-Info
+ldapDisplayName: msSFU30DomainInfo
+governsId: 1.2.840.113556.1.6.18.2.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Domains, msSFU30YpServers, msSFU30SearchContainer,msSFU30IsValidContainer, msSFU30MasterServerName,msSFU30OrderNumber, msSFU30MaxGidNumber, msSFU30MaxUidNumber,msSFU30CryptMethod
+possSuperiors: container
+schemaIdGuid:36297dce-656b-4423-ab65-dabb2770819e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Mail-Aliases
+ldapDisplayName: msSFU30MailAliases
+governsId: 1.2.840.113556.1.6.18.2.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:d6710785-86ff-44b7-85b5-f1f8689522ce
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Net-Id
+ldapDisplayName: msSFU30NetId
+governsId: 1.2.840.113556.1.6.18.2.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e263192c-2a02-48df-9792-94f2328781a0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Network-User
+ldapDisplayName: msSFU30NetworkUser
+governsId: 1.2.840.113556.1.6.18.2.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e15334a3-0bf0-4427-b672-11f5d84acc92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-NIS-Map-Config
+ldapDisplayName: msSFU30NISMapConfig
+governsId: 1.2.840.113556.1.6.18.2.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyAttributes, msSFU30FieldSeparator,msSFU30NSMAPFieldPosition, msSFU30IntraFieldSeparator,msSFU30SearchAttributes, msSFU30ResultAttributes, msSFU30MapFilter
+possSuperiors: container
+schemaIdGuid:faf733d0-f8eb-4dcf-8d75-f1753af6a50b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-TAPI-Rt-Conference
+ldapDisplayName: msTAPI-RtConference
+governsId: 1.2.840.113556.1.5.221
+objectClassCategory: 1
+rdnAttId: msTAPI-uid
+subClassOf: top
+systemMustContain: msTAPI-uid
+systemMayContain: msTAPI-ConferenceBlob, msTAPI-ProtocolId
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:ca7b9735-4b2a-4e49-89c3-99025334dc94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Person
+ldapDisplayName: msTAPI-RtPerson
+governsId: 1.2.840.113556.1.5.222
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msTAPI-uid, msTAPI-IpAddress
+systemPossSuperiors: organization, organizationalUnit
+schemaIdGuid:53ea1cb5-b704-4df9-818f-5cb4ec86cac1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntRangeParam
+ldapDisplayName: msWMI-IntRangeParam
+governsId: 1.2.840.113556.1.5.205
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:50ca5d7d-5c8b-4ef3-b9df-5b66d491e526
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntSetParam
+ldapDisplayName: msWMI-IntSetParam
+governsId: 1.2.840.113556.1.5.206
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:292f0d9a-cf76-42b0-841f-b650f331df62
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Builtin-Domain
+ldapDisplayName: builtinDomain
+governsId: 1.2.840.113556.1.5.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a81-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-MergeablePolicyTemplate
+ldapDisplayName: msWMI-MergeablePolicyTemplate
+governsId: 1.2.840.113556.1.5.202
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemPossSuperiors: container
+schemaIdGuid:07502414-fdca-4851-b04a-13645b11d226
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ObjectEncoding
+ldapDisplayName: msWMI-ObjectEncoding
+governsId: 1.2.840.113556.1.5.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Class, msWMI-ScopeGuid, msWMI-Parm1,msWMI-Parm2, msWMI-Parm3, msWMI-Parm4, msWMI-Genus, msWMI-intFlags1,msWMI-intFlags2, msWMI-intFlags3, msWMI-intFlags4, msWMI-ID,msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:55dd81c9-c312-41f9-a84d-c6adbdf1e8e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyTemplate
+ldapDisplayName: msWMI-PolicyTemplate
+governsId: 1.2.840.113556.1.5.200
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-NormalizedClass, msWMI-TargetPath,msWMI-TargetClass, msWMI-TargetNameSpace, msWMI-Name, msWMI-ID
+systemMayContain: msWMI-TargetType, msWMI-SourceOrganization,msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyType
+ldapDisplayName: msWMI-PolicyType
+governsId: 1.2.840.113556.1.5.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4,msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:595b2613-4109-4e77-9013-a3bb4ef277c7
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RangeParam
+ldapDisplayName: msWMI-RangeParam
+governsId: 1.2.840.113556.1.5.203
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetType, msWMI-TargetClass,msWMI-PropertyName
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:45fb5a57-5018-4d0f-9056-997c8c9122d9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RealRangeParam
+ldapDisplayName: msWMI-RealRangeParam
+governsId: 1.2.840.113556.1.5.209
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-Int8Default
+systemMayContain: msWMI-Int8Max, msWMI-Int8Min
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:6afe8fe2-70bc-4cce-b166-a96f7359c514
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Rule
+ldapDisplayName: msWMI-Rule
+governsId: 1.2.840.113556.1.5.214
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-QueryLanguage, msWMI-TargetNameSpace,msWMI-Query
+systemPossSuperiors: msWMI-Som, container
+schemaIdGuid:3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ShadowObject
+ldapDisplayName: msWMI-ShadowObject
+governsId: 1.2.840.113556.1.5.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: msWMI-PolicyType
+schemaIdGuid:f1e44bdf-8dd3-4235-9c86-f91f31f5b569
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SimplePolicyTemplate
+ldapDisplayName: msWMI-SimplePolicyTemplate
+governsId: 1.2.840.113556.1.5.201
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:6cc8b2b5-12df-44f6-8307-e74f5cdee369
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Som
+ldapDisplayName: msWMI-Som
+governsId: 1.2.840.113556.1.5.213
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Name, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4, msWMI-Parm3,msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4, msWMI-intFlags3,msWMI-intFlags2, msWMI-intFlags1, msWMI-CreationDate,msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:ab857078-0142-4406-945b-34c9b6b13372
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Registration
+ldapDisplayName: categoryRegistration
+governsId: 1.2.840.113556.1.5.74
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: managedBy, localizedDescription, localeID,categoryId
+systemPossSuperiors: classStore
+schemaIdGuid:7d6c0e9d-7e20-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-StringSetParam
+ldapDisplayName: msWMI-StringSetParam
+governsId: 1.2.840.113556.1.5.210
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-StringDefault
+systemMayContain: msWMI-StringValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:0bc579a2-1da7-4cea-b699-807f3b9d63a4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintRangeParam
+ldapDisplayName: msWMI-UintRangeParam
+governsId: 1.2.840.113556.1.5.207
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:d9a799b2-cef3-48b3-b5ad-fb85f8dd3214
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintSetParam
+ldapDisplayName: msWMI-UintSetParam
+governsId: 1.2.840.113556.1.5.208
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:8f4beb31-4e19-46f5-932e-5fa03c339b1d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UnknownRangeParam
+ldapDisplayName: msWMI-UnknownRangeParam
+governsId: 1.2.840.113556.1.5.204
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-TargetObject, msWMI-NormalizedClass
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:b82ac26b-c6db-4098-92c6-49c18a3336e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-WMIGPO
+ldapDisplayName: msWMI-WMIGPO
+governsId: 1.2.840.113556.1.5.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetClass
+systemMayContain: msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1,msWMI-intFlags4, msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1
+systemPossSuperiors: container
+schemaIdGuid:05630000-3927-4ede-bf27-ca91f275c26f
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NisMap
+ldapDisplayName: nisMap
+governsId: 1.3.6.1.1.1.2.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName
+mayContain: description
+possSuperiors: domainDNS, container, organizationalUnit
+schemaIdGuid:7672666c-02c1-4f33-9ecf-f649c1dd9b7c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisNetgroup
+ldapDisplayName: nisNetgroup
+governsId: 1.3.6.1.1.1.2.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: description, memberNisNetgroup, nisNetgroupTriple,msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30NetgroupHostAtDomain, msSFU30NetgroupUserAtDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:72efbf84-6e7b-4a5c-a8db-8a75a7cad254
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisObject
+ldapDisplayName: nisObject
+governsId: 1.3.6.1.1.1.2.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName, nisMapEntry
+mayContain: description, msSFU30Name, msSFU30NisDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:904f8a93-4954-4c5f-b1e1-53c097a31e13
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NTDS-Connection
+ldapDisplayName: nTDSConnection
+governsId: 1.2.840.113556.1.5.71
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: options, fromServer, enabledConnection
+systemMayContain: transportType, schedule, mS-DS-ReplicatesNCReason,generatedConnection
+systemPossSuperiors: nTFRSMember, nTFRSReplicaSet, nTDSDSA
+schemaIdGuid:19195a60-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA
+ldapDisplayName: nTDSDSA
+governsId: 1.2.840.113556.1.5.7000.47
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-Sitename,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation
+systemPossSuperiors: organization, server
+schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certification-Authority
+ldapDisplayName: certificationAuthority
+governsId: 2.5.6.16
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn, certificateRevocationList, cACertificate,authorityRevocationList
+systemMayContain: teletexTerminalIdentifier,supportedApplicationContext, signatureAlgorithms, searchGuide,previousParentCA, previousCACertificates, pendingParentCA,pendingCACertificates, parentCACertificateChain, parentCA,enrollmentProviders, domainPolicyObject, domainID, dNSHostName,deltaRevocationList, currentParentCA, crossCertificatePair,cRLObject, certificateTemplates, cAWEBURL, cAUsages, cAConnect,cACertificateDN
+systemPossSuperiors: container
+schemaIdGuid:3fdfee50-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA-RO
+ldapDisplayName: nTDSDSARO
+governsId: 1.2.840.113556.1.5.254
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: nTDSDSA
+systemPossSuperiors: server, organization
+schemaIdGuid:85d16ec1-0791-4bc8-8ab3-70980602ff8c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Service
+ldapDisplayName: nTDSService
+governsId: 1.2.840.113556.1.5.72
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: tombstoneLifetime, sPNMappings,replTopologyStayOfExecution, msDS-Other-Settings, garbageCollPeriod,dSHeuristics
+systemPossSuperiors: container
+schemaIdGuid:19195a5f-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Site-Settings
+ldapDisplayName: nTDSSiteSettings
+governsId: 1.2.840.113556.1.5.69
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: schedule, queryPolicyObject, options,msDS-Preferred-GC-Site, managedBy, interSiteTopologyRenew,interSiteTopologyGenerator, interSiteTopologyFailover
+systemPossSuperiors: site
+schemaIdGuid:19195a5d-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Member
+ldapDisplayName: nTFRSMember
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: serverReference, fRSUpdateTimeout,fRSServiceCommand, fRSRootSecurity, fRSPartnerAuthLevel, fRSFlags,fRSExtensions, fRSControlOutboundBacklog, fRSControlInboundBacklog,fRSControlDataCreation, frsComputerReference
+systemPossSuperiors: nTFRSReplicaSet
+schemaIdGuid:2a132586-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Replica-Set
+ldapDisplayName: nTFRSReplicaSet
+governsId: 1.2.840.113556.1.5.102
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: schedule, msFRS-Topology-Pref, msFRS-Hub-Member,managedBy, fRSVersionGUID, fRSServiceCommand, fRSRootSecurity,fRSReplicaSetType, fRSReplicaSetGUID, fRSPrimaryMember,fRSPartnerAuthLevel, fRSLevelLimit, fRSFlags, fRSFileFilter,fRSExtensions, fRSDSPoll, fRSDirectoryFilter
+systemPossSuperiors: nTFRSSettings
+schemaIdGuid:5245803a-ca6a-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Settings
+ldapDisplayName: nTFRSSettings
+governsId: 1.2.840.113556.1.5.89
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: managedBy, fRSExtensions
+systemPossSuperiors: nTFRSSettings, container, organizationalUnit,organization
+schemaIdGuid:f780acc2-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriber
+ldapDisplayName: nTFRSSubscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: fRSStagingPath, fRSRootPath
+systemMayContain: schedule, fRSUpdateTimeout,fRSTimeLastConfigChange, fRSTimeLastCommand,fRSServiceCommandStatus, fRSServiceCommand, fRSMemberReference,fRSFlags, fRSFaultCondition, fRSExtensions
+systemPossSuperiors: nTFRSSubscriptions
+schemaIdGuid:2a132588-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriptions
+ldapDisplayName: nTFRSSubscriptions
+governsId: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: fRSWorkingPath, fRSVersion, fRSExtensions
+systemPossSuperiors: user, computer, nTFRSSubscriptions
+schemaIdGuid:2a132587-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpc
+ldapDisplayName: oncRpc
+governsId: 1.3.6.1.1.1.2.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, oncRpcNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:cadd1e5e-fefc-4f3f-b5a9-70e994204303
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Organization
+ldapDisplayName: organization
+governsId: 2.5.6.4
+objectClassCategory: 1
+rdnAttId: o
+subClassOf: top
+systemMustContain: o
+systemMayContain: x121Address, userPassword, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,searchGuide, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, physicalDeliveryOfficeName, l,internationalISDNNumber, facsimileTelephoneNumber,destinationIndicator, businessCategory
+systemPossSuperiors: locality, country, domainDNS
+schemaIdGuid:bf967aa3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Registration
+ldapDisplayName: classRegistration
+governsId: 1.2.840.113556.1.5.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: requiredCategories, managedBy,implementedCategories, cOMTreatAsClassId, cOMProgID,cOMOtherProgId, cOMInterfaceID, cOMCLSID
+systemPossSuperiors: classStore
+schemaIdGuid:bf967a82-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Person
+ldapDisplayName: organizationalPerson
+governsId: 2.5.6.7
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: person
+mayContain: msDS-HABSeniorityIndex, msDS-PhoneticDisplayName,msDS-PhoneticCompanyName, msDS-PhoneticDepartment,msDS-PhoneticLastName, msDS-PhoneticFirstName, houseIdentifier,msExchHouseIdentifier, homePostalAddress
+systemMayContain: x121Address, comment, title, co,primaryTelexNumber, telexNumber, teletexTerminalIdentifier, street,st, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, thumbnailPhoto,physicalDeliveryOfficeName, pager, otherPager, otherTelephone,mobile, otherMobile, primaryInternationalISDNNumber, ipPhone,otherIpPhone, otherHomePhone, homePhone,otherFacsimileTelephoneNumber, personalTitle, middleName,otherMailbox, ou, o, mhsORAddress, msDS-AllowedToDelegateTo,manager, thumbnailLogo, l, internationalISDNNumber, initials,givenName, generationQualifier, facsimileTelephoneNumber,employeeID, mail, division, destinationIndicator, department, c,countryCode, company, assistant, streetAddress
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:bf967aa4-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Role
+ldapDisplayName: organizationalRole
+governsId: 2.5.6.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: x121Address, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,roleOccupant, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:a8df74bf-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Unit
+ldapDisplayName: organizationalUnit
+governsId: 2.5.6.5
+objectClassCategory: 1
+rdnAttId: ou
+subClassOf: top
+systemMustContain: ou
+systemMayContain: x121Address, userPassword, uPNSuffixes, co,telexNumber, teletexTerminalIdentifier, telephoneNumber, street, st,seeAlso, searchGuide, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, msCOM-UserPartitionSetLink, managedBy,thumbnailLogo, l, internationalISDNNumber, gPOptions, gPLink,facsimileTelephoneNumber, destinationIndicator, desktopProfile,defaultGroup, countryCode, c, businessCategory
+systemPossSuperiors: country, organization, organizationalUnit,domainDNS
+schemaIdGuid:bf967aa5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Registration
+ldapDisplayName: packageRegistration
+governsId: 1.2.840.113556.1.5.49
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumberLo, versionNumberHi, vendor,upgradeProductCode, setupCommand, productCode, packageType,packageName, packageFlags, msiScriptSize, msiScriptPath,msiScriptName, msiScript, msiFileList, managedBy,machineArchitecture, localeID, lastUpdateSequence, installUiLevel,iconPath, fileExtPriority, cOMTypelibId, cOMProgID, cOMInterfaceID,cOMClassID, categories, canUpgradeScript
+systemPossSuperiors: classStore
+schemaIdGuid:bf967aa6-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Person
+ldapDisplayName: person
+governsId: 2.5.6.6
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: attributeCertificateAttribute
+systemMayContain: userPassword, telephoneNumber, sn, serialNumber,seeAlso
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:bf967aa7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location
+ldapDisplayName: physicalLocation
+governsId: 1.2.840.113556.1.5.97
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: locality
+systemMayContain: managedBy
+systemPossSuperiors: physicalLocation, configuration
+schemaIdGuid:b7b13122-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Certificate-Template
+ldapDisplayName: pKICertificateTemplate
+governsId: 1.2.840.113556.1.5.177
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: pKIOverlapPeriod, pKIMaxIssuingDepth, pKIKeyUsage,pKIExtendedKeyUsage, pKIExpirationPeriod, pKIEnrollmentAccess,pKIDefaultCSPs, pKIDefaultKeySpec, pKICriticalExtensions,msPKI-RA-Signature, msPKI-RA-Policies,msPKI-RA-Application-Policies, msPKI-Template-Schema-Version,msPKI-Template-Minor-Revision, msPKI-Supersede-Templates,msPKI-Private-Key-Flag, msPKI-Minimal-Key-Size,msPKI-Enrollment-Flag, msPKI-Certificate-Policy,msPKI-Certificate-Name-Flag, msPKI-Certificate-Application-Policy,msPKI-Cert-Template-OID, flags, displayName
+systemPossSuperiors: container
+schemaIdGuid:e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Service
+ldapDisplayName: pKIEnrollmentService
+governsId: 1.2.840.113556.1.5.178
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: signatureAlgorithms, enrollmentProviders,dNSHostName, certificateTemplates, cACertificateDN, cACertificate
+systemPossSuperiors: container
+schemaIdGuid:ee4aa692-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PosixAccount
+ldapDisplayName: posixAccount
+governsId: 1.3.6.1.1.1.2.0
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description
+schemaIdGuid:ad44bb41-67d5-4d88-b575-7b20674e76d8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: PosixGroup
+ldapDisplayName: posixGroup
+governsId: 1.3.6.1.1.1.2.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid
+schemaIdGuid:2a9350b8-062c-4ed0-9903-dde10d06deba
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Class-Schema
+ldapDisplayName: classSchema
+governsId: 1.2.840.113556.1.3.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: subClassOf, schemaIDGUID, objectClassCategory,governsID, defaultObjectCategory, cn
+systemMayContain: systemPossSuperiors, systemOnly, systemMustContain,systemMayContain, systemAuxiliaryClass, schemaFlagsEx, rDNAttID,possSuperiors, mustContain, msDs-Schema-Extensions, msDS-IntId,mayContain, lDAPDisplayName, isDefunct, defaultSecurityDescriptor,defaultHidingValue, classDisplayName, auxiliaryClass
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Queue
+ldapDisplayName: printQueue
+governsId: 1.2.840.113556.1.5.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: versionNumber, uNCName, shortServerName,serverName, printerName
+systemMayContain: priority, printStatus, printStartTime,printStaplingSupported, printSpooling, printShareName,printSeparatorFile, printRateUnit, printRate, printPagesPerMinute,printOwner, printOrientationsSupported, printNumberUp, printNotify,printNetworkAddress, printMinYExtent, printMinXExtent, printMemory,printMediaSupported, printMediaReady, printMaxYExtent,printMaxXExtent, printMaxResolutionSupported, printMaxCopies,printMACAddress, printLanguage, printKeepPrintedJobs, printFormName,printEndTime, printDuplexSupported, printColor, printCollate,printBinNames, printAttributes, portName, physicalLocationObject,operatingSystemVersion, operatingSystemServicePack,operatingSystemHotfix, operatingSystem, location, driverVersion,driverName, defaultPriority, bytesPerMinute, assetNumber
+systemPossSuperiors: organizationalUnit, domainDNS, container,computer
+schemaIdGuid:bf967aa8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy
+ldapDisplayName: queryPolicy
+governsId: 1.2.840.113556.1.5.106
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: lDAPIPDenyList, lDAPAdminLimits
+systemPossSuperiors: container
+schemaIdGuid:83cc7075-cca7-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Mail-Recipient
+ldapDisplayName: remoteMailRecipient
+governsId: 1.2.840.113556.1.5.24
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: mailRecipient
+systemMayContain: remoteSourceType, remoteSource, managedBy
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967aa9-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-Service-Point
+ldapDisplayName: remoteStorageServicePoint
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: remoteStorageGUID
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5bd-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Residential-Person
+ldapDisplayName: residentialPerson
+governsId: 2.5.6.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: person
+systemMayContain: x121Address, title, telexNumber,teletexTerminalIdentifier, street, st, registeredAddress,preferredDeliveryMethod, postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, businessCategory
+systemPossSuperiors: locality, container
+schemaIdGuid:a8df74d6-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rFC822LocalPart
+ldapDisplayName: rFC822LocalPart
+governsId: 0.9.2342.19200300.100.4.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: domain
+mayContain: x121Address, telexNumber, teletexTerminalIdentifier,telephoneNumber, street, sn, seeAlso, registeredAddress,preferredDeliveryMethod, postOfficeBox, postalCode, postalAddress,physicalDeliveryOfficeName, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:b93e3a78-cbae-485e-a07b-5ef4ae505686
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: RID-Manager
+ldapDisplayName: rIDManager
+governsId: 1.2.840.113556.1.5.83
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDAvailablePool
+systemPossSuperiors: container
+schemaIdGuid:6617188d-8f3c-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RID-Set
+ldapDisplayName: rIDSet
+governsId: 1.2.840.113556.1.5.129
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDUsedPool, rIDPreviousAllocationPool,rIDNextRID, rIDAllocationPool
+systemPossSuperiors: user, container, computer
+schemaIdGuid:7bfdcb89-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: room
+ldapDisplayName: room
+governsId: 0.9.2342.19200300.100.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: location, telephoneNumber, seeAlso, description,roomNumber
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7860e5d2-c8b0-4cbb-bd45-d9455beb9206
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Rpc-Container
+ldapDisplayName: rpcContainer
+governsId: 1.2.840.113556.1.5.136
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: nameServiceFlags
+systemPossSuperiors: container
+schemaIdGuid:80212842-4bdc-11d1-a9c4-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Store
+ldapDisplayName: classStore
+governsId: 1.2.840.113556.1.5.44
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumber, nextLevelStore, lastUpdateSequence,appSchemaVersion
+systemPossSuperiors: domainPolicy, computer, group, user, classStore,organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a84-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Entry
+ldapDisplayName: rpcEntry
+governsId: 1.2.840.113556.1.5.27
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: connectionPoint
+systemPossSuperiors: container
+schemaIdGuid:bf967aac-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Group
+ldapDisplayName: rpcGroup
+governsId: 1.2.840.113556.1.5.80
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsGroup
+systemPossSuperiors: container
+schemaIdGuid:88611bdf-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile
+ldapDisplayName: rpcProfile
+governsId: 1.2.840.113556.1.5.82
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemPossSuperiors: container
+schemaIdGuid:88611be1-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile-Element
+ldapDisplayName: rpcProfileElement
+governsId: 1.2.840.113556.1.5.26
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsPriority, rpcNsInterfaceID
+systemMayContain: rpcNsProfileEntry, rpcNsAnnotation
+systemPossSuperiors: rpcProfile
+schemaIdGuid:f29653cf-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server
+ldapDisplayName: rpcServer
+governsId: 1.2.840.113556.1.5.81
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsEntryFlags, rpcNsCodeset
+systemPossSuperiors: container
+schemaIdGuid:88611be0-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server-Element
+ldapDisplayName: rpcServerElement
+governsId: 1.2.840.113556.1.5.73
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsTransferSyntax, rpcNsInterfaceID,rpcNsBindings
+systemPossSuperiors: rpcServer
+schemaIdGuid:f29653d0-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Connection-Point
+ldapDisplayName: rRASAdministrationConnectionPoint
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: msRRASAttribute
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5be-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Dictionary
+ldapDisplayName: rRASAdministrationDictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msRRASVendorAttributeEntry
+systemPossSuperiors: container
+schemaIdGuid:f39b98ae-938d-11d1-aebd-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain
+ldapDisplayName: samDomain
+governsId: 1.2.840.113556.1.5.3
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy
+schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;RO)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain-Base
+ldapDisplayName: samDomainBase
+governsId: 1.2.840.113556.1.5.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: uASCompat, serverState, serverRole, revision,pwdProperties, pwdHistoryLength, oEMInformation, objectSid,nTSecurityDescriptor, nextRid, modifiedCountAtLastProm,modifiedCount, minPwdLength, minPwdAge, maxPwdAge, lockoutThreshold,lockoutDuration, lockOutObservationWindow, forceLogoff,domainReplica, creationTime
+schemaIdGuid:bf967a91-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Policy
+ldapDisplayName: aCSPolicy
+governsId: 1.2.840.113556.1.5.137
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSTotalNoOfFlows, aCSTimeOfDay, aCSServiceType,aCSPriority, aCSPermissionBits, aCSMinimumDelayVariation,aCSMinimumLatency, aCSMaximumSDUSize, aCSMinimumPolicedSize,aCSMaxTokenRatePerFlow, aCSMaxTokenBucketPerFlow,aCSMaxPeakBandwidthPerFlow, aCSMaxDurationPerFlow,aCSMaxAggregatePeakRatePerUser, aCSIdentityName, aCSDirection,aCSAggregateTokenRatePerUser
+systemPossSuperiors: container
+schemaIdGuid:7f561288-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Com-Connection-Point
+ldapDisplayName: comConnectionPoint
+governsId: 1.2.840.113556.1.5.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: cn
+systemMayContain: monikerDisplayName, moniker, marshalledInterface
+systemPossSuperiors: container
+schemaIdGuid:bf967a85-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Server
+ldapDisplayName: samServer
+governsId: 1.2.840.113556.1.5.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: securityObject
+systemMayContain: samDomainUpdates
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967aad-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Secret
+ldapDisplayName: secret
+governsId: 1.2.840.113556.1.5.28
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: priorValue, priorSetTime, lastSetTime, currentValue
+systemPossSuperiors: container
+schemaIdGuid:bf967aae-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Object
+ldapDisplayName: securityObject
+governsId: 1.2.840.113556.1.5.1
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemPossSuperiors: container
+schemaIdGuid:bf967aaf-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Principal
+ldapDisplayName: securityPrincipal
+governsId: 1.2.840.113556.1.5.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: sAMAccountName, objectSid
+systemMayContain: supplementalCredentials, sIDHistory,securityIdentifier, sAMAccountType, rid, tokenGroupsNoGCAcceptable,tokenGroupsGlobalAndUniversal, tokenGroups, nTSecurityDescriptor,msDS-KeyVersionNumber, altSecurityIdentities, accountNameHistory
+schemaIdGuid:bf967ab0-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server
+ldapDisplayName: server
+governsId: 1.2.840.113556.1.5.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, mailAddress, serverReference, serialNumber,managedBy, dNSHostName, bridgeheadTransportList
+systemPossSuperiors: serversContainer
+schemaIdGuid:bf967a92-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Servers-Container
+ldapDisplayName: serversContainer
+governsId: 1.2.840.113556.1.5.7000.48
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: site
+schemaIdGuid:f780acc0-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Administration-Point
+ldapDisplayName: serviceAdministrationPoint
+governsId: 1.2.840.113556.1.5.94
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemPossSuperiors: computer
+schemaIdGuid:b7b13123-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class
+ldapDisplayName: serviceClass
+governsId: 1.2.840.113556.1.5.29
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: serviceClassID, displayName
+systemMayContain: serviceClassInfo
+systemPossSuperiors: container
+schemaIdGuid:bf967ab1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Connection-Point
+ldapDisplayName: serviceConnectionPoint
+governsId: 1.2.840.113556.1.5.126
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: versionNumberLo, versionNumberHi, versionNumber,vendor, serviceDNSNameType, serviceDNSName, serviceClassName,serviceBindingInformation, appSchemaVersion
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:28630ec1-41d5-11d1-a9c1-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance
+ldapDisplayName: serviceInstance
+governsId: 1.2.840.113556.1.5.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: serviceClassID, displayName
+systemMayContain: winsockAddresses, serviceInstanceVersion
+systemPossSuperiors: container
+schemaIdGuid:bf967ab2-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Computer
+ldapDisplayName: computer
+governsId: 1.2.840.113556.1.3.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+auxiliaryClass: ipHost
+mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name
+systemMayContain: msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs
+systemPossSuperiors: container, organizationalUnit, domainDNS
+schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowAccount
+ldapDisplayName: shadowAccount
+governsId: 1.3.6.1.1.1.2.1
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, userPassword, description, shadowLastChange,shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,shadowFlag
+schemaIdGuid:5b6d8467-1a18-4174-b350-9cc6e7b4ac8d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: simpleSecurityObject
+ldapDisplayName: simpleSecurityObject
+governsId: 0.9.2342.19200300.100.4.19
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: userPassword
+schemaIdGuid:5fe69b0b-e146-4f15-b0ab-c1e5d488e094
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Site
+ldapDisplayName: site
+governsId: 1.2.840.113556.1.5.31
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, mSMQSiteID, mSMQSiteForeign,mSMQNt4Stub, mSMQInterval2, mSMQInterval1, managedBy, location,gPOptions, gPLink, msDS-BridgeHeadServersUsed
+systemPossSuperiors: sitesContainer
+schemaIdGuid:bf967ab3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link
+ldapDisplayName: siteLink
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteList
+systemMayContain: schedule, replInterval, options, cost
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cde-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-Bridge
+ldapDisplayName: siteLinkBridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteLinkList
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cdf-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sites-Container
+ldapDisplayName: sitesContainer
+governsId: 1.2.840.113556.1.5.107
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: configuration
+schemaIdGuid:7a4117da-cd67-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Storage
+ldapDisplayName: storage
+governsId: 1.2.840.113556.1.5.33
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: monikerDisplayName, moniker, iconPath
+systemPossSuperiors: container
+schemaIdGuid:bf967ab5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet
+ldapDisplayName: subnet
+governsId: 1.2.840.113556.1.5.96
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: siteObject, physicalLocationObject, location
+systemPossSuperiors: subnetContainer
+schemaIdGuid:b7b13124-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet-Container
+ldapDisplayName: subnetContainer
+governsId: 1.2.840.113556.1.5.95
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:b7b13125-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SubSchema
+ldapDisplayName: subSchema
+governsId: 2.5.20.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: objectClasses, modifyTimeStamp, extendedClassInfo,extendedAttributeInfo, dITContentRules, attributeTypes
+systemPossSuperiors: dMD
+schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Configuration
+ldapDisplayName: configuration
+governsId: 1.2.840.113556.1.5.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: gPOptions, gPLink
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a87-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Top
+ldapDisplayName: top
+governsId: 2.5.6.0
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType
+mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL
+systemMayContain: msDS-NcType, msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL
+systemPossSuperiors: lostAndFound
+schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trusted-Domain
+ldapDisplayName: trustedDomain
+governsId: 1.2.840.113556.1.5.34
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: msDS-SupportedEncryptionTypes, trustType,trustPosixOffset, trustPartner, trustDirection, trustAuthOutgoing,trustAuthIncoming, trustAttributes, securityIdentifier,msDS-TrustForestTrustInfo, mS-DS-CreatorSID, initialAuthOutgoing,initialAuthIncoming, flatName, domainIdentifier, domainCrossRef,additionalTrustedServiceNames
+systemPossSuperiors: container
+schemaIdGuid:bf967ab8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Type-Library
+ldapDisplayName: typeLibrary
+governsId: 1.2.840.113556.1.5.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: cOMUniqueLIBID, cOMInterfaceID, cOMClassID
+systemPossSuperiors: classStore
+schemaIdGuid:281416e2-1968-11d0-a28f-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User
+ldapDisplayName: user
+governsId: 1.2.840.113556.1.5.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+auxiliaryClass: shadowAccount, posixAccount
+systemAuxiliaryClass: securityPrincipal, mailRecipient
+mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio
+systemMayContain: msDS-ResultantPSO, MSTSLSProperty01,MSTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires
+schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
+systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume
+ldapDisplayName: volume
+governsId: 1.2.840.113556.1.5.36
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: uNCName
+systemMayContain: lastContentIndexed, contentIndexingAllowed
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967abb-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Connection-Point
+ldapDisplayName: connectionPoint
+governsId: 1.2.840.113556.1.5.14
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: cn
+systemMayContain: msDS-Settings, managedBy, keywords
+systemPossSuperiors: container, computer
+schemaIdGuid:5cb41ecf-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Contact
+ldapDisplayName: contact
+governsId: 1.2.840.113556.1.5.15
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+systemAuxiliaryClass: mailRecipient
+systemMustContain: cn
+mayContain: msDS-SourceObjectDN
+systemMayContain: notes
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:5cb41ed0-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Container
+ldapDisplayName: container
+governsId: 1.2.840.113556.1.3.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-ObjectReference
+systemMayContain: schemaVersion, defaultClassStore
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, subnet, server, nTDSService, domainDNS,organization, configuration, container, organizationalUnit
+schemaIdGuid:bf967a8b-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Right
+ldapDisplayName: controlAccessRight
+governsId: 1.2.840.113556.1.5.77
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: validAccesses, rightsGuid, localizationDisplayId,appliesTo
+systemPossSuperiors: container
+schemaIdGuid:8297931e-86d3-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Country
+ldapDisplayName: country
+governsId: 2.5.6.2
+objectClassCategory: 0
+rdnAttId: c
+subClassOf: top
+systemMustContain: c
+systemMayContain: co, searchGuide
+systemPossSuperiors: domainDNS, organization
+schemaIdGuid:bf967a8c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Distribution-Point
+ldapDisplayName: cRLDistributionPoint
+governsId: 2.5.6.19
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: deltaRevocationList, cRLPartitionedRevocationList,certificateRevocationList, certificateAuthorityObject,authorityRevocationList
+systemPossSuperiors: container
+schemaIdGuid:167758ca-47f3-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref
+ldapDisplayName: crossRef
+governsId: 1.2.840.113556.1.3.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: nCName, dnsRoot, cn
+systemMayContain: msDS-NC-RO-Replica-Locations, trustParent,superiorDNSRoot, rootTrust, nTMixedDomain, nETBIOSName, Enabled,msDS-SDReferenceDomain,msDS-Replication-Notify-Subsequent-DSA-Delay,msDS-Replication-Notify-First-DSA-Delay, msDS-NC-Replica-Locations,msDS-DnsRootAlias, msDS-Behavior-Version
+systemPossSuperiors: crossRefContainer
+schemaIdGuid:bf967a8d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Resource-Limits
+ldapDisplayName: aCSResourceLimits
+governsId: 1.2.840.113556.1.5.191
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSMaxTokenRatePerFlow, aCSServiceType,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth,aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:2e899b04-2834-11d3-91d4-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref-Container
+ldapDisplayName: crossRefContainer
+governsId: 1.2.840.113556.1.5.7000.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-SPNSuffixes, uPNSuffixes, msDS-UpdateScript,msDS-ExecuteScriptPassword, msDS-Behavior-Version
+systemPossSuperiors: configuration
+schemaIdGuid:ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: FALSE
+systemOnly: TRUE
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Device
+ldapDisplayName: device
+governsId: 2.5.6.14
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: ipHost, ieee802Device, bootableDevice
+systemMustContain: cn
+mayContain: msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+systemMayContain: serialNumber, seeAlso, owner, ou, o, l
+systemPossSuperiors: domainDNS, organizationalUnit, organization,container
+schemaIdGuid:bf967a8e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dfs-Configuration
+ldapDisplayName: dfsConfiguration
+governsId: 1.2.840.113556.1.5.42
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container, domainDNS
+schemaIdGuid:8447f9f2-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DHCP-Class
+ldapDisplayName: dHCPClass
+governsId: 1.2.840.113556.1.5.132
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: dhcpUniqueKey, dhcpType, dhcpIdentification,dhcpFlags
+systemMayContain: superScopes, superScopeDescription,optionsLocation, optionDescription, networkAddress, mscopeId,dhcpUpdateTime, dhcpSubnets, dhcpState, dhcpSites, dhcpServers,dhcpReservations, dhcpRanges, dhcpProperties, dhcpOptions,dhcpObjName, dhcpObjDescription, dhcpMaxKey, dhcpMask, dhcpClasses
+systemPossSuperiors: container
+schemaIdGuid:963d2756-48be-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Specifier
+ldapDisplayName: displaySpecifier
+governsId: 1.2.840.113556.1.5.84
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: treatAsLeaf, shellPropertyPages, shellContextMenu,scopeFlags, queryFilter, iconPath, extraColumns, creationWizard,createWizardExt, createDialog, contextMenu, classDisplayName,attributeDisplayNames, adminPropertyPages,adminMultiselectPropertyPages, adminContextMenu
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8a-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Template
+ldapDisplayName: displayTemplate
+governsId: 1.2.840.113556.1.3.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: originalDisplayTableMSDOS, originalDisplayTable,helpFileName, helpData32, helpData16, addressEntryDisplayTableMSDOS,addressEntryDisplayTable
+systemPossSuperiors: container
+schemaIdGuid:5fd4250c-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DMD
+ldapDisplayName: dMD
+governsId: 1.2.840.113556.1.3.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: schemaUpdate, schemaInfo, prefixMap,msDs-Schema-Extensions, msDS-IntId, dmdName
+systemPossSuperiors: configuration
+schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Node
+ldapDisplayName: dnsNode
+governsId: 1.2.840.113556.1.5.86
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: dNSTombstoned, dnsRecord, dNSProperty
+systemPossSuperiors: dnsZone
+schemaIdGuid:e0fa1e8c-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Zone
+ldapDisplayName: dnsZone
+governsId: 1.2.840.113556.1.5.85
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: managedBy, dnsSecureSecondaries, dNSProperty,dnsNotifySecondaries, dnsAllowXFR, dnsAllowDynamic
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8b-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: document
+ldapDisplayName: document
+governsId: 0.9.2342.19200300.100.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: documentIdentifier, documentPublisher, documentLocation,documentAuthor, documentVersion, documentTitle, ou, o, l, seeAlso,description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:39bad96d-c2d6-4baf-88ab-7e4207600117
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ACS-Subnet
+ldapDisplayName: aCSSubnet
+governsId: 1.2.840.113556.1.5.138
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSServerList, aCSRSVPLogFilesLocation,aCSRSVPAccountFilesLocation, aCSNonReservedTxSize,aCSNonReservedTxLimit, aCSNonReservedTokenSize,aCSNonReservedPeakRate, aCSNonReservedMinPolicedSize,aCSNonReservedMaxSDUSize, aCSMaxTokenRatePerFlow,aCSMaxSizeOfRSVPLogFile, aCSMaxSizeOfRSVPAccountFile,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth, aCSMaxNoOfLogFiles,aCSMaxNoOfAccountFiles, aCSMaxDurationPerFlow, aCSEventLogLevel,aCSEnableRSVPMessageLogging, aCSEnableRSVPAccounting,aCSEnableACSService, aCSDSBMRefresh, aCSDSBMPriority,aCSDSBMDeadTime, aCSCacheTimeout, aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:7f561289-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: documentSeries
+ldapDisplayName: documentSeries
+governsId: 0.9.2342.19200300.100.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: telephoneNumber, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7a2be07c-302f-4b96-bc90-0795d66885f8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Domain
+ldapDisplayName: domain
+governsId: 1.2.840.113556.1.5.66
+objectClassCategory: 2
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemPossSuperiors: domain, organization
+schemaIdGuid:19195a5a-6da0-11d0-afd3-00c04fd930c9
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-DNS
+ldapDisplayName: domainDNS
+governsId: 1.2.840.113556.1.5.67
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: domain
+systemAuxiliaryClass: samDomain
+systemMayContain: msDS-Behavior-Version, msDS-AllowedDNSSuffixes,managedBy
+systemPossSuperiors: domainDNS
+schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;RO)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy
+ldapDisplayName: domainPolicy
+governsId: 1.2.840.113556.1.5.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: qualityOfService, pwdProperties, pwdHistoryLength,publicKeyPolicy, proxyLifetime, minTicketAge, minPwdLength,minPwdAge, maxTicketAge, maxRenewAge, maxPwdAge, managedBy,lockoutThreshold, lockoutDuration, lockOutObservationWindow,ipsecPolicyReference, forceLogoff, eFSPolicy, domainWidePolicy,domainPolicyReference, domainCAs, defaultLocalPolicyObject,authenticationOptions
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a99-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: domainRelatedObject
+ldapDisplayName: domainRelatedObject
+governsId: 0.9.2342.19200300.100.4.17
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: associatedDomain
+schemaIdGuid:8bfd2d3d-efda-4549-852c-f85e137aedc6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DSA
+ldapDisplayName: dSA
+governsId: 2.5.6.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationEntity
+systemMayContain: knowledgeInformation
+systemPossSuperiors: server, computer
+schemaIdGuid:3fdfee52-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Settings
+ldapDisplayName: dSUISettings
+governsId: 1.2.840.113556.1.5.183
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Non-Security-Group-Extra-Classes,msDS-Security-Group-Extra-Classes, msDS-FilterContainers,dSUIShellMaximum, dSUIAdminNotification, dSUIAdminMaximum
+systemPossSuperiors: container
+schemaIdGuid:09b10f14-6f93-11d2-9905-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-Object
+ldapDisplayName: dynamicObject
+governsId: 1.3.6.1.4.1.1466.101.119.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Entry-Time-To-Die, entryTTL
+schemaIdGuid:66d51249-3355-4c1f-b24e-81f252aca23b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking
+ldapDisplayName: fileLinkTracking
+governsId: 1.2.840.113556.1.5.52
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid:dd712229-10e4-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking-Entry
+ldapDisplayName: fileLinkTrackingEntry
+governsId: 1.2.840.113556.1.5.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:8e4eb2ed-4712-11d0-a1a0-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Book-Container
+ldapDisplayName: addressBookContainer
+governsId: 1.2.840.113556.1.5.125
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: displayName
+systemMayContain: purportedSearch
+systemPossSuperiors: addressBookContainer, configuration
+schemaIdGuid:3e74f60f-3e73-11d1-a9c0-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Foreign-Security-Principal
+ldapDisplayName: foreignSecurityPrincipal
+governsId: 1.2.840.113556.1.5.76
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectSid
+systemMayContain: foreignIdentifier
+systemPossSuperiors: container
+schemaIdGuid:89e31c12-8530-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: friendlyCountry
+ldapDisplayName: friendlyCountry
+governsId: 0.9.2342.19200300.100.4.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: country
+mustContain: co
+schemaIdGuid:c498f152-dc6b-474a-9f52-7cdba3d7d351
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: FT-Dfs
+ldapDisplayName: fTDfs
+governsId: 1.2.840.113556.1.5.43
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: remoteServerName, pKTGuid, pKT
+systemMayContain: uNCName, managedBy, keywords
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid:8447f9f3-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group
+ldapDisplayName: group
+governsId: 1.2.840.113556.1.5.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: posixGroup
+systemAuxiliaryClass: mailRecipient, securityPrincipal
+systemMustContain: groupType
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30PosixMember
+systemMayContain: msDS-AzApplicationData,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, msDS-AzGenericData, msDS-AzObjectGuid,primaryGroupToken, operatorCount, nTGroupMembers, nonSecurityMember,msDS-NonMembers, msDS-AzLDAPQuery, member, managedBy,groupMembershipSAM, groupAttributes, mail, desktopProfile,controlAccessRights, adminCount
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, container, builtinDomain, organizationalUnit,domainDNS
+schemaIdGuid:bf967a9c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Of-Names
+ldapDisplayName: groupOfNames
+governsId: 2.5.6.9
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member, cn
+systemMayContain: seeAlso, owner, ou, o, businessCategory
+systemPossSuperiors: organizationalUnit, locality, organization,container
+schemaIdGuid:bf967a9d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: groupOfUniqueNames
+ldapDisplayName: groupOfUniqueNames
+governsId: 2.5.6.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: uniqueMember, cn
+mayContain: seeAlso, owner, ou, o, description, businessCategory
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:0310a911-93a3-4e21-a7a3-55d85ab2c48b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Group-Policy-Container
+ldapDisplayName: groupPolicyContainer
+governsId: 1.2.840.113556.1.5.157
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: versionNumber, gPCWQLFilter, gPCUserExtensionNames,gPCMachineExtensionNames, gPCFunctionalityVersion, gPCFileSysPath,flags
+schemaIdGuid:f30e3bc2-9ff0-11d1-b603-0000f80367c1
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IEEE802Device
+ldapDisplayName: ieee802Device
+governsId: 1.3.6.1.1.1.2.11
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, macAddress
+schemaIdGuid:a699e529-a637-4b7d-a0fb-5dc466a0b8a7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Index-Server-Catalog
+ldapDisplayName: indexServerCatalog
+governsId: 1.2.840.113556.1.5.130
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: creator
+systemMayContain: uNCName, queryPoint, indexedScopes, friendlyNames
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:7bfdcb8a-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: inetOrgPerson
+ldapDisplayName: inetOrgPerson
+governsId: 2.16.840.1.113730.3.2.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+mayContain: x500uniqueIdentifier, userSMIMECertificate, userPKCS12,userCertificate, uid, secretary, roomNumber, preferredLanguage,photo, pager, o, mobile, manager, mail, labeledURI, jpegPhoto,initials, homePostalAddress, homePhone, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense,businessCategory, audio
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:4828cc14-1437-45bc-9b07-ad6f015e5f28
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Address-Template
+ldapDisplayName: addressTemplate
+governsId: 1.2.840.113556.1.3.58
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: displayTemplate
+systemMustContain: displayName
+systemMayContain: proxyGenerationEnabled, perRecipDialogDisplayTable,perMsgDialogDisplayTable, addressType, addressSyntax
+systemPossSuperiors: container
+schemaIdGuid:5fd4250a-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Infrastructure-Update
+ldapDisplayName: infrastructureUpdate
+governsId: 1.2.840.113556.1.5.175
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: dNReferenceUpdate
+systemPossSuperiors: infrastructureUpdate, domain
+schemaIdGuid:2df90d89-009f-11d2-aa4c-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-Group
+ldapDisplayName: intellimirrorGroup
+governsId: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:07383086-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-SCP
+ldapDisplayName: intellimirrorSCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: netbootTools, netbootServer, netbootNewMachineOU,netbootNewMachineNamingPolicy, netbootMaxClients,netbootMachineFilePath, netbootLocallyInstalledOSes,netbootLimitClients, netbootIntelliMirrorOSes,netbootCurrentClientCount, netbootAnswerRequests,netbootAnswerOnlyValidClients, netbootAllowNewClients
+systemPossSuperiors: computer, intellimirrorGroup
+schemaIdGuid:07383085-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport
+ldapDisplayName: interSiteTransport
+governsId: 1.2.840.113556.1.5.141
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: transportDLLName, transportAddressAttribute
+systemMayContain: replInterval, options
+systemPossSuperiors: interSiteTransportContainer
+schemaIdGuid:26d97376-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport-Container
+ldapDisplayName: interSiteTransportContainer
+governsId: 1.2.840.113556.1.5.140
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:26d97375-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpHost
+ldapDisplayName: ipHost
+governsId: 1.3.6.1.1.1.2.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: manager, cn, description, ipHostNumber, uid, l
+schemaIdGuid:ab911646-8827-4f95-8780-5a8f008eb68f
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpNetwork
+ldapDisplayName: ipNetwork
+governsId: 1.3.6.1.1.1.2.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipNetworkNumber
+mayContain: manager, description, ipNetmaskNumber, uid, l,msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:d95836c3-143e-43fb-992a-b057f1ecadf9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpProtocol
+ldapDisplayName: ipProtocol
+governsId: 1.3.6.1.1.1.2.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipProtocolNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Ipsec-Base
+ldapDisplayName: ipsecBase
+governsId: 1.2.840.113556.1.5.7000.56
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: ipsecOwnersReference, ipsecName, ipsecID,ipsecDataType, ipsecData
+schemaIdGuid:b40ff825-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter
+ldapDisplayName: ipsecFilter
+governsId: 1.2.840.113556.1.5.118
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff826-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Entity
+ldapDisplayName: applicationEntity
+governsId: 2.5.6.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: presentationAddress, cn
+systemMayContain: supportedApplicationContext, seeAlso, ou, o, l
+systemPossSuperiors: applicationProcess, organizationalUnit,container
+schemaIdGuid:3fdfee4f-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Policy
+ldapDisplayName: ipsecISAKMPPolicy
+governsId: 1.2.840.113556.1.5.120
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff828-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy
+ldapDisplayName: ipsecNegotiationPolicy
+governsId: 1.2.840.113556.1.5.119
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: iPSECNegotiationPolicyType,iPSECNegotiationPolicyAction
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff827-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA
+ldapDisplayName: ipsecNFA
+governsId: 1.2.840.113556.1.5.121
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNegotiationPolicyReference,ipsecFilterReference
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff829-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy
+ldapDisplayName: ipsecPolicy
+governsId: 1.2.840.113556.1.5.98
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNFAReference, ipsecISAKMPReference
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b7b13121-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpService
+ldapDisplayName: ipService
+governsId: 1.3.6.1.1.1.2.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: ipServiceProtocol, ipServicePort, cn
+mayContain: description, msSFU30Name, msSFU30NisDomain,msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:2517fadf-fa97-48ad-9de6-79ac5721f864
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Leaf
+ldapDisplayName: leaf
+governsId: 1.2.840.113556.1.5.20
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+schemaIdGuid:bf967a9e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Licensing-Site-Settings
+ldapDisplayName: licensingSiteSettings
+governsId: 1.2.840.113556.1.5.78
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: siteServer
+systemPossSuperiors: site
+schemaIdGuid:1be8f17d-a9ff-11d0-afe2-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Object-Move-Table
+ldapDisplayName: linkTrackObjectMoveTable
+governsId: 1.2.840.113556.1.5.91
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf5-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-OMT-Entry
+ldapDisplayName: linkTrackOMTEntry
+governsId: 1.2.840.113556.1.5.93
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: timeRefresh, oMTIndxGuid, oMTGuid, currentLocation,birthLocation
+systemPossSuperiors: linkTrackObjectMoveTable
+schemaIdGuid:ddac0cf7-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Vol-Entry
+ldapDisplayName: linkTrackVolEntry
+governsId: 1.2.840.113556.1.5.92
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: volTableIdxGUID, volTableGUID, timeVolChange,timeRefresh, seqNotification, objectCount, linkTrackSecret,currMachineId
+systemPossSuperiors: linkTrackVolumeTable
+schemaIdGuid:ddac0cf6-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Process
+ldapDisplayName: applicationProcess
+governsId: 2.5.6.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: seeAlso, ou, l
+systemPossSuperiors: organizationalUnit, organization, container,computer
+schemaIdGuid:5fd4250b-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Volume-Table
+ldapDisplayName: linkTrackVolumeTable
+governsId: 1.2.840.113556.1.5.90
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf4-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality
+ldapDisplayName: locality
+governsId: 2.5.6.3
+objectClassCategory: 1
+rdnAttId: l
+subClassOf: top
+systemMustContain: l
+systemMayContain: street, st, seeAlso, searchGuide
+systemPossSuperiors: domainDNS, country, organizationalUnit,organization, locality
+schemaIdGuid:bf967aa0-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lost-And-Found
+ldapDisplayName: lostAndFound
+governsId: 1.2.840.113556.1.5.139
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: moveTreeState
+systemPossSuperiors: configuration, domainDNS, dMD
+schemaIdGuid:52ab8671-5709-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mail-Recipient
+ldapDisplayName: mailRecipient
+governsId: 1.2.840.113556.1.3.46
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-PhoneticDisplayName, userSMIMECertificate,secretary, msExchLabeledURI, msExchAssistantName, labeledURI
+systemMayContain: userCertificate, userCert, textEncodedORAddress,telephoneNumber, showInAddressBook, legacyExchangeDN,garbageCollPeriod, info
+systemPossSuperiors: container
+schemaIdGuid:bf967aa1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Meeting
+ldapDisplayName: meeting
+governsId: 1.2.840.113556.1.5.104
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: meetingName
+systemMayContain: meetingURL, meetingType, meetingStartTime,meetingScope, meetingRecurrence, meetingRating, meetingProtocol,meetingOwner, meetingOriginator, meetingMaxParticipants,meetingLocation, meetingLanguage, meetingKeyword,meetingIsEncrypted, meetingIP, meetingID, meetingEndTime,meetingDescription, meetingContactInfo, meetingBlob,meetingBandwidth, meetingApplication, meetingAdvertiseScope
+systemPossSuperiors: container
+schemaIdGuid:11b6cc94-48c4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPCube
+ldapDisplayName: mS-SQL-OLAPCube
+governsId: 1.2.840.113556.1.5.190
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Description, mS-SQL-Contact, mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPDatabase
+schemaIdGuid:09f0506a-cd28-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPDatabase
+ldapDisplayName: mS-SQL-OLAPDatabase
+governsId: 1.2.840.113556.1.5.189
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-ConnectionURL, mS-SQL-InformationURL, mS-SQL-Status,mS-SQL-Applications, mS-SQL-LastBackupDate, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Type, mS-SQL-Description, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPServer
+schemaIdGuid:20af031a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPServer
+ldapDisplayName: mS-SQL-OLAPServer
+governsId: 1.2.840.113556.1.5.185
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-Language,mS-SQL-ServiceAccount, mS-SQL-Contact, mS-SQL-RegisteredOwner,mS-SQL-Build, mS-SQL-Version, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:0c7e18ea-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLDatabase
+ldapDisplayName: mS-SQL-SQLDatabase
+governsId: 1.2.840.113556.1.5.188
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-InformationURL,mS-SQL-Status, mS-SQL-Applications, mS-SQL-LastDiagnosticDate,mS-SQL-LastBackupDate, mS-SQL-CreationDate, mS-SQL-Size,mS-SQL-Contact, mS-SQL-Alias, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:1d08694a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLPublication
+ldapDisplayName: mS-SQL-SQLPublication
+governsId: 1.2.840.113556.1.5.187
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-ThirdParty,mS-SQL-AllowSnapshotFilesFTPDownloading,mS-SQL-AllowQueuedUpdatingSubscription,mS-SQL-AllowImmediateUpdatingSubscription,mS-SQL-AllowKnownPullSubscription, mS-SQL-Publisher,mS-SQL-AllowAnonymousSubscription, mS-SQL-Database, mS-SQL-Type,mS-SQL-Status, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:17c2f64e-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Settings
+ldapDisplayName: applicationSettings
+governsId: 1.2.840.113556.1.5.7000.49
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, msDS-Settings, applicationName
+systemPossSuperiors: server
+schemaIdGuid:f780acc1-56f0-11d1-a9c6-0000f80367c1
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLRepository
+ldapDisplayName: mS-SQL-SQLRepository
+governsId: 1.2.840.113556.1.5.186
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-InformationDirectory, mS-SQL-Version,mS-SQL-Description, mS-SQL-Status, mS-SQL-Build, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:11d43c5c-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLServer
+ldapDisplayName: mS-SQL-SQLServer
+governsId: 1.2.840.113556.1.5.184
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-GPSHeight,mS-SQL-GPSLongitude, mS-SQL-GPSLatitude, mS-SQL-InformationURL,mS-SQL-LastUpdatedDate, mS-SQL-Status, mS-SQL-Vines,mS-SQL-AppleTalk, mS-SQL-TCPIP, mS-SQL-SPX, mS-SQL-MultiProtocol,mS-SQL-NamedPipe, mS-SQL-Clustered, mS-SQL-UnicodeSortOrder,mS-SQL-SortOrder, mS-SQL-CharacterSet, mS-SQL-ServiceAccount,mS-SQL-Build, mS-SQL-Memory, mS-SQL-Location, mS-SQL-Contact,mS-SQL-RegisteredOwner, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:05f6c878-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-Partition
+ldapDisplayName: msCOM-Partition
+governsId: 1.2.840.113556.1.5.193
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:c9010e74-4e58-49f7-8a89-5e3e2340fcf8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSet
+ldapDisplayName: msCOM-PartitionSet
+governsId: 1.2.840.113556.1.5.194
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-PartitionLink, msCOM-DefaultPartitionLink,msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:250464ab-c417-497a-975a-9e0d459a7ca1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-Connection
+ldapDisplayName: msDFSR-Connection
+governsId: 1.2.840.113556.1.6.13.4.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: fromServer
+mayContain: msDFSR-Options2, msDFSR-DisablePacketPrivacy,msDFSR-Priority, msDFSR-Enabled, msDFSR-RdcEnabled,msDFSR-RdcMinFileSizeInKb, msDFSR-Keywords, msDFSR-Schedule,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Member
+schemaIdGuid:e58f972e-64b5-46ef-8d8b-bbc3e1897eab
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Content
+ldapDisplayName: msDFSR-Content
+governsId: 1.2.840.113556.1.6.13.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:64759b35-d3a1-42e4-b5f1-a3de162109b3
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ContentSet
+ldapDisplayName: msDFSR-ContentSet
+governsId: 1.2.840.113556.1.6.13.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-Priority, msDFSR-ConflictSizeInMb, msDFSR-StagingSizeInMb,msDFSR-RootSizeInMb, description, msDFSR-DfsPath, msDFSR-FileFilter,msDFSR-DirectoryFilter, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-Content
+schemaIdGuid:4937f40d-a6dc-4d48-97ca-06e5fbfd3f16
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-GlobalSettings
+ldapDisplayName: msDFSR-GlobalSettings
+governsId: 1.2.840.113556.1.6.13.4.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: container
+schemaIdGuid:7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-LocalSettings
+ldapDisplayName: msDFSR-LocalSettings
+governsId: 1.2.840.113556.1.6.13.4.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Version, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: computer
+schemaIdGuid:fa85c591-197f-477e-83bd-ea5a43df2239
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Member
+ldapDisplayName: msDFSR-Member
+governsId: 1.2.840.113556.1.6.13.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ComputerReference
+mayContain: serverReference, msDFSR-Keywords, msDFSR-Flags,msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Topology
+schemaIdGuid:4229c897-c211-437c-a5ae-dbf705b696e5
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+
diff --git a/source4/setup/ad-schema/licence.txt b/source4/setup/ad-schema/licence.txt new file mode 100644 index 0000000000..9db966461b --- /dev/null +++ b/source4/setup/ad-schema/licence.txt @@ -0,0 +1,54 @@ +NOTE: + +The licence on these schema files is not GPL, or a standard Open +Source licence. Be careful to redistribute thes files as part of +Samba or 'your implementation', but not alone. + +-- + +Intellectual Property Rights Notice for Protocol Documentation + +Copyrights. +This protocol documentation is covered by Microsoft +copyrights. Regardless of any other terms that are contained in the +terms of use for the Microsoft website that hosts this documentation, +you may make copies of it in order to develop implementations of the +protocols, and may distribute portions of it in your implementations +of the protocols or your documentation as necessary to properly +document the implementation. You may also distribute in your +implementation, with or without modification, any schema, IDL's, or +code samples that are included in the documentation. This permission +also applies to any documents that are referenced in the protocol +documentation. + +No Trade Secrets. +Microsoft does not claim any trade secret rights in this documentation. + +Patents. +Microsoft has patents that may cover your implementations of the +protocols. Neither this notice nor Microsoft's delivery of the +documentation grants any licenses under those or any other Microsoft +patents. However, the protocols may be covered by MicrosoftÂ’s Open +Specification Promise (available here: +http://www.microsoft.com/interop/osp). If you would prefer a written +license, or if the protocols are not covered by the OSP, patent +licenses are available by contacting protocol@microsoft.com. + +Trademarks. +The names of companies and products contained in this documentation +may be covered by trademarks or similar intellectual property +rights. This notice does not grant any licenses under those +rights.Reservation of Rights. All other rights are reserved, and this +notice does not grant any rights other than specifically described +above, whether by implication, estoppel, or otherwise. + +Tools. +This protocol documentation is intended for use in conjunction with +publicly available standard specifications and network programming +art, and assumes that the reader either is familiar with the +aforementioned material or has immediate access to it. A protocol +specification does not require the use of Microsoft programming tools +or programming environments in order for you to develop an +implementation. If you have access to Microsoft programming tools and +environments you are free to take advantage of them. + diff --git a/source4/setup/provision b/source4/setup/provision index 7bd61fc1d8..882a92ad48 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -24,7 +24,8 @@ import getopt import optparse -import os, sys +import os +import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") @@ -46,6 +47,7 @@ parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) +parser.add_option("--interactive", help="Ask for names") parser.add_option("--setupdir", type="string", metavar="DIR", help="directory with setup files") parser.add_option("--realm", type="string", metavar="REALM", help="set realm") @@ -108,7 +110,10 @@ def message(text): if not opts.quiet: print text -if opts.realm is None or opts.domain is None: +if len(sys.argv) == 1: + opts.interactive = True + +if not opts.interactive and (opts.realm is None or opts.domain is None): if opts.realm is None: print >>sys.stderr, "No realm set" if opts.domain is None: @@ -116,6 +121,26 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) +if opts.interactive: + from getpass import getpass + import readline + import socket + def ask(prompt, default=None): + if default is not None: + print "%s [%s]: " % (prompt,default), + else: + print "%s: " % (prompt,), + return sys.stdin.readline().rstrip("\n") or default + opts.realm = ask("Realm", socket.gethostname().split(".", 1)[1]) + opts.domain = ask("Domain", opts.realm) + opts.server_role = ask("Server Role (dc, member, standalone)", "dc") + for i in range(3): + opts.adminpass = getpass("Administrator password: ") + if not opts.adminpass: + print >>sys.stderr, "Invalid administrator password." + else: + break + lp = sambaopts.get_loadparm() smbconf = lp.configfile() diff --git a/source4/smb_server/smb2/smb2_server.h b/source4/smb_server/smb2/smb2_server.h index 431add4ed9..ba3021a3a9 100644 --- a/source4/smb_server/smb2/smb2_server.h +++ b/source4/smb_server/smb2/smb2_server.h @@ -153,6 +153,11 @@ struct smbsrv_request; /* check req->ntvfs->async_states->status and if not OK then send an error reply */ #define SMB2SRV_CHECK_ASYNC_STATUS_ERR_SIMPLE do { \ req = talloc_get_type(ntvfs->async_states->private_data, struct smb2srv_request); \ + if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \ + smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \ + talloc_free(req); \ + return; \ + } \ req->status = ntvfs->async_states->status; \ if (NT_STATUS_IS_ERR(ntvfs->async_states->status)) { \ smb2srv_send_error(req, ntvfs->async_states->status); \ @@ -165,6 +170,11 @@ struct smbsrv_request; } while (0) #define SMB2SRV_CHECK_ASYNC_STATUS_SIMPLE do { \ req = talloc_get_type(ntvfs->async_states->private_data, struct smb2srv_request); \ + if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \ + smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \ + talloc_free(req); \ + return; \ + } \ req->status = ntvfs->async_states->status; \ if (!NT_STATUS_IS_OK(ntvfs->async_states->status)) { \ smb2srv_send_error(req, ntvfs->async_states->status); \ diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index e3e55ae040..227c298008 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -483,6 +483,11 @@ struct loadparm_context; /* check req->ntvfs->async_states->status and if not OK then send an error reply */ #define SMBSRV_CHECK_ASYNC_STATUS_ERR_SIMPLE do { \ req = talloc_get_type(ntvfs->async_states->private_data, struct smbsrv_request); \ + if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \ + smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \ + talloc_free(req); \ + return; \ + } \ if (NT_STATUS_IS_ERR(ntvfs->async_states->status)) { \ smbsrv_send_error(req, ntvfs->async_states->status); \ return; \ @@ -494,6 +499,11 @@ struct loadparm_context; } while (0) #define SMBSRV_CHECK_ASYNC_STATUS_SIMPLE do { \ req = talloc_get_type(ntvfs->async_states->private_data, struct smbsrv_request); \ + if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \ + smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \ + talloc_free(req); \ + return; \ + } \ if (!NT_STATUS_IS_OK(ntvfs->async_states->status)) { \ smbsrv_send_error(req, ntvfs->async_states->status); \ return; \ @@ -506,3 +516,5 @@ struct loadparm_context; /* zero out some reserved fields in a reply */ #define SMBSRV_VWV_RESERVED(start, count) memset(req->out.vwv + VWV(start), 0, (count)*2) + +#include "smb_server/service_smb_proto.h" diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c index b71c85aeb8..c1ac62f1b1 100644 --- a/source4/torture/basic/delete.c +++ b/source4/torture/basic/delete.c @@ -950,15 +950,18 @@ static bool deltest17(struct torture_context *tctx, struct smbcli_state *cli1, s smbcli_close(cli1->tree, fnum1); - correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__); + /* After the first close, the files has the delete on close bit set. */ + correct &= check_delete_on_close(tctx, cli1, fnum2, fname, true, __location__); smbcli_close(cli1->tree, fnum2); - /* See if the file is deleted - shouldn't be.... */ + /* Make sure the file has been deleted */ fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE); - torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (should succeed) - %s", + torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s failed (should succeed) - %s", fname, smbcli_errstr(cli1->tree))); + CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND); + return correct; } @@ -994,7 +997,12 @@ static bool deltest18(struct torture_context *tctx, struct smbcli_state *cli1, s torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); - /* The delete on close bit is *not* reported as being set. */ + /* + * The delete on close bit is *not* reported as being set. + * Win2k3/win2k8 should pass this check, but WinXPsp2 reports delete on + * close as being set. This causes the subsequent create to fail with + * NT_STATUS_DELETE_PENDING. + */ correct &= check_delete_on_close(tctx, cli1, fnum1, dname, false, __location__); /* Now try opening again for read-only. */ @@ -1082,7 +1090,12 @@ static bool deltest19(struct torture_context *tctx, struct smbcli_state *cli1, s torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)", fname, smbcli_errstr(cli1->tree))); - /* The delete on close bit is *not* reported as being set. */ + /* + * The delete on close bit is *not* reported as being set. + * Win2k3/win2k8 should pass this check, but WinXPsp2 reports delete on + * close as being set. This causes the subsequent create to fail with + * NT_STATUS_DELETE_PENDING. + */ correct &= check_delete_on_close(tctx, cli1, fnum1, dname, false, __location__); /* Now try opening again for read-only. */ diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 4b4664f101..eaff5d5fda 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -108,7 +108,7 @@ PRIVATE_DEPENDENCIES = \ RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_ROT RPC_NDR_DSSETUP \ RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER RPC_NDR_NTSVCS WB_HELPER LIBSAMBA-NET \ LIBCLI_AUTH POPT_CREDENTIALS TORTURE_LDAP TORTURE_UTIL TORTURE_RAP \ - dcerpc_server service process_model ntvfs SERVICE_SMB + dcerpc_server service process_model ntvfs SERVICE_SMB RPC_NDR_BROWSER torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ join.o lsa.o lsa_lookup.o session_key.o echo.o dfs.o drsuapi.o \ @@ -117,7 +117,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ - handles.o frsapi.o object_uuid.o ntsvcs.o) + handles.o frsapi.o object_uuid.o ntsvcs.o browser.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c index ef0fa5138a..9f35aae4d0 100644 --- a/source4/torture/raw/open.c +++ b/source4/torture/raw/open.c @@ -1422,6 +1422,52 @@ done: return ret; } +/* + test RAW_OPEN_OPENX against an existing directory to + ensure it returns NT_STATUS_FILE_IS_A_DIRECTORY. + Samba 3.2.0 - 3.2.6 are known to fail this. + +*/ +static bool test_openx_over_dir(struct smbcli_state *cli, TALLOC_CTX *tctx) +{ + union smb_open io; + const char *fname = BASEDIR "\\openx_over_dir"; + NTSTATUS status; + int d_fnum = -1; + int fnum = -1; + bool ret = true; + + printf("Checking RAW_OPEN_OPENX over an existing directory\n"); + smbcli_unlink(cli->tree, fname); + + /* Create the Directory */ + status = create_directory_handle(cli->tree, fname, &d_fnum); + smbcli_close(cli->tree, d_fnum); + + /* Prepare to open the file over the directory. */ + io.openx.level = RAW_OPEN_OPENX; + io.openx.in.fname = fname; + io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO; + io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR; + io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN; + io.openx.in.search_attrs = 0; + io.openx.in.file_attrs = 0; + io.openx.in.write_time = 0; + io.openx.in.size = 1024*1024; + io.openx.in.timeout = 0; + + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY); + fnum = io.openx.out.file.fnum; + +done: + smbcli_close(cli->tree, fnum); + smbcli_unlink(cli->tree, fname); + + return ret; +} + + /* A little torture test to expose a race condition in Samba 3.0.20 ... :-) */ static bool test_raw_open_multi(struct torture_context *tctx) @@ -1624,6 +1670,7 @@ bool torture_raw_open(struct torture_context *torture, struct smbcli_state *cli) ret &= test_ctemp(cli, torture); ret &= test_chained(cli, torture); ret &= test_no_leading_slash(cli, torture); + ret &= test_openx_over_dir(cli, torture); ret &= test_open_for_delete(cli, torture); smb_raw_exit(cli->session); diff --git a/source4/torture/rpc/browser.c b/source4/torture/rpc/browser.c new file mode 100644 index 0000000000..32b552acc8 --- /dev/null +++ b/source4/torture/rpc/browser.c @@ -0,0 +1,124 @@ +/* + Unix SMB/CIFS implementation. + + test suite for browser rpc operations + + Copyright (C) Stefan Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "torture/torture.h" +#include "librpc/gen_ndr/ndr_browser_c.h" +#include "torture/rpc/rpc.h" + +bool test_BrowserrQueryOtherDomains(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + struct BrowserrQueryOtherDomains r; + struct BrowserrSrvInfo info; + struct BrowserrSrvInfo100Ctr ctr100; + struct srvsvc_NetSrvInfo100 entries100[1]; + struct BrowserrSrvInfo101Ctr ctr101; + struct srvsvc_NetSrvInfo101 entries101[1]; + uint32_t total_entries; + NTSTATUS status; + + torture_comment(tctx, "dcerpc_BrowserrQueryOtherDomains\n"); + + ZERO_STRUCT(r); + ZERO_STRUCT(info); + ZERO_STRUCT(ctr100); + ZERO_STRUCT(entries100); + ZERO_STRUCT(ctr101); + ZERO_STRUCT(entries101); + total_entries = 0; + + r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p)); + r.in.info = &info; + r.out.info = &info; + r.out.total_entries = &total_entries; + + info.level = 100; + info.info.info100 = &ctr100; + + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_ok(tctx, r.out.result, "BrowserrQueryOtherDomains failed"); + torture_assert_int_equal(tctx, *r.out.total_entries, 0, "BrowserrQueryOtherDomains"); + + info.info.info100 = &ctr100; + ctr100.entries_read = ARRAY_SIZE(entries100); + ctr100.entries = entries100; + + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_ok(tctx, r.out.result, "BrowserrQueryOtherDomains failed"); + torture_assert_int_equal(tctx, *r.out.total_entries, 0, "BrowserrQueryOtherDomains"); + + info.info.info100 = NULL; + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_INVALID_PARAM, r.out.result, + "BrowserrQueryOtherDomains failed"); + + info.level = 101; + info.info.info101 = &ctr101; + + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_UNKNOWN_LEVEL, r.out.result, + "BrowserrQueryOtherDomains"); + + info.info.info101 = &ctr101; + ctr101.entries_read = ARRAY_SIZE(entries101); + ctr101.entries = entries101; + + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_UNKNOWN_LEVEL, r.out.result, + "BrowserrQueryOtherDomains"); + + info.info.info101 = NULL; + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_UNKNOWN_LEVEL, r.out.result, + "BrowserrQueryOtherDomains"); + + info.level = 102; + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_UNKNOWN_LEVEL, r.out.result, + "BrowserrQueryOtherDomains"); + + info.level = 0; + status = dcerpc_BrowserrQueryOtherDomains(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed"); + torture_assert_werr_equal(tctx, WERR_UNKNOWN_LEVEL, r.out.result, + "BrowserrQueryOtherDomains"); + + return true; +} + +struct torture_suite *torture_rpc_browser(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create(mem_ctx, "BROWSER"); + struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite, "browser", &ndr_table_browser); + + torture_rpc_tcase_add_test(tcase, "BrowserrQueryOtherDomains", test_BrowserrQueryOtherDomains); + + return suite; +} + diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 953f9d126d..306c271511 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1523,6 +1523,7 @@ static bool test_GetAnyDCName(struct torture_context *tctx, status = dcerpc_netr_GetAnyDCName(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName"); + torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName"); if (dcname) { torture_comment(tctx, "\tDC is at '%s'\n", dcname); @@ -2050,6 +2051,47 @@ static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx, return true; } +static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx, + struct dcerpc_pipe *p, + struct cli_credentials *machine_credentials) +{ + NTSTATUS status; + struct netr_ServerGetTrustInfo r; + + struct netr_Authenticator a; + struct netr_Authenticator return_authenticator; + struct samr_Password new_owf_password; + struct samr_Password old_owf_password; + struct netr_TrustInfo *trust_info; + + struct creds_CredentialState *creds; + + if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, + machine_credentials, &creds)) { + return false; + } + + creds_client_authenticator(creds, &a); + + r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); + r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME); + r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.computer_name = TEST_MACHINE_NAME; + r.in.credential = &a; + + r.out.return_authenticator = &return_authenticator; + r.out.new_owf_password = &new_owf_password; + r.out.old_owf_password = &old_owf_password; + r.out.trust_info = &trust_info; + + status = dcerpc_netr_ServerGetTrustInfo(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "failed"); + torture_assert(tctx, creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed"); + + return true; +} + + static bool test_GetDomainInfo(struct torture_context *tctx, struct dcerpc_pipe *p, struct cli_credentials *machine_credentials) @@ -2316,6 +2358,7 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx) torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW); torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW); torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW); + torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo); return suite; } diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 7f6b06d000..f3ed3fdeb0 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -433,6 +433,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "DRSUAPI", torture_rpc_drsuapi); torture_suite_add_simple_test(suite, "CRACKNAMES", torture_rpc_drsuapi_cracknames); torture_suite_add_suite(suite, torture_rpc_dssetup(suite)); + torture_suite_add_suite(suite, torture_rpc_browser(suite)); torture_suite_add_simple_test(suite, "SAMBA3-REGCONFIG", torture_samba3_regconfig); torture_suite_add_simple_test(suite, "ALTERCONTEXT", torture_rpc_alter_context); torture_suite_add_simple_test(suite, "JOIN", torture_rpc_join); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index f1e7e5a367..2207786f17 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -580,8 +580,8 @@ static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key); u_info.info23.info.password_expired = 0; - u_info.info23.info.fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 | + u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG; sui2.in.user_handle = wks_handle; sui2.in.info = &u_info; @@ -767,7 +767,7 @@ static bool join3(struct smbcli_state *cli, cli_credentials_get_workstation(wks_creds)); i21->acct_flags = ACB_WSTRUST; i21->fields_present = SAMR_FIELD_FULL_NAME | - SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD; + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT; /* this would break the test result expectations i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG; i21->password_expired = 1; diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 01ff01674c..2912628744 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -409,6 +409,12 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx SAMR_FIELD_PARAMETERS); TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "xx21-20 parameters", SAMR_FIELD_PARAMETERS); + /* also empty user parameters are allowed */ + TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "", 0); + TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "", + SAMR_FIELD_PARAMETERS); + TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "", + SAMR_FIELD_PARAMETERS); TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0); TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0); @@ -849,15 +855,203 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t return ret; } +static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *tctx, + struct policy_handle *handle, char **password) +{ + NTSTATUS status; + struct samr_SetUserInfo s; + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; + char *newpass; + struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; + int policy_min_pw_len = 0; + uint8_t lm_hash[16], nt_hash[16]; + + pwp.in.user_handle = handle; + pwp.out.info = &info; + + status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); + if (NT_STATUS_IS_OK(status)) { + policy_min_pw_len = pwp.out.info->min_password_length; + } + newpass = samr_rand_pass(tctx, policy_min_pw_len); + + s.in.user_handle = handle; + s.in.info = &u; + s.in.level = 18; + + ZERO_STRUCT(u); + + u.info18.nt_pwd_active = true; + u.info18.lm_pwd_active = true; + + E_md4hash(newpass, nt_hash); + E_deshash(newpass, lm_hash); + + status = dcerpc_fetch_session_key(p, &session_key); + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo level %u - no session key - %s\n", + s.in.level, nt_errstr(status)); + return false; + } + + { + DATA_BLOB in,out; + in = data_blob_const(nt_hash, 16); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(u.info18.nt_pwd.hash, out.data, out.length); + } + { + DATA_BLOB in,out; + in = data_blob_const(lm_hash, 16); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(u.info18.lm_pwd.hash, out.data, out.length); + } + + torture_comment(tctx, "Testing SetUserInfo level 18 (set password hash)\n"); + + status = dcerpc_samr_SetUserInfo(p, tctx, &s); + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo level %u failed - %s\n", + s.in.level, nt_errstr(status)); + ret = false; + } else { + *password = newpass; + } + + return ret; +} + +static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *tctx, + struct policy_handle *handle, uint32_t fields_present, + char **password) +{ + NTSTATUS status; + struct samr_SetUserInfo s; + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; + char *newpass; + struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; + int policy_min_pw_len = 0; + uint8_t lm_hash[16], nt_hash[16]; + + pwp.in.user_handle = handle; + pwp.out.info = &info; + + status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); + if (NT_STATUS_IS_OK(status)) { + policy_min_pw_len = pwp.out.info->min_password_length; + } + newpass = samr_rand_pass(tctx, policy_min_pw_len); + + s.in.user_handle = handle; + s.in.info = &u; + s.in.level = 21; + + E_md4hash(newpass, nt_hash); + E_deshash(newpass, lm_hash); + + ZERO_STRUCT(u); + + u.info21.fields_present = fields_present; + + if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) { + u.info21.lm_owf_password.length = 16; + u.info21.lm_owf_password.size = 16; + u.info21.lm_owf_password.array = (uint16_t *)lm_hash; + u.info21.lm_password_set = true; + } + + if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) { + u.info21.nt_owf_password.length = 16; + u.info21.nt_owf_password.size = 16; + u.info21.nt_owf_password.array = (uint16_t *)nt_hash; + u.info21.nt_password_set = true; + } + + status = dcerpc_fetch_session_key(p, &session_key); + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo level %u - no session key - %s\n", + s.in.level, nt_errstr(status)); + return false; + } + + if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) { + DATA_BLOB in,out; + in = data_blob_const(u.info21.lm_owf_password.array, + u.info21.lm_owf_password.length); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + u.info21.lm_owf_password.array = (uint16_t *)out.data; + } + + if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) { + DATA_BLOB in,out; + in = data_blob_const(u.info21.nt_owf_password.array, + u.info21.nt_owf_password.length); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + u.info21.nt_owf_password.array = (uint16_t *)out.data; + } + + torture_comment(tctx, "Testing SetUserInfo level 21 (set password hash)\n"); + + status = dcerpc_samr_SetUserInfo(p, tctx, &s); + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo level %u failed - %s\n", + s.in.level, nt_errstr(status)); + ret = false; + } else { + *password = newpass; + } + + /* try invalid length */ + if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) { + + u.info21.nt_owf_password.length++; + + status = dcerpc_samr_SetUserInfo(p, tctx, &s); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + printf("SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n", + s.in.level, nt_errstr(status)); + ret = false; + } + } + + if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) { + + u.info21.lm_owf_password.length++; + + status = dcerpc_samr_SetUserInfo(p, tctx, &s); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + printf("SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n", + s.in.level, nt_errstr(status)); + ret = false; + } + } + + return ret; +} + static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, uint16_t level, uint32_t fields_present, char **password, uint8_t password_expired, - bool use_setinfo2, NTSTATUS expected_error) + bool use_setinfo2, + bool *matched_expected_error) { NTSTATUS status; + NTSTATUS expected_error = NT_STATUS_OK; struct samr_SetUserInfo s; struct samr_SetUserInfo2 s2; union samr_UserInfo u; @@ -871,6 +1065,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, struct samr_PwInfo info; int policy_min_pw_len = 0; const char *comment = NULL; + uint8_t lm_hash[16], nt_hash[16]; pwp.in.user_handle = handle; pwp.out.info = &info; @@ -898,11 +1093,40 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, ZERO_STRUCT(u); switch (level) { + case 18: + E_md4hash(newpass, nt_hash); + E_deshash(newpass, lm_hash); + + u.info18.nt_pwd_active = true; + u.info18.lm_pwd_active = true; + u.info18.password_expired = password_expired; + + memcpy(u.info18.lm_pwd.hash, lm_hash, 16); + memcpy(u.info18.nt_pwd.hash, nt_hash, 16); + + break; case 21: + E_md4hash(newpass, nt_hash); + E_deshash(newpass, lm_hash); + u.info21.fields_present = fields_present; u.info21.password_expired = password_expired; u.info21.comment.string = comment; + if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) { + u.info21.lm_owf_password.length = 16; + u.info21.lm_owf_password.size = 16; + u.info21.lm_owf_password.array = (uint16_t *)lm_hash; + u.info21.lm_password_set = true; + } + + if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) { + u.info21.nt_owf_password.length = 16; + u.info21.nt_owf_password.size = 16; + u.info21.nt_owf_password.array = (uint16_t *)nt_hash; + u.info21.nt_password_set = true; + } + break; case 23: u.info23.info.fields_present = fields_present; @@ -949,6 +1173,41 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, MD5Final(confounded_session_key.data, &ctx); switch (level) { + case 18: + { + DATA_BLOB in,out; + in = data_blob_const(u.info18.nt_pwd.hash, 16); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(u.info18.nt_pwd.hash, out.data, out.length); + } + { + DATA_BLOB in,out; + in = data_blob_const(u.info18.lm_pwd.hash, 16); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(u.info18.lm_pwd.hash, out.data, out.length); + } + + break; + case 21: + if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) { + DATA_BLOB in,out; + in = data_blob_const(u.info21.lm_owf_password.array, + u.info21.lm_owf_password.length); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + u.info21.lm_owf_password.array = (uint16_t *)out.data; + } + if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) { + DATA_BLOB in,out; + in = data_blob_const(u.info21.nt_owf_password.array, + u.info21.nt_owf_password.length); + out = data_blob_talloc_zero(tctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + u.info21.nt_owf_password.array = (uint16_t *)out.data; + } + break; case 23: arcfour_crypt_blob(u.info23.password.data, 516, &session_key); break; @@ -971,6 +1230,15 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, status = dcerpc_samr_SetUserInfo(p, tctx, &s); } + if (!NT_STATUS_IS_OK(status)) { + if (fields_present == 0) { + expected_error = NT_STATUS_INVALID_PARAMETER; + } + if (fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + expected_error = NT_STATUS_ACCESS_DENIED; + } + } + if (!NT_STATUS_IS_OK(expected_error)) { if (use_setinfo2) { torture_assert_ntstatus_equal(tctx, @@ -981,6 +1249,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, s.out.result, expected_error, "SetUserInfo failed"); } + *matched_expected_error = true; return true; } @@ -989,9 +1258,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, use_setinfo2 ? "2":"", level, nt_errstr(status)); ret = false; } else { - if (level != 21) { - *password = newpass; - } + *password = newpass; } return ret; @@ -2074,7 +2341,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex ZERO_STRUCT(u); - u.info25.info.fields_present = SAMR_FIELD_PASSWORD; + u.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT; set_pw_in_buffer(u.info25.password.data, &new_random_pass); @@ -2364,7 +2631,7 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p, uint16_t level, uint32_t fields_present, uint8_t password_expired, - NTSTATUS expected_error, + bool *matched_expected_error, bool use_setinfo2, char **password, bool use_queryinfo2, @@ -2389,23 +2656,13 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p, use_setinfo2 ? "2":"", level, password_expired, fields ? fields : ""); - switch (level) { - case 21: - case 23: - case 24: - case 25: - case 26: - if (!test_SetUserPass_level_ex(p, tctx, handle, level, - fields_present, - password, - password_expired, - use_setinfo2, - expected_error)) { - ret = false; - } - break; - default: - return false; + if (!test_SetUserPass_level_ex(p, tctx, handle, level, + fields_present, + password, + password_expired, + use_setinfo2, + matched_expected_error)) { + ret = false; } if (!test_QueryUserInfo_pwdlastset(p, tctx, handle, @@ -2423,144 +2680,26 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, struct policy_handle *handle, char **password) { - int i, s = 0, q = 0; + int s = 0, q = 0, f = 0, l = 0, z = 0; bool ret = true; int delay = 500000; bool set_levels[] = { false, true }; bool query_levels[] = { false, true }; - - struct { - uint16_t level; - uint8_t password_expired_nonzero; - uint32_t fields_present; - bool query_info2; - bool set_info2; - NTSTATUS set_error; - } pwd_tests[] = { - - /* level 21 */ - { - .level = 21, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_EXPIRED_FLAG - },{ - .level = 21, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, - .set_error = NT_STATUS_ACCESS_DENIED - },{ - .level = 21, - .password_expired_nonzero = 1, - .fields_present = 0, - .set_error = NT_STATUS_INVALID_PARAMETER - },{ - .level = 21, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_COMMENT, - -#if 0 - /* FIXME */ - },{ - .level = 21, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 | - SAMR_FIELD_LAST_PWD_CHANGE, - .query_info2 = false, - .set_error = NT_STATUS_ACCESS_DENIED -#endif - - /* level 23 */ - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_EXPIRED_FLAG - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, - .set_error = NT_STATUS_ACCESS_DENIED - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_LAST_PWD_CHANGE | - SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2, - .set_error = NT_STATUS_ACCESS_DENIED - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_LAST_PWD_CHANGE | - SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 | - SAMR_FIELD_EXPIRED_FLAG, - .set_error = NT_STATUS_ACCESS_DENIED - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 | - SAMR_FIELD_EXPIRED_FLAG - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2, - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_COMMENT, - },{ - .level = 23, - .password_expired_nonzero = 1, - .fields_present = 0, - .set_error = NT_STATUS_INVALID_PARAMETER - },{ - - /* level 24 */ - - .level = 24, - .password_expired_nonzero = 1 - },{ - .level = 24, - .password_expired_nonzero = 24 - },{ - - /* level 25 */ - - .level = 25, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, - .set_error = NT_STATUS_ACCESS_DENIED - },{ - .level = 25, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_EXPIRED_FLAG, - },{ - .level = 25, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 | - SAMR_FIELD_EXPIRED_FLAG - },{ - .level = 25, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2, - },{ - .level = 25, - .password_expired_nonzero = 1, - .fields_present = SAMR_FIELD_COMMENT, - },{ - - /* level 26 */ - - .level = 26, - .password_expired_nonzero = 1 - },{ - .level = 26, - .password_expired_nonzero = 24 - } + uint32_t levels[] = { 18, 21, 23, 24, 25, 26 }; + uint32_t nonzeros[] = { 1, 24 }; + uint32_t fields_present[] = { + 0, + SAMR_FIELD_EXPIRED_FLAG, + SAMR_FIELD_LAST_PWD_CHANGE, + SAMR_FIELD_EXPIRED_FLAG | SAMR_FIELD_LAST_PWD_CHANGE, + SAMR_FIELD_COMMENT, + SAMR_FIELD_NT_PASSWORD_PRESENT, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE | SAMR_FIELD_EXPIRED_FLAG }; if (torture_setting_bool(tctx, "samba3", false)) { @@ -2576,7 +2715,9 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, #define TEST_SET_LEVELS 1 #define TEST_QUERY_LEVELS 1 #endif - for (i=0; i<ARRAY_SIZE(pwd_tests); i++) { + for (l=0; l<ARRAY_SIZE(levels); l++) { + for (z=0; z<ARRAY_SIZE(nonzeros); z++) { + for (f=0; f<ARRAY_SIZE(fields_present); f++) { #ifdef TEST_SET_LEVELS for (s=0; s<ARRAY_SIZE(set_levels); s++) { #endif @@ -2585,11 +2726,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, #endif NTTIME pwdlastset_old = 0; NTTIME pwdlastset_new = 0; + bool matched_expected_error = false; torture_comment(tctx, "------------------------------\n" "Testing pwdLastSet attribute for flags: 0x%08x " "(s: %d (l: %d), q: %d)\n", - acct_flags, s, pwd_tests[i].level, q); + acct_flags, s, levels[l], q); /* set #1 */ @@ -2597,10 +2739,10 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, * setting the password expired flag to a non-0 value */ if (!test_SetPassword_level(p, tctx, handle, - pwd_tests[i].level, - pwd_tests[i].fields_present, - pwd_tests[i].password_expired_nonzero, - pwd_tests[i].set_error, + levels[l], + fields_present[f], + nonzeros[z], + &matched_expected_error, set_levels[s], password, query_levels[q], @@ -2608,7 +2750,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, ret = false; } - if (!NT_STATUS_IS_OK(pwd_tests[i].set_error)) { + if (matched_expected_error == true) { /* skipping on expected failure */ continue; } @@ -2616,12 +2758,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, /* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25 * set without the SAMR_FIELD_EXPIRED_FLAG */ - switch (pwd_tests[i].level) { + switch (levels[l]) { case 21: case 23: case 25: if ((pwdlastset_new != 0) && - !(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG)) { + !(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG)) { torture_comment(tctx, "not considering a non-0 " "pwdLastSet as a an error as the " "SAMR_FIELD_EXPIRED_FLAG has not " @@ -2638,6 +2780,27 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, break; } + switch (levels[l]) { + case 21: + case 23: + case 25: + if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) && + (pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + default: + if ((pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + } + usleep(delay); /* set #2 */ @@ -2645,22 +2808,22 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, /* set a password, pwdlastset needs to get updated (increased * value), password_expired value used here is 0 */ - if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, - pwd_tests[i].fields_present, + if (!test_SetPassword_level(p, tctx, handle, + levels[l], + fields_present[f], 0, - pwd_tests[i].set_error, + &matched_expected_error, set_levels[s], password, query_levels[q], &pwdlastset_new)) { - ret = false; } /* when a password has been changed, pwdlastset must not be 0 afterwards * and must be larger then the old value */ - switch (pwd_tests[i].level) { + switch (levels[l]) { case 21: case 23: case 25: @@ -2669,9 +2832,9 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, * password has been changed, old and new pwdlastset * need to be the same value */ - if (!(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG) && - !((pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD) || - (pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD2))) + if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) && + !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT))) { torture_assert_int_equal(tctx, pwdlastset_old, pwdlastset_new, "pwdlastset must be equal"); @@ -2692,19 +2855,91 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, } } + switch (levels[l]) { + case 21: + case 23: + case 25: + if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) && + (pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + default: + if ((pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + } + pwdlastset_old = pwdlastset_new; usleep(delay); + /* set #2b */ + + /* set a password, pwdlastset needs to get updated (increased + * value), password_expired value used here is 0 */ + + if (!test_SetPassword_level(p, tctx, handle, + levels[l], + fields_present[f], + 0, + &matched_expected_error, + set_levels[s], + password, + query_levels[q], + &pwdlastset_new)) { + ret = false; + } + + /* when a password has been changed, pwdlastset must not be 0 afterwards + * and must be larger then the old value */ + + switch (levels[l]) { + case 21: + case 23: + case 25: + + /* if no password has been changed, old and new pwdlastset + * need to be the same value */ + + if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT))) + { + torture_assert_int_equal(tctx, pwdlastset_old, + pwdlastset_new, "pwdlastset must be equal"); + break; + } + default: + if (pwdlastset_old >= pwdlastset_new) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n", + pwdlastset_old, pwdlastset_new); + ret = false; + } + if (pwdlastset_new == 0) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected non-0 pwdlastset, got: %lld\n", + pwdlastset_new); + ret = false; + } + } + /* set #3 */ /* set a password and force password change (pwdlastset 0) by * setting the password expired flag to a non-0 value */ - if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, - pwd_tests[i].fields_present, - pwd_tests[i].password_expired_nonzero, - pwd_tests[i].set_error, + if (!test_SetPassword_level(p, tctx, handle, + levels[l], + fields_present[f], + nonzeros[z], + &matched_expected_error, set_levels[s], password, query_levels[q], @@ -2715,12 +2950,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, /* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25 * set without the SAMR_FIELD_EXPIRED_FLAG */ - switch (pwd_tests[i].level) { + switch (levels[l]) { case 21: case 23: case 25: if ((pwdlastset_new != 0) && - !(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG)) { + !(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG)) { torture_comment(tctx, "not considering a non-0 " "pwdLastSet as a an error as the " "SAMR_FIELD_EXPIRED_FLAG has not " @@ -2732,9 +2967,9 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, * password has been changed, old and new pwdlastset * need to be the same value */ - if (!(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG) && - !((pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD) || - (pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD2))) + if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) && + !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT))) { torture_assert_int_equal(tctx, pwdlastset_old, pwdlastset_new, "pwdlastset must be equal"); @@ -2757,13 +2992,48 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, } break; } + + switch (levels[l]) { + case 21: + case 23: + case 25: + if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) && + (pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + default: + if ((pwdlastset_old > 0) && (pwdlastset_new > 0) && + (pwdlastset_old >= pwdlastset_new)) { + torture_warning(tctx, "pwdlastset not increasing\n"); + ret = false; + } + break; + } + + /* if the level we are testing does not have a fields_present + * field, skip all fields present tests by setting f to to + * arraysize */ + switch (levels[l]) { + case 18: + case 24: + case 26: + f = ARRAY_SIZE(fields_present); + break; + } + #ifdef TEST_QUERY_LEVELS } #endif #ifdef TEST_SET_LEVELS } #endif - } + } /* fields present */ + } /* nonzeros */ + } /* levels */ #undef TEST_SET_LEVELS #undef TEST_QUERY_LEVELS @@ -2787,9 +3057,9 @@ static bool test_user_ops(struct dcerpc_pipe *p, int i; uint32_t rid; const uint32_t password_fields[] = { - SAMR_FIELD_PASSWORD, - SAMR_FIELD_PASSWORD2, - SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2, + SAMR_FIELD_NT_PASSWORD_PRESENT, + SAMR_FIELD_LM_PASSWORD_PRESENT, + SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT, 0 }; @@ -2894,6 +3164,37 @@ static bool test_user_ops(struct dcerpc_pipe *p, ret = false; } + if (torture_setting_bool(tctx, "samba4", false)) { + printf("skipping Set Password level 18 and 21 against Samba4\n"); + } else { + + if (!test_SetUserPass_18(p, tctx, user_handle, &password)) { + ret = false; + } + + if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) { + ret = false; + } + + for (i = 0; password_fields[i]; i++) { + + if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) { + /* we need to skip as that would break + * the ChangePasswordUser3 verify */ + continue; + } + + if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) { + ret = false; + } + + /* check it was set right */ + if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) { + ret = false; + } + } + } + q.in.user_handle = user_handle; q.in.level = 5; q.out.info = &info; @@ -5153,7 +5454,6 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, switch (which_ops) { case TORTURE_SAMR_USER_ATTRIBUTES: case TORTURE_SAMR_PASSWORDS: - case TORTURE_SAMR_PASSWORDS_PWDLASTSET: ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops); ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); /* This test needs 'complex' users to validate */ @@ -5162,6 +5462,13 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, printf("Testing PASSWORDS or ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid)); } break; + case TORTURE_SAMR_PASSWORDS_PWDLASTSET: + ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops); + ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); + if (!ret) { + printf("Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid)); + } + break; case TORTURE_SAMR_OTHER: ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); if (!ret) { diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index 5e5a5e81cd..b72b9fcb09 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -127,11 +127,6 @@ static bool sid_parse(void *mem_ctx, torture_assert(torture, (*psid)->num_auths <= 15, "invalid sub_auth value"); - (*psid)->sub_auths = talloc_array(mem_ctx, uint32_t, - (*psid)->num_auths); - torture_assert(torture, (*psid)->sub_auths != NULL, - "out of memory"); - for (i = 0; i < (*psid)->num_auths; i++) { (*psid)->sub_auths[i] = IVAL(data->data, *offset); (*offset) += 4; diff --git a/source4/winbind/config.mk b/source4/winbind/config.mk index f719f00853..865ff90567 100644 --- a/source4/winbind/config.mk +++ b/source4/winbind/config.mk @@ -20,6 +20,7 @@ PRIVATE_DEPENDENCIES = \ WINBIND_OBJ_FILES = $(addprefix $(winbindsrcdir)/, \ wb_server.o \ + wb_setup_domains.o \ wb_irpc.o \ wb_samba3_protocol.o \ wb_samba3_cmd.o \ diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 531647def8..8011cba19c 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -396,7 +396,7 @@ static void init_domain_recv_samr(struct composite_context *ctx) state->ctx->status = wb_connect_samr_recv( ctx, state->domain, &state->domain->libnet_ctx->samr.pipe, - &state->domain->libnet_ctx->samr.handle, + &state->domain->libnet_ctx->samr.connect_handle, &state->domain->libnet_ctx->samr.handle); if (!composite_is_ok(state->ctx)) return; diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index b8309597d7..9ffcd467ee 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -147,13 +147,9 @@ static void winbind_task_init(struct task_server *task) if (!service) goto nomem; service->task = task; - service->primary_sid = secrets_get_domain_sid(service, - task->event_ctx, - task->lp_ctx, - lp_workgroup(task->lp_ctx)); - if (service->primary_sid == NULL) { - task_server_terminate( - task, nt_errstr(NT_STATUS_CANT_ACCESS_DOMAIN_INFO)); + status = wbsrv_setup_domains(service); + if (!NT_STATUS_IS_OK(status)) { + task_server_terminate(task, nt_errstr(status)); return; } diff --git a/source4/winbind/wb_setup_domains.c b/source4/winbind/wb_setup_domains.c new file mode 100644 index 0000000000..92b91c182f --- /dev/null +++ b/source4/winbind/wb_setup_domains.c @@ -0,0 +1,42 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbind/wb_server.h" +#include "smbd/service_task.h" +#include "auth/credentials/credentials.h" +#include "param/secrets.h" +#include "param/param.h" + +NTSTATUS wbsrv_setup_domains(struct wbsrv_service *service) +{ + const struct dom_sid *primary_sid; + + primary_sid = secrets_get_domain_sid(service, + service->task->event_ctx, + service->task->lp_ctx, + lp_workgroup(service->task->lp_ctx)); + if (!primary_sid) { + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + service->primary_sid = primary_sid; + + return NT_STATUS_OK; +} |