From f2eaa4beaa1439a9b60005791a764019ae975853 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Aug 2008 11:45:45 +1000 Subject: Only allow trust accounts access to the NTP signing service. (This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43) --- source4/ntp_signd/ntp_signd.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index c1ac7dbcf4..546743e4e6 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -123,7 +123,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input) struct signed_reply signed_reply; enum ndr_err_code ndr_err; struct ldb_result *res; - const char *attrs[] = { "unicodePwd", "userAccountControl", NULL }; + const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL }; struct MD5Context ctx; struct samr_Password *nt_hash; uint32_t user_account_control; @@ -168,7 +168,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input) ret = ldb_search_exp_fmt(ntp_signdconn->ntp_signd->samdb, tmp_ctx, &res, samdb_base_dn(ntp_signdconn->ntp_signd->samdb), - LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=computer))", + LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=user))", dom_sid_string(tmp_ctx, sid)); if (ret != LDB_SUCCESS) { DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: %s\n", dom_sid_string(tmp_ctx, sid), @@ -188,7 +188,13 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input) user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0); if (user_account_control & UF_ACCOUNTDISABLE) { - DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid))); + DEBUG(1, ("Account %s for SID [%s] is disabled\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid))); + talloc_free(tmp_ctx); + return NT_STATUS_ACCESS_DENIED; + } + + if (!(user_account_control & (UF_INTERDOMAIN_TRUST_ACCOUNT|UF_SERVER_TRUST_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT))) { + DEBUG(1, ("Account %s for SID [%s] is not a trust account\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); return NT_STATUS_ACCESS_DENIED; } -- cgit From 8b585deae44f42b24182ec5d243f7d1e23012478 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 16:53:13 +0200 Subject: NBT-WINSREPLICATION: be more robust to timing errors Also reenable disabled tests. metze (This used to be commit 76878a9c798e0acb0387b8352972d66db989c09a) --- source4/torture/nbt/winsreplication.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source4/torture/nbt/winsreplication.c b/source4/torture/nbt/winsreplication.c index ee7a1510d5..6b600bd7cd 100644 --- a/source4/torture/nbt/winsreplication.c +++ b/source4/torture/nbt/winsreplication.c @@ -6701,7 +6701,6 @@ static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx, /* * unique vs. unique section */ -#if METZE_NEEDS_TO_LOOK_AT_THIS_ONE /* * unique,active vs. unique,active with same ip(s), unchecked */ @@ -6728,7 +6727,6 @@ static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx, .apply_expected = true }, }, -#endif /* * unique,active vs. unique,active with different ip(s), positive response */ @@ -8967,7 +8965,6 @@ static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx, .sgroup_merge = true }, }, -#if 0 /* * sgroup,active vs. sgroup,active with same ip(s) */ @@ -9157,7 +9154,6 @@ static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx, .apply_expected = false }, }, -#endif }; if (!ctx->nbtsock_srv) { @@ -9543,7 +9539,9 @@ static void test_conflict_owned_active_vs_replica_handler_query(struct nbt_name_ talloc_free(rep_packet); /* make sure we push the reply to the wire */ - event_loop_once(nbtsock->event_ctx); + while (nbtsock->send_queue) { + event_loop_once(nbtsock->event_ctx); + } msleep(1000); rec->defend.timeout = 0; @@ -9598,7 +9596,9 @@ static void test_conflict_owned_active_vs_replica_handler_release( talloc_free(rep_packet); /* make sure we push the reply to the wire */ - event_loop_once(nbtsock->event_ctx); + while (nbtsock->send_queue) { + event_loop_once(nbtsock->event_ctx); + } msleep(1000); rec->defend.timeout = 0; -- cgit From 150d7a16236732abfe23082bdeef62d8e36beeb4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 16:58:12 +0200 Subject: pidl: fix samba4.pidl.samba3-cli test metze (This used to be commit 0449a5c8267873d7986c7c50adce57029192c456) --- source4/pidl/tests/samba3-cli.pl | 2 -- 1 file changed, 2 deletions(-) diff --git a/source4/pidl/tests/samba3-cli.pl b/source4/pidl/tests/samba3-cli.pl index 80725d28cf..d762954159 100755 --- a/source4/pidl/tests/samba3-cli.pl +++ b/source4/pidl/tests/samba3-cli.pl @@ -44,7 +44,6 @@ is($x->{res}, status = cli_do_rpc_ndr(cli, mem_ctx, - PI_FOO, &ndr_table_foo, NDR_BAR, &r); @@ -89,7 +88,6 @@ is($x->{res}, status = cli_do_rpc_ndr(cli, mem_ctx, - PI_FOO, &ndr_table_foo, NDR_BAR, &r); -- cgit From be0a45d865dbb78c0a82e6bcebebbbbdb4ecb2d1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:42:27 +0200 Subject: libcli/smb2: async replies with STATUS_PENDING are not signed metze (This used to be commit 3f6cbece4a199a42ad6583ea4bd4302629399625) --- source4/libcli/smb2/transport.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index d9691bec7c..b946a102c8 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -235,6 +235,17 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS)); + if ((flags & SMB2_HDR_FLAG_ASYNC) && + NT_STATUS_EQUAL(req->status, STATUS_PENDING)) { + req->cancel.can_cancel = true; + req->cancel.pending_id = IVAL(hdr, SMB2_HDR_PID); + for (i=0; i< req->cancel.do_cancel; i++) { + smb2_cancel(req); + } + talloc_free(buffer); + return NT_STATUS_OK; + } + if (req->session && req->session->signing_active) { status = smb2_check_signature(&req->in, req->session->session_key); @@ -244,19 +255,6 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) return status; } } - - - if (NT_STATUS_EQUAL(req->status, STATUS_PENDING)) { - if (flags & 0x00000002) { - req->cancel.can_cancel = true; - req->cancel.pending_id = IVAL(hdr, SMB2_HDR_PID); - for (i=0; i< req->cancel.do_cancel; i++) { - smb2_cancel(req); - } - } - talloc_free(buffer); - return NT_STATUS_OK; - } buffer_code = SVAL(req->in.body, 0); req->in.body_fixed = (buffer_code & ~1); -- cgit From be92e7fc11c9ee55beacf8c6cc019539d3d7c486 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:44:06 +0200 Subject: libcli/smb2: we don't need check the same thing twice... metze (This used to be commit 1380fb954a7d9d4b543c4650a060fef9f357af7b) --- source4/libcli/smb2/signing.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/source4/libcli/smb2/signing.c b/source4/libcli/smb2/signing.c index 0d655d1a86..de9e1e9d29 100644 --- a/source4/libcli/smb2/signing.c +++ b/source4/libcli/smb2/signing.c @@ -94,12 +94,6 @@ NTSTATUS smb2_check_signature(struct smb2_request_buffer *buf, DATA_BLOB session return NT_STATUS_OK; } - if (session_key.length == 0) { - DEBUG(2,("Wrong session key length %u for SMB2 signing\n", - (unsigned)session_key.length)); - return NT_STATUS_ACCESS_DENIED; - } - memcpy(sig, buf->hdr+SMB2_HDR_SIGNATURE, 16); memset(buf->hdr + SMB2_HDR_SIGNATURE, 0, 16); -- cgit From f086e796d6a933b95e36f5638b39ee261fb6a784 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 15:19:01 +0200 Subject: libcli/smb2: use smb2 signing in auto mode if the server supports it metze (This used to be commit fe74faf13dc64eaa58d757de156aedcb24abed1f) --- source4/libcli/smb2/connect.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index c89c109b72..43151943d3 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -115,13 +115,19 @@ static void continue_negprot(struct smb2_request *req) transport->signing_required = false; break; case SMB_SIGNING_SUPPORTED: - case SMB_SIGNING_AUTO: if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) { transport->signing_required = true; } else { transport->signing_required = false; } break; + case SMB_SIGNING_AUTO: + if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) { + transport->signing_required = true; + } else { + transport->signing_required = false; + } + break; case SMB_SIGNING_REQUIRED: if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) { transport->signing_required = true; -- cgit From 4a214dba301474c48f2ae45194b0e363440ee01d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:45:44 +0200 Subject: smb2srv: use defines instead of hex values metze (This used to be commit 7c4abf6614c47471ae005a12abe27d85890d867f) --- source4/smb_server/smb2/receive.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index cfd6c1d01a..007125c4c4 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -79,12 +79,12 @@ struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn) NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size, bool body_dynamic_present, uint32_t body_dynamic_size) { - uint32_t flags = 0x00000001; + uint32_t flags = SMB2_HDR_FLAG_REDIRECT; uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID); uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID); if (req->pending_id) { - flags |= 0x00000002; + flags |= SMB2_HDR_FLAG_ASYNC; pid = req->pending_id; tid = 0; } @@ -545,7 +545,7 @@ void smb2srv_cancel_recv(struct smb2srv_request *req) flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS); pending_id = IVAL(req->in.hdr, SMB2_HDR_PID); - if (!(flags & 0x00000002)) { + if (!(flags & SMB2_HDR_FLAG_ASYNC)) { /* TODO: what to do here? */ goto done; } -- cgit From 0294c678c0665e675673ff477df26fddd8ed53dd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 15:20:18 +0200 Subject: smb2srv: sign replies when the request was also signed metze (This used to be commit dd2f4f7a491debcc30e590f571272afd99e52940) --- source4/smb_server/smb2/receive.c | 9 ++------- source4/smb_server/smb2/smb2_server.h | 2 ++ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 007125c4c4..bcc91e4ee3 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -236,7 +236,7 @@ void smb2srv_send_reply(struct smb2srv_request *req) } /* if signing is active on the session then sign the packet */ - if (req->session && req->session->smb2_signing.active) { + if (req->is_signed) { status = smb2_sign_message(&req->out, req->session->session_info->session_key); if (!NT_STATUS_IS_OK(status)) { @@ -310,12 +310,7 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) if (!req->session) goto nosession; - if (!req->session->smb2_signing.active) { - /* TODO: workout the correct error code */ - smb2srv_send_error(req, NT_STATUS_FOOBAR); - return NT_STATUS_OK; - } - + req->is_signed = true; status = smb2_check_signature(&req->in, req->session->session_info->session_key); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smb_server/smb2/smb2_server.h b/source4/smb_server/smb2/smb2_server.h index ae4abbd71e..d45e0861af 100644 --- a/source4/smb_server/smb2/smb2_server.h +++ b/source4/smb_server/smb2/smb2_server.h @@ -62,6 +62,8 @@ struct smb2srv_request { uint8_t _chained_file_handle[16]; uint8_t *chained_file_handle; + bool is_signed; + struct smb2_request_buffer in; struct smb2_request_buffer out; }; -- cgit From 2a36568129877273f6c559bd5c3bdb8f2efef8c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:48:44 +0200 Subject: smb2srv: async replies with STATUS_PENDING are not signed ..., but the they may have the sign flag set. metze (This used to be commit 43e43dead030f6bffd06631007fdb162c3c6b2b5) --- source4/smb_server/smb2/receive.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index bcc91e4ee3..1fe6f0b877 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -506,6 +506,8 @@ static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn) NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req) { + NTSTATUS status; + bool signing_used = false; int id; if (req->pending_id) { @@ -521,10 +523,35 @@ NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req) DLIST_ADD_END(req->smb_conn->requests2.list, req, struct smb2srv_request *); req->pending_id = id; + if (req->smb_conn->connection->event.fde == NULL) { + /* the socket has been destroyed - no point trying to send an error! */ + return NT_STATUS_REMOTE_DISCONNECT; + } + talloc_set_destructor(req, smb2srv_request_deny_destructor); - smb2srv_send_error(req, STATUS_PENDING); - talloc_set_destructor(req, smb2srv_request_destructor); + status = smb2srv_setup_reply(req, 8, true, 0); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(STATUS_PENDING)); + + SSVAL(req->out.body, 0x02, 0); + SIVAL(req->out.body, 0x04, 0); + + /* if the real reply will be signed set the signed flags, but don't sign */ + if (req->is_signed) { + SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED); + signing_used = req->is_signed; + req->is_signed = false; + } + + smb2srv_send_reply(req); + + req->is_signed = signing_used; + + talloc_set_destructor(req, smb2srv_request_destructor); return NT_STATUS_OK; } -- cgit From dbcdbb33485b034b48b32e4801a538bbc239d1c2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 12:44:25 +0200 Subject: libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values We now reuse ignored values for the ntvfs backend private flags. metze (This used to be commit 14eda93aeface307e1ffd1ea012d8f236fa78290) --- source4/libcli/raw/smb.h | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/source4/libcli/raw/smb.h b/source4/libcli/raw/smb.h index 8663792f78..d4091acf48 100644 --- a/source4/libcli/raw/smb.h +++ b/source4/libcli/raw/smb.h @@ -167,17 +167,30 @@ #define NTCREATEX_OPTIONS_NO_RECALL 0x00400000 /* Must be ignored by the server, per MS-SMB 2.2.8 */ #define NTCREATEX_OPTIONS_FREE_SPACE_QUERY 0x00800000 -/* create options these bits are for private use by backends, they are - not valid on the wire */ -#define NTCREATEX_OPTIONS_PRIVATE_MASK 0xFF000000 -#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x01000000 -#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x02000000 -#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK ( NTCREATEX_OPTIONS_TREE_CONNECTION | NTCREATEX_OPTIONS_COMPLETE_IF_OPLOCKED | NTCREATEX_OPTIONS_OPEN_FOR_RECOVERY | NTCREATEX_OPTIONS_FREE_SPACE_QUERY | NTCREATEX_OPTIONS_OPFILTER ) +#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK (NTCREATEX_OPTIONS_TREE_CONNECTION | \ + NTCREATEX_OPTIONS_OPEN_FOR_RECOVERY | \ + NTCREATEX_OPTIONS_FREE_SPACE_QUERY | \ + 0x000F0000) -#define NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK (0x000F0000 | NTCREATEX_OPTIONS_OPEN_BY_FILE_ID) +#define NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK (NTCREATEX_OPTIONS_OPEN_BY_FILE_ID) +#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK (NTCREATEX_OPTIONS_OPFILTER | \ + NTCREATEX_OPTIONS_SYNC_ALERT | \ + NTCREATEX_OPTIONS_ASYNC_ALERT | \ + NTCREATEX_OPTIONS_OPFILTER | \ + 0xFF000000) +/* + * We reuse some ignored flags for private use. + * This values have different meaning for some ntvfs backends. + * + * TODO: use values that are ignore for sure... + */ +#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x00010000 +#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x00020000 +#define NTCREATEX_OPTIONS_PRIVATE_MASK (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS | \ + NTCREATEX_OPTIONS_PRIVATE_DENY_FCB) /* ntcreatex impersonation field */ #define NTCREATEX_IMPERSONATION_ANONYMOUS 0 -- cgit From cc60d5a0320f824f7dc7b8abbe9cb0ccd668dda2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 12:37:31 +0200 Subject: pvfs: fix handling of create_option flags metze (This used to be commit 3c6cadf76861d6522c5ec41953df1ba2fac4910d) --- source4/ntvfs/posix/pvfs_open.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 6114b2052c..c127885a68 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -1181,6 +1181,7 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, int fd; struct odb_lock *lck; uint32_t create_options; + uint32_t create_options_must_ignore_mask; uint32_t share_access; uint32_t access_mask; uint32_t create_action = NTCREATEX_ACTION_EXISTED; @@ -1206,13 +1207,22 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - /* These options are ignored */ - create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK; + /* + * These options are ignored, + * but we reuse some of them as private values for the generic mapping + */ + create_options_must_ignore_mask = NTCREATEX_OPTIONS_MUST_IGNORE_MASK; + create_options_must_ignore_mask &= ~NTCREATEX_OPTIONS_PRIVATE_MASK; + create_options &= ~create_options_must_ignore_mask; if (create_options & NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK) { return NT_STATUS_NOT_SUPPORTED; } + if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) { + return NT_STATUS_INVALID_PARAMETER; + } + /* TODO: When we implement HSM, add a hook here not to pull * the actual file off tape, when this option is passed from * the client */ -- cgit From 2a336a63d704b1a5cf8e9a2961f48285081256ac Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 12:48:37 +0200 Subject: libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS. metze (This used to be commit 3ea08d430370717463ffab44fed9c42db1002d97) --- source4/libcli/smb2/smb2.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index 5d6341a15b..f00107de60 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -276,7 +276,9 @@ struct smb2_request { #define SMB2_CREATE_TAG_TWRP "TWrp" #define SMB2_CREATE_TAG_QFID "QFid" - +/* SMB2 Create ignore some more create_options */ +#define SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK (NTCREATEX_OPTIONS_TREE_CONNECTION | \ + NTCREATEX_OPTIONS_OPFILTER) /* check that a body has the expected size -- cgit From 548ed8d9586bbf9504bec5064a14893f5827b0e4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 09:52:45 +0200 Subject: ntvfs_generic: fix handling of create_options for SMB2 metze (This used to be commit cbd585d2a1e179615eba773cb07385524369c686) --- source4/ntvfs/ntvfs_generic.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c index 4f3a7e2198..c34bb7125e 100644 --- a/source4/ntvfs/ntvfs_generic.c +++ b/source4/ntvfs/ntvfs_generic.c @@ -532,16 +532,14 @@ NTSTATUS ntvfs_map_open(struct ntvfs_module_context *ntvfs, } /* we need to check these bits before we check the private mask */ - if (io2->generic.in.create_options & NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK) { + if (io2->generic.in.create_options & SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK) { status = NT_STATUS_NOT_SUPPORTED; break; } - /* we use a couple of bits of the create options internally */ - if (io2->generic.in.create_options & NTCREATEX_OPTIONS_PRIVATE_MASK) { - status = NT_STATUS_INVALID_PARAMETER; - break; - } + /* TODO: find out why only SMB2 ignores these */ + io2->generic.in.create_options &= ~NTCREATEX_OPTIONS_SYNC_ALERT; + io2->generic.in.create_options &= ~NTCREATEX_OPTIONS_ASYNC_ALERT; status = ntvfs->ops->open(ntvfs, req, io2); break; -- cgit From 80f2f10839521a873c37e6000d14ce2df2690f7a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 09:54:22 +0200 Subject: SMB2-CREATE: be more strict in error checking metze (This used to be commit d7d4df78c1de19d0cd7a63daaa2fa0863a243a12) --- source4/torture/smb2/create.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 744c5d2b6c..6edacbfd07 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -54,6 +54,7 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre TALLOC_CTX *tmp_ctx = talloc_new(tree); uint32_t access_mask, file_attributes, file_attributes_set, denied_mask; uint32_t ok_mask, not_supported_mask, invalid_parameter_mask; + uint32_t not_a_directory_mask, unexpected_mask; union smb_fileinfo q; ZERO_STRUCT(io); @@ -104,7 +105,11 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre io.in.file_attributes = 0; io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; - ok_mask = not_supported_mask = invalid_parameter_mask = 0; + ok_mask = 0; + not_supported_mask = 0; + invalid_parameter_mask = 0; + not_a_directory_mask = 0; + unexpected_mask = 0; { int i; for (i=0;i<32;i++) { @@ -117,11 +122,14 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre not_supported_mask |= 1< Date: Thu, 14 Aug 2008 09:54:51 +0200 Subject: SMB2-CREATE: be more strict in checking file attributes metze (This used to be commit ba9d0f6b3c60346df757e7c4c3f5704c0bf26d11) --- source4/torture/smb2/create.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 6edacbfd07..a8effca396 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -52,7 +52,7 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre struct smb2_create io; NTSTATUS status; TALLOC_CTX *tmp_ctx = talloc_new(tree); - uint32_t access_mask, file_attributes, file_attributes_set, denied_mask; + uint32_t access_mask, file_attributes_set; uint32_t ok_mask, not_supported_mask, invalid_parameter_mask; uint32_t not_a_directory_mask, unexpected_mask; union smb_fileinfo q; @@ -166,9 +166,10 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; io.in.file_attributes = 0; - file_attributes = 0; + ok_mask = 0; + invalid_parameter_mask = 0; + unexpected_mask = 0; file_attributes_set = 0; - denied_mask = 0; { int i; for (i=0;i<32;i++) { @@ -176,21 +177,28 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre smb2_deltree(tree, FNAME); status = smb2_create(tree, tmp_ctx, &io); if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { - file_attributes |= io.in.file_attributes; - } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - denied_mask |= io.in.file_attributes; - } else { - CHECK_STATUS(status, NT_STATUS_OK); + invalid_parameter_mask |= 1< Date: Thu, 14 Aug 2008 13:12:07 +0200 Subject: SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED Some standalone server (and samba4) doesn't support this. metze (This used to be commit 6d8fd4c0089d7e632ec91027a77321aca8c6acc7) --- source4/torture/smb2/create.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index a8effca396..4d1b4a7ed0 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -174,6 +174,9 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre int i; for (i=0;i<32;i++) { io.in.file_attributes = 1< Date: Wed, 13 Aug 2008 07:18:35 +0200 Subject: gensec_gssapi: only cache the session key in STAGE_DONE The key may change because we switch from initiator to acceptor subkey. metze (This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5) --- source4/auth/gensec/gensec_gssapi.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 0df40dc82f..20d08078be 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1236,12 +1236,16 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit return NT_STATUS_NO_USER_SESSION_KEY; } - DEBUG(10, ("Got KRB5 session key of length %d\n", - (int)KRB5_KEY_LENGTH(subkey))); - gensec_gssapi_state->session_key = data_blob_talloc(gensec_gssapi_state, - KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); + DEBUG(10, ("Got KRB5 session key of length %d%s\n", + (int)KRB5_KEY_LENGTH(subkey), + (gensec_gssapi_state->sasl_state == STAGE_DONE)?" (done)":"")); + *session_key = data_blob_talloc(gensec_gssapi_state, + KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, subkey); - *session_key = gensec_gssapi_state->session_key; + if (gensec_gssapi_state->sasl_state == STAGE_DONE) { + /* only cache in the done stage */ + gensec_gssapi_state->session_key = *session_key; + } dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); return NT_STATUS_OK; -- cgit From 69d074af81e57c67ee85314c2b5f7a642844ae88 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:52:20 +0200 Subject: gsskrb5: always return an acceptor subkey For non cfx keys it's the same as the intiator subkey. This matches windows behavior. metze (This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8) --- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da6..a6f0f31246 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + use_subkey = 1; + } else { + krb5_keyblock *rkey; + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); + if (kret == 0) { + use_subkey = 1; + } + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, -- cgit From e75f1072b6c3735690d7b20682036b8bc5977dc5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 07:22:36 +0200 Subject: Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key" This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11. As we fixed gensec_gssapi to only return a session key when it's have the correct session key, this hack isn't needed anymore. metze (This used to be commit 697cd1896bccaa55ee422f17d9312d787ca699ed) --- source4/heimdal/lib/krb5/rd_req.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index e80aaa6789..ddf1f69ae4 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -463,8 +463,6 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; -#if 0 -/* it's bad to use a different enctype as the client */ if (etypes.val) { int i; @@ -475,7 +473,6 @@ krb5_verify_ap_req2(krb5_context context, } } } -#endif /* save key */ ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); -- cgit From c1c6c1b609ab57186dab7b13c56bfe4475a733f7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Aug 2008 15:14:53 +0200 Subject: RAW-OPEN: be more strict in create_option checking metze (This used to be commit d548f5dee5980eae0aea25f1314238eb4f963568) --- source4/torture/raw/open.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c index 39ff443ccd..f3494ea3d0 100644 --- a/source4/torture/raw/open.c +++ b/source4/torture/raw/open.c @@ -845,6 +845,7 @@ static bool test_nttrans_create(struct smbcli_state *cli, struct torture_context bool ret = true; int i; uint32_t ok_mask, not_supported_mask, invalid_parameter_mask; + uint32_t not_a_directory_mask, unexpected_mask; struct { uint32_t open_disp; bool with_file; @@ -1004,13 +1005,16 @@ static bool test_nttrans_create(struct smbcli_state *cli, struct torture_context smbcli_close(cli->tree, fnum); } - ok_mask = not_supported_mask = invalid_parameter_mask = 0; - io.ntcreatex.in.file_attr = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; /* Check for options that should return NOT_SUPPORTED, OK or INVALID_PARAMETER */ + ok_mask = 0; + not_supported_mask = 0; + invalid_parameter_mask = 0; + not_a_directory_mask = 0; + unexpected_mask = 0; for (i=0; i < 32; i++) { uint32_t create_option = 1<tree, io.ntcreatex.out.file.fnum); } else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { invalid_parameter_mask |= create_option; + } else if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) { + not_a_directory_mask |= 1<tree, fname); -- cgit From 427b3baba3fe5489c96fd79ef1b1ee1adef7b834 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 09:46:51 +1000 Subject: Don't segfault in RPC-ATSVC. (This used to be commit e711f7d26a632ec93c1e2a3db52c37e1c0de4214) --- source4/torture/rpc/atsvc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/torture/rpc/atsvc.c b/source4/torture/rpc/atsvc.c index 25ace8ac49..23d76ae502 100644 --- a/source4/torture/rpc/atsvc.c +++ b/source4/torture/rpc/atsvc.c @@ -65,7 +65,8 @@ static bool test_JobEnum(struct torture_context *tctx, struct dcerpc_pipe *p) NTSTATUS status; struct atsvc_JobEnum r; struct atsvc_enum_ctr ctr; - uint32_t resume_handle = 0, i; + uint32_t resume_handle = 0, i, total_entries = 0; + bool ret = true; r.in.servername = dcerpc_server_name(p); @@ -74,6 +75,7 @@ static bool test_JobEnum(struct torture_context *tctx, struct dcerpc_pipe *p) r.in.ctr = r.out.ctr = &ctr; r.in.preferred_max_len = 0xffffffff; r.in.resume_handle = r.out.resume_handle = &resume_handle; + r.out.total_entries = &total_entries; status = dcerpc_atsvc_JobEnum(p, tctx, &r); -- cgit From a3faed4bfe14192292d7656d673e9fcc52084075 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 12:08:10 +1000 Subject: Paramaterise the seperator in ad2OLschema This will allow me to add a new mode, with the CN=Aggregate schema format automatically generated. Andrew Bartlett (This used to be commit 7d2a890a7077e446e45527847f78bba84d22bc4c) --- source4/utils/ad2oLschema.c | 149 ++++++++++++++++++++++++-------------------- 1 file changed, 82 insertions(+), 67 deletions(-) diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index 51b03b8e8f..dcc0094ab7 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -152,6 +152,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ struct ldb_dn *schemadn; struct schema_conv ret; struct dsdb_schema *schema; + const char *seperator; char *error_string; int ldb_ret; @@ -223,8 +224,10 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ switch (target) { case TARGET_OPENLDAP: + seperator = "\n "; break; case TARGET_FEDORA_DS: + seperator = "\n "; fprintf(out, "dn: cn=schema\n"); break; } @@ -236,7 +239,8 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ const char *syntax = attribute->attributeSyntax_oid; bool single_value = attribute->isSingleValued; - const struct syntax_map *map = find_syntax_map_by_ad_oid(syntax); + const struct syntax_map *const_map = find_syntax_map_by_ad_oid(syntax); + struct syntax_map map, *map_p = NULL; char *schema_entry = NULL; int j; @@ -254,19 +258,21 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } - switch (target) { - case TARGET_OPENLDAP: - schema_entry = talloc_asprintf(mem_ctx, - "attributetype (\n" - " %s\n", oid); - break; - case TARGET_FEDORA_DS: - schema_entry = talloc_asprintf(mem_ctx, - "attributeTypes: (\n" - " %s\n", oid); - break; + if (const_map) { + map = *const_map; + + /* We might have been asked to remap this oid, + * due to a conflict, or lack of + * implementation */ + for (j=0; map.Standard_OID && oid_map && oid_map[j].old_oid; j++) { + if (strcasecmp(map.Standard_OID, oid_map[j].old_oid) == 0) { + map.Standard_OID = oid_map[j].new_oid; + break; + } + } + + map_p = ↦ } - IF_NULL_FAIL_RET(schema_entry); /* We might have been asked to remap this name, due to a conflict */ for (j=0; name && attr_map && attr_map[j].old_attr; j++) { @@ -276,53 +282,60 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } + switch (target) { + case TARGET_OPENLDAP: + schema_entry = talloc_asprintf(mem_ctx, + "attributetype ("); + break; + case TARGET_FEDORA_DS: + schema_entry = talloc_asprintf(mem_ctx, + "attributeTypes: ("); + break; + } + IF_NULL_FAIL_RET(schema_entry); + schema_entry = talloc_asprintf_append(schema_entry, - " NAME '%s'\n", name); + "%s%s%s", seperator, oid, seperator); + + schema_entry = talloc_asprintf_append(schema_entry, + "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); if (description) { #if 0 /* If you want to re-enable this, you must first figure out a sane escaping of ' in the description */ schema_entry = talloc_asprintf_append(schema_entry, - " DESC '%s'\n", description); + "DESC '%s' ", description); IF_NULL_FAIL_RET(schema_entry); #endif } - if (map) { - const char *syntax_oid; - if (map->equality) { + if (map_p) { + if (map_p->equality) { schema_entry = talloc_asprintf_append(schema_entry, - " EQUALITY %s\n", map->equality); + "EQUALITY %s%s", map_p->equality, seperator); IF_NULL_FAIL_RET(schema_entry); } - if (map->substring) { + if (map_p->substring) { schema_entry = talloc_asprintf_append(schema_entry, - " SUBSTR %s\n", map->substring); + "SUBSTR %s%s", map_p->substring, seperator); IF_NULL_FAIL_RET(schema_entry); } - syntax_oid = map->Standard_OID; - /* We might have been asked to remap this oid, - * due to a conflict, or lack of - * implementation */ - for (j=0; syntax_oid && oid_map && oid_map[j].old_oid; j++) { - if (strcasecmp(syntax_oid, oid_map[j].old_oid) == 0) { - syntax_oid = oid_map[j].new_oid; - break; - } - } - schema_entry = talloc_asprintf_append(schema_entry, - " SYNTAX %s\n", syntax_oid); - IF_NULL_FAIL_RET(schema_entry); + + syntax = map_p->Standard_OID; } + schema_entry = talloc_asprintf_append(schema_entry, + "SYNTAX %s%s", syntax, seperator); + IF_NULL_FAIL_RET(schema_entry); + if (single_value) { schema_entry = talloc_asprintf_append(schema_entry, - " SINGLE-VALUE\n"); + "SINGLE-VALUE%s", seperator); IF_NULL_FAIL_RET(schema_entry); } schema_entry = talloc_asprintf_append(schema_entry, - " )"); + ")"); switch (target) { case TARGET_OPENLDAP: @@ -357,10 +370,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ continue; } - may = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MAY); - - must = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MUST); - /* We might have been asked to remap this oid, due to a conflict */ for (j=0; oid_map && oid_map[j].old_oid; j++) { if (strcasecmp(oid, oid_map[j].old_oid) == 0) { @@ -369,64 +378,69 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } + /* We might have been asked to remap this name, due to a conflict */ + for (j=0; name && attr_map && attr_map[j].old_attr; j++) { + if (strcasecmp(name, attr_map[j].old_attr) == 0) { + name = attr_map[j].new_attr; + break; + } + } + + may = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MAY); + + must = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MUST); + switch (target) { case TARGET_OPENLDAP: schema_entry = talloc_asprintf(mem_ctx, - "objectclass (\n" - " %s\n", oid); + "objectclass ("); break; case TARGET_FEDORA_DS: schema_entry = talloc_asprintf(mem_ctx, - "objectClasses: (\n" - " %s\n", oid); + "objectClasses: ("); break; } + schema_entry = talloc_asprintf_append(schema_entry, + "%s%s%s", seperator, oid, seperator); + IF_NULL_FAIL_RET(schema_entry); if (!schema_entry) { ret.failures++; break; } - /* We might have been asked to remap this name, due to a conflict */ - for (j=0; name && attr_map && attr_map[j].old_attr; j++) { - if (strcasecmp(name, attr_map[j].old_attr) == 0) { - name = attr_map[j].new_attr; - break; - } - } - schema_entry = talloc_asprintf_append(schema_entry, - " NAME '%s'\n", name); + "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); if (!schema_entry) return ret; if (description) { schema_entry = talloc_asprintf_append(schema_entry, - " DESC '%s'\n", description); + "DESC '%s'%s", description, seperator); IF_NULL_FAIL_RET(schema_entry); } if (subClassOf) { schema_entry = talloc_asprintf_append(schema_entry, - " SUP %s\n", subClassOf); + "SUP %s%s", subClassOf, seperator); IF_NULL_FAIL_RET(schema_entry); } switch (objectClassCategory) { case 1: schema_entry = talloc_asprintf_append(schema_entry, - " STRUCTURAL\n"); + "STRUCTURAL%s", seperator); IF_NULL_FAIL_RET(schema_entry); break; case 2: schema_entry = talloc_asprintf_append(schema_entry, - " ABSTRACT\n"); + "ABSTRACT%s", seperator); IF_NULL_FAIL_RET(schema_entry); break; case 3: schema_entry = talloc_asprintf_append(schema_entry, - " AUXILIARY\n"); + "AUXILIARY%s", seperator); IF_NULL_FAIL_RET(schema_entry); break; } @@ -446,17 +460,18 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } \ \ schema_entry = talloc_asprintf_append(schema_entry, \ - " %s", \ + "%s ", \ attr_name); \ IF_NULL_FAIL_RET(schema_entry); \ if (attributes[k+1]) { \ - schema_entry = talloc_asprintf_append(schema_entry, \ - " $"); \ IF_NULL_FAIL_RET(schema_entry); \ if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \ schema_entry = talloc_asprintf_append(schema_entry, \ - "\n "); \ + "$%s ", seperator); \ IF_NULL_FAIL_RET(schema_entry); \ + } else { \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "$ "); \ } \ } \ } \ @@ -464,30 +479,30 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ if (must) { schema_entry = talloc_asprintf_append(schema_entry, - " MUST ("); + "MUST ( "); IF_NULL_FAIL_RET(schema_entry); APPEND_ATTRS(must); schema_entry = talloc_asprintf_append(schema_entry, - " )\n"); + ")%s", seperator); IF_NULL_FAIL_RET(schema_entry); } if (may) { schema_entry = talloc_asprintf_append(schema_entry, - " MAY ("); + "MAY ( "); IF_NULL_FAIL_RET(schema_entry); APPEND_ATTRS(may); schema_entry = talloc_asprintf_append(schema_entry, - " )\n"); + ")%s", seperator); IF_NULL_FAIL_RET(schema_entry); } schema_entry = talloc_asprintf_append(schema_entry, - " )"); + ")"); switch (target) { case TARGET_OPENLDAP: -- cgit From e387677f515ee7f2c185069f8c52a3ec783041e2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 13:18:48 +1000 Subject: Rework generation of the objectClass and attributeType lines. Now that these are subroutines, we can factor them out into a file the CN=Aggregate schema code can also use. Andrew Bartlett (This used to be commit e3591a6a35ddb60398a03a4fa0545cc6158946ef) --- source4/utils/ad2oLschema.c | 378 ++++++++++++++++++++++++-------------------- 1 file changed, 209 insertions(+), 169 deletions(-) diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index dcc0094ab7..1e6348bc1a 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Andrew Bartlett 2006 + Copyright (C) Andrew Bartlett 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -124,12 +124,176 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct #define IF_NULL_FAIL_RET(x) do { \ if (!x) { \ - ret.failures++; \ - return ret; \ + return NULL; \ } \ } while (0) +static char *schema_attribute_description(TALLOC_CTX *mem_ctx, + enum convert_target target, + const char *seperator, + const char *oid, + const char *name, + const char *description, + struct syntax_map *map, + const char *syntax, + bool single_value, bool operational) +{ + char *schema_entry = talloc_asprintf(mem_ctx, + "(%s%s%s", seperator, oid, seperator); + + schema_entry = talloc_asprintf_append(schema_entry, + "NAME '%s'%s", name, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (description) { +#if 0 + /* Need a way to escape ' characters from the description */ + schema_entry = talloc_asprintf_append(schema_entry, + "DESC '%s'%s", description, seperator); + IF_NULL_FAIL_RET(schema_entry); +#endif + } + + if (map) { + if (map->equality) { + schema_entry = talloc_asprintf_append(schema_entry, + "EQUALITY %s%s", map->equality, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + if (map->substring) { + schema_entry = talloc_asprintf_append(schema_entry, + "SUBSTR %s%s", map->substring, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + syntax = map->Standard_OID; + } + + schema_entry = talloc_asprintf_append(schema_entry, + "SYNTAX %s%s", syntax, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (single_value) { + schema_entry = talloc_asprintf_append(schema_entry, + "SINGLE-VALUE%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (operational) { + schema_entry = talloc_asprintf_append(schema_entry, + "NO-USER-MODIFICATION%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + schema_entry = talloc_asprintf_append(schema_entry, + ")"); + return schema_entry; +} + +static char *schema_class_description(TALLOC_CTX *mem_ctx, + enum convert_target target, + const char *seperator, + const char *oid, + const char *name, + const char *description, + const char *subClassOf, + int objectClassCategory, + char **must, + char **may) +{ + char *schema_entry = talloc_asprintf(mem_ctx, + "(%s%s%s", seperator, oid, seperator); + + IF_NULL_FAIL_RET(schema_entry); + + schema_entry = talloc_asprintf_append(schema_entry, + "NAME '%s'%s", name, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (description) { + schema_entry = talloc_asprintf_append(schema_entry, + "DESC '%s'%s", description, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (subClassOf) { + schema_entry = talloc_asprintf_append(schema_entry, + "SUP %s%s", subClassOf, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + switch (objectClassCategory) { + case 1: + schema_entry = talloc_asprintf_append(schema_entry, + "STRUCTURAL%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + case 2: + schema_entry = talloc_asprintf_append(schema_entry, + "ABSTRACT%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + case 3: + schema_entry = talloc_asprintf_append(schema_entry, + "AUXILIARY%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + } + +#define APPEND_ATTRS(attributes) \ + do { \ + int k; \ + for (k=0; attributes && attributes[k]; k++) { \ + const char *attr_name = attributes[k]; \ + \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "%s ", \ + attr_name); \ + IF_NULL_FAIL_RET(schema_entry); \ + if (attributes[k+1]) { \ + IF_NULL_FAIL_RET(schema_entry); \ + if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "$%s ", seperator); \ + IF_NULL_FAIL_RET(schema_entry); \ + } else { \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "$ "); \ + } \ + } \ + } \ + } while (0) + + if (must) { + schema_entry = talloc_asprintf_append(schema_entry, + "MUST ( "); + IF_NULL_FAIL_RET(schema_entry); + + APPEND_ATTRS(must); + + schema_entry = talloc_asprintf_append(schema_entry, + ")%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (may) { + schema_entry = talloc_asprintf_append(schema_entry, + "MAY ( "); + IF_NULL_FAIL_RET(schema_entry); + + APPEND_ATTRS(may); + + schema_entry = talloc_asprintf_append(schema_entry, + ")%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + schema_entry = talloc_asprintf_append(schema_entry, + ")"); + return schema_entry; +} + static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_target target, FILE *in, FILE *out) { /* Read list of attributes to skip, OIDs to map */ @@ -172,7 +336,10 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } if (isdigit(line[0])) { char *p = strchr(line, ':'); - IF_NULL_FAIL_RET(p); + if (!p) { + ret.failures++; + return ret; + } p[0] = '\0'; p++; oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_oid_maps + 2); @@ -282,67 +449,19 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } - switch (target) { - case TARGET_OPENLDAP: - schema_entry = talloc_asprintf(mem_ctx, - "attributetype ("); - break; - case TARGET_FEDORA_DS: - schema_entry = talloc_asprintf(mem_ctx, - "attributeTypes: ("); - break; - } - IF_NULL_FAIL_RET(schema_entry); - - schema_entry = talloc_asprintf_append(schema_entry, - "%s%s%s", seperator, oid, seperator); - - schema_entry = talloc_asprintf_append(schema_entry, - "NAME '%s'%s", name, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (description) { -#if 0 /* If you want to re-enable this, you must first figure out a sane escaping of ' in the description */ - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s' ", description); - IF_NULL_FAIL_RET(schema_entry); -#endif - } + schema_entry = schema_attribute_description(mem_ctx, target, seperator, oid, name, description, map_p, syntax, single_value, false); - if (map_p) { - if (map_p->equality) { - schema_entry = talloc_asprintf_append(schema_entry, - "EQUALITY %s%s", map_p->equality, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - if (map_p->substring) { - schema_entry = talloc_asprintf_append(schema_entry, - "SUBSTR %s%s", map_p->substring, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - syntax = map_p->Standard_OID; - } - - schema_entry = talloc_asprintf_append(schema_entry, - "SYNTAX %s%s", syntax, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (single_value) { - schema_entry = talloc_asprintf_append(schema_entry, - "SINGLE-VALUE%s", seperator); - IF_NULL_FAIL_RET(schema_entry); + if (schema_entry == NULL) { + ret.failures++; + return ret; } - - schema_entry = talloc_asprintf_append(schema_entry, - ")"); switch (target) { case TARGET_OPENLDAP: - fprintf(out, "%s\n\n", schema_entry); + fprintf(out, "attributetype %s\n\n", schema_entry); break; case TARGET_FEDORA_DS: - fprintf(out, "%s\n", schema_entry); + fprintf(out, "attributeTypes: %s\n", schema_entry); break; } ret.count++; @@ -363,6 +482,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ NULL }; int j; + int attr_idx; /* We have been asked to skip some attributes/objectClasses */ if (attrs_skip && str_list_check_ci(attrs_skip, name)) { @@ -388,128 +508,48 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ may = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MAY); - must = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MUST); - - switch (target) { - case TARGET_OPENLDAP: - schema_entry = talloc_asprintf(mem_ctx, - "objectclass ("); - break; - case TARGET_FEDORA_DS: - schema_entry = talloc_asprintf(mem_ctx, - "objectClasses: ("); - break; - } - schema_entry = talloc_asprintf_append(schema_entry, - "%s%s%s", seperator, oid, seperator); - - IF_NULL_FAIL_RET(schema_entry); - if (!schema_entry) { - ret.failures++; - break; + for (j=0; may && may[j]; j++) { + /* We might have been asked to remap this name, due to a conflict */ + for (attr_idx=0; attr_map && attr_map[attr_idx].old_attr; attr_idx++) { + if (strcasecmp(may[j], attr_map[attr_idx].old_attr) == 0) { + may[j] = attr_map[attr_idx].new_attr; + break; + } + } } - schema_entry = talloc_asprintf_append(schema_entry, - "NAME '%s'%s", name, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (!schema_entry) return ret; - - if (description) { - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - if (subClassOf) { - schema_entry = talloc_asprintf_append(schema_entry, - "SUP %s%s", subClassOf, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - switch (objectClassCategory) { - case 1: - schema_entry = talloc_asprintf_append(schema_entry, - "STRUCTURAL%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - case 2: - schema_entry = talloc_asprintf_append(schema_entry, - "ABSTRACT%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - case 3: - schema_entry = talloc_asprintf_append(schema_entry, - "AUXILIARY%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - } - -#define APPEND_ATTRS(attributes) \ - do { \ - int k; \ - for (k=0; attributes && attributes[k]; k++) { \ - int attr_idx; \ - const char *attr_name = attributes[k]; \ - /* We might have been asked to remap this name, due to a conflict */ \ - for (attr_idx=0; attr_name && attr_map && attr_map[attr_idx].old_attr; attr_idx++) { \ - if (strcasecmp(attr_name, attr_map[attr_idx].old_attr) == 0) { \ - attr_name = attr_map[attr_idx].new_attr; \ - break; \ - } \ - } \ - \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "%s ", \ - attr_name); \ - IF_NULL_FAIL_RET(schema_entry); \ - if (attributes[k+1]) { \ - IF_NULL_FAIL_RET(schema_entry); \ - if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "$%s ", seperator); \ - IF_NULL_FAIL_RET(schema_entry); \ - } else { \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "$ "); \ - } \ - } \ - } \ - } while (0) - - if (must) { - schema_entry = talloc_asprintf_append(schema_entry, - "MUST ( "); - IF_NULL_FAIL_RET(schema_entry); - - APPEND_ATTRS(must); + must = dsdb_full_attribute_list(mem_ctx, schema, objectclass_name_as_list, DSDB_SCHEMA_ALL_MUST); - schema_entry = talloc_asprintf_append(schema_entry, - ")%s", seperator); - IF_NULL_FAIL_RET(schema_entry); + for (j=0; must && must[j]; j++) { + /* We might have been asked to remap this name, due to a conflict */ + for (attr_idx=0; attr_map && attr_map[attr_idx].old_attr; attr_idx++) { + if (strcasecmp(must[j], attr_map[attr_idx].old_attr) == 0) { + must[j] = attr_map[attr_idx].new_attr; + break; + } + } } - if (may) { - schema_entry = talloc_asprintf_append(schema_entry, - "MAY ( "); - IF_NULL_FAIL_RET(schema_entry); - - APPEND_ATTRS(may); - - schema_entry = talloc_asprintf_append(schema_entry, - ")%s", seperator); - IF_NULL_FAIL_RET(schema_entry); + schema_entry = schema_class_description(mem_ctx, target, + seperator, + oid, + name, + description, + subClassOf, + objectClassCategory, + must, + may); + if (schema_entry == NULL) { + ret.failures++; + return ret; } - schema_entry = talloc_asprintf_append(schema_entry, - ")"); - switch (target) { case TARGET_OPENLDAP: - fprintf(out, "%s\n\n", schema_entry); + fprintf(out, "objectclass %s\n\n", schema_entry); break; case TARGET_FEDORA_DS: - fprintf(out, "%s\n", schema_entry); + fprintf(out, "objectClasses: %s\n", schema_entry); break; } ret.count++; -- cgit From 16112762e70879b50f1dfc49452d6d278bd256cf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 20:40:57 +1000 Subject: Generate the subSchema in cn=Aggregate This reads the schema from the in-memory structure, when the magic attributes are requested. The code is a modified version of that used in the ad2oLschema tool (now shared). The schema_fsmo module handles the insertion of the generated result. As such, this commit also removes these entries from the setup/schema.ldif Metze's previous stub of this functionality is also removed. Andrew Bartlett (This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60) --- source4/dsdb/config.mk | 3 +- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 206 +++++++++- source4/dsdb/schema/schema.h | 14 + source4/dsdb/schema/schema_constructed.c | 186 --------- source4/dsdb/schema/schema_convert.c | 160 ++++++++ source4/dsdb/schema/schema_convert.h | 10 + source4/dsdb/schema/schema_description.c | 316 +++++++++++++++ source4/dsdb/schema/schema_init.c | 97 +++-- source4/lib/ldb/tests/python/ldap.py | 30 ++ source4/setup/schema.ldif | 549 --------------------------- source4/utils/ad2oLschema.c | 206 +--------- source4/utils/config.mk | 6 +- source4/utils/schema_convert.c | 173 --------- source4/utils/schema_convert.h | 10 - testprogs/ejs/minschema.js | 41 +- 15 files changed, 807 insertions(+), 1200 deletions(-) delete mode 100644 source4/dsdb/schema/schema_constructed.c create mode 100644 source4/dsdb/schema/schema_convert.c create mode 100644 source4/dsdb/schema/schema_convert.h create mode 100644 source4/dsdb/schema/schema_description.c delete mode 100644 source4/utils/schema_convert.c delete mode 100644 source4/utils/schema_convert.h diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index 7b700fda22..d430c3f957 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -35,7 +35,8 @@ PRIVATE_DEPENDENCIES = SAMDB_COMMON NDR_DRSUAPI NDR_DRSBLOBS SAMDB_SCHEMA_OBJ_FILES = $(addprefix $(dsdbsrcdir)/schema/, \ schema_init.o \ schema_syntax.o \ - schema_constructed.o) + schema_description.o \ + schema_convert.o) $(eval $(call proto_header_template,$(dsdbsrcdir)/schema/proto.h,$(SAMDB_SCHEMA_OBJ_FILES:.o=.c))) # PUBLIC_HEADERS += dsdb/schema/schema.h diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 87ada855d3..706b7b18b7 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -32,6 +32,40 @@ #include "lib/util/dlinklist.h" #include "param/param.h" +static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); +static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); +static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); + +static const struct { + const char *attr; + int (*fn)(struct ldb_context *, struct ldb_message *, const struct dsdb_schema *); +} generated_attrs[] = { + { + .attr = "objectClasses", + .fn = generate_objectClasses + }, + { + .attr = "attributeTypes", + .fn = generate_attributeTypes + }, + { + .attr = "dITContentRules", + .fn = generate_dITContentRules + } +}; + +struct schema_fsmo_private_data { + struct ldb_dn *aggregate_dn; +}; + +struct schema_fsmo_search_data { + struct schema_fsmo_private_data *module_context; + struct ldb_request *orig_req; +}; + static int schema_fsmo_init(struct ldb_module *module) { TALLOC_CTX *mem_ctx; @@ -39,10 +73,7 @@ static int schema_fsmo_init(struct ldb_module *module) struct dsdb_schema *schema; char *error_string = NULL; int ret; - - if (dsdb_get_schema(module->ldb)) { - return ldb_next_init(module); - } + struct schema_fsmo_private_data *data; schema_dn = samdb_schema_dn(module->ldb); if (!schema_dn) { @@ -52,6 +83,25 @@ static int schema_fsmo_init(struct ldb_module *module) return ldb_next_init(module); } + data = talloc(module, struct schema_fsmo_private_data); + if (data == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Check to see if this is a result on the CN=Aggregate schema */ + data->aggregate_dn = ldb_dn_copy(data, schema_dn); + if (!ldb_dn_add_child_fmt(data->aggregate_dn, "CN=Aggregate")) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + module->private_data = data; + + if (dsdb_get_schema(module->ldb)) { + return ldb_next_init(module); + } + mem_ctx = talloc_new(module); if (!mem_ctx) { ldb_oom(module->ldb); @@ -208,9 +258,155 @@ static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request *r return LDB_SUCCESS; } +static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_class *class; + int ret; + + for (class = schema->classes; class; class = class->next) { + ret = ldb_msg_add_string(msg, "objectClasses", schema_class_to_description(msg, class)); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} +static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_attribute *attribute; + int ret; + + for (attribute = schema->attributes; attribute; attribute = attribute->next) { + ret = ldb_msg_add_string(msg, "attributeTypes", schema_attribute_to_description(msg, attribute)); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; +} + +static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_class *class; + int ret; + + for (class = schema->classes; class; class = class->next) { + if (class->auxiliaryClass || class->systemAuxiliaryClass) { + char *ditcontentrule = schema_class_to_dITContentRule(msg, class, schema); + if (!ditcontentrule) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_steal_string(msg, "dITContentRules", ditcontentrule); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + return 0; +} + + + +/* Add objectClasses, attributeTypes and dITContentRules from the + schema object (they are not stored in the database) + */ +static int schema_fsmo_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +{ + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + struct schema_fsmo_search_data *search_data = talloc_get_type(context, struct schema_fsmo_search_data); + struct ldb_request *orig_req = search_data->orig_req; + TALLOC_CTX *mem_ctx; + int i, ret; + + /* Only entries are interesting, and we handle the case of the parent seperatly */ + if (ares->type != LDB_REPLY_ENTRY) { + return orig_req->callback(ldb, orig_req->context, ares); + } + + if (ldb_dn_compare(ares->message->dn, search_data->module_context->aggregate_dn) != 0) { + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); + } + + mem_ctx = talloc_new(ares); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(orig_req->op.search.attrs, generated_attrs[i].attr)) { + ret = generated_attrs[i].fn(ldb, ares->message, schema); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } + + talloc_free(mem_ctx); + return orig_req->callback(ldb, orig_req->context, ares); +} + +/* search */ +static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + struct schema_fsmo_search_data *search_context; + struct ldb_request *down_req; + struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + + if (!schema || !module->private_data) { + /* If there is no schema, there is little we can do */ + return ldb_next_request(module, req); + } + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(req->op.search.attrs, generated_attrs[i].attr)) { + break; + } + } + if (i == ARRAY_SIZE(generated_attrs)) { + /* No request for a generated attr found, nothing to + * see here, move along... */ + return ldb_next_request(module, req); + } + + search_context = talloc(req, struct schema_fsmo_search_data); + if (!search_context) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + down_req = talloc(req, struct ldb_request); + if (!down_req) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + *down_req = *req; + search_context->orig_req = req; + search_context->module_context = talloc_get_type(module->private_data, struct schema_fsmo_private_data); + down_req->context = search_context; + + down_req->callback = schema_fsmo_search_callback; + + ret = ldb_next_request(module, down_req); + + /* do not free down_req as the call results may be linked to it, + * it will be freed when the upper level request get freed */ + if (ret == LDB_SUCCESS) { + req->handle = down_req->handle; + } + return ret; +} + + _PUBLIC_ const struct ldb_module_ops ldb_schema_fsmo_module_ops = { .name = "schema_fsmo", .init_context = schema_fsmo_init, .add = schema_fsmo_add, - .extended = schema_fsmo_extended + .extended = schema_fsmo_extended, + .search = schema_fsmo_search }; diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index a4e455ae33..cd714e9c61 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -168,6 +168,20 @@ enum dsdb_attr_list_query { DSDB_SCHEMA_ALL }; +enum dsdb_schema_convert_target { + TARGET_OPENLDAP, + TARGET_FEDORA_DS, + TARGET_AD_SCHEMA_SUBENTRY +}; + +struct dsdb_syntax_map { + const char *Standard_OID; + const char *AD_OID; + const char *equality; + const char *substring; + const char *comment; +}; + #include "dsdb/schema/proto.h" #endif /* _DSDB_SCHEMA_H */ diff --git a/source4/dsdb/schema/schema_constructed.c b/source4/dsdb/schema/schema_constructed.c deleted file mode 100644 index 51343817b0..0000000000 --- a/source4/dsdb/schema/schema_constructed.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - DSDB schema constructed attributes - attributeTypes, objectClasses, dITContentRules... - - Copyright (C) Stefan Metzmacher 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ -#include "includes.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/gen_ndr/ndr_drsuapi.h" -#include "lib/ldb/include/ldb.h" -#include "system/time.h" -#include "lib/charset/charset.h" -#include "librpc/ndr/libndr.h" - -static char *dsdb_subSchema_list_append(char *v, const char *list_name) -{ - bool first = true; - uint32_t i; - const char *attrs[] = { - "attr1", - "attr2", - "attr3", - NULL - }; - - v = talloc_asprintf_append(v, "%s ( ", list_name); - if (!v) return NULL; - - for (i=0; attrs[i]; i++) { - v = talloc_asprintf_append(v, "%s%s ", - (!first ? "$ " : ""), - attrs[i]); - if (!v) return NULL; - first = false; - } - - v = talloc_asprintf_append(v, ") "); - if (!v) return NULL; - - return v; -} - -WERROR dsdb_subSchema_attributeTypes(const struct dsdb_schema *schema, - TALLOC_CTX *mem_ctx) -{ - struct ldb_message_element *e; - struct dsdb_attribute *a; - - e = talloc_zero(mem_ctx, struct ldb_message_element); - W_ERROR_HAVE_NO_MEMORY(e); - - for (a = schema->attributes; a; a = a->next) { - char *v; - - v = talloc_asprintf(e, "( %s NAME '%s' SYNTAX '%s' ", - a->attributeID_oid, a->lDAPDisplayName, - a->syntax->ldap_oid); - W_ERROR_HAVE_NO_MEMORY(v); - - if (a->isSingleValued) { - v = talloc_asprintf_append(v, "SINGLE-VALUE "); - W_ERROR_HAVE_NO_MEMORY(v); - } - - if (a->systemOnly) { - v = talloc_asprintf_append(v, "NO-USER-MODIFICATION "); - W_ERROR_HAVE_NO_MEMORY(v); - } - - v = talloc_asprintf_append(v, ")"); - W_ERROR_HAVE_NO_MEMORY(v); - - DEBUG(0,("%s\n", v)); - } - - return WERR_FOOBAR; -} - -WERROR dsdb_subSchema_objectClasses(const struct dsdb_schema *schema, - TALLOC_CTX *mem_ctx) -{ - struct ldb_message_element *e; - struct dsdb_class *c; - - e = talloc_zero(mem_ctx, struct ldb_message_element); - W_ERROR_HAVE_NO_MEMORY(e); - - for (c = schema->classes; c; c = c->next) { - const char *class_type; - char *v; - - switch (c->objectClassCategory) { - case 0: - /* - * NOTE: this is an type 88 class - * e.g. 2.5.6.6 NAME 'person' - * but w2k3 gives STRUCTURAL here! - */ - class_type = "STRUCTURAL"; - break; - case 1: - class_type = "STRUCTURAL"; - break; - case 2: - class_type = "ABSTRACT"; - break; - case 3: - class_type = "AUXILIARY"; - break; - default: - class_type = "UNKNOWN"; - break; - } - - v = talloc_asprintf(e, "( %s NAME '%s' SUB %s %s ", - c->governsID_oid, c->lDAPDisplayName, - c->subClassOf, class_type); - W_ERROR_HAVE_NO_MEMORY(v); - - v = dsdb_subSchema_list_append(v, "MUST"); - W_ERROR_HAVE_NO_MEMORY(v); - - v = dsdb_subSchema_list_append(v, "MAY"); - W_ERROR_HAVE_NO_MEMORY(v); - - v = talloc_asprintf_append(v, ")"); - W_ERROR_HAVE_NO_MEMORY(v); - - DEBUG(0,("%s\n", v)); - } - - return WERR_FOOBAR; -} - -WERROR dsdb_subSchema_dITContentRules(const struct dsdb_schema *schema, - TALLOC_CTX *mem_ctx) -{ - struct ldb_message_element *e; - struct dsdb_class *c; - - e = talloc_zero(mem_ctx, struct ldb_message_element); - W_ERROR_HAVE_NO_MEMORY(e); - - for (c = schema->classes; c; c = c->next) { - char *v; - - /* - * TODO: filter out classes without auxiliary classes - */ - - v = talloc_asprintf(e, "( %s NAME '%s' ", - c->governsID_oid, c->lDAPDisplayName); - W_ERROR_HAVE_NO_MEMORY(v); - - v = dsdb_subSchema_list_append(v, "AUX"); - W_ERROR_HAVE_NO_MEMORY(v); - - v = dsdb_subSchema_list_append(v, "MUST"); - W_ERROR_HAVE_NO_MEMORY(v); - - v = dsdb_subSchema_list_append(v, "MAY"); - W_ERROR_HAVE_NO_MEMORY(v); - - v = talloc_asprintf_append(v, ")"); - W_ERROR_HAVE_NO_MEMORY(v); - - DEBUG(0,("%s\n", v)); - } - - return WERR_FOOBAR; -} diff --git a/source4/dsdb/schema/schema_convert.c b/source4/dsdb/schema/schema_convert.c new file mode 100644 index 0000000000..673e7a3bae --- /dev/null +++ b/source4/dsdb/schema/schema_convert.c @@ -0,0 +1,160 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "dsdb/samdb/samdb.h" + +/* Shared map for converting syntax between formats */ +static const struct dsdb_syntax_map syntax_map[] = { + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.12", + .AD_OID = "2.5.5.1", + .equality = "distinguishedNameMatch", + .comment = "Object(DS-DN) == a DN" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.38", + .AD_OID = "2.5.5.2", + .equality = "objectIdentifierMatch", + .comment = "OID String" + }, + { + .Standard_OID = "1.2.840.113556.1.4.905", + .AD_OID = "2.5.5.4", + .equality = "caseIgnoreMatch", + .substring = "caseIgnoreSubstringsMatch", + .comment = "Case Insensitive String" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", + .AD_OID = "2.5.5.5", + .equality = "caseExactIA5Match", + .comment = "Printable String" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.36", + .AD_OID = "2.5.5.6", + .equality = "numericStringMatch", + .substring = "numericStringSubstringsMatch", + .comment = "Numeric String" + }, + { + .Standard_OID = "1.2.840.113556.1.4.903", + .AD_OID = "2.5.5.7", + .equality = "distinguishedNameMatch", + .comment = "OctetString: Binary+DN" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.7", + .AD_OID = "2.5.5.8", + .equality = "booleanMatch", + .comment = "Boolean" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.27", + .AD_OID = "2.5.5.9", + .equality = "integerMatch", + .comment = "Integer" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", + .AD_OID = "2.5.5.10", + .equality = "octetStringMatch", + .comment = "Octet String" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.24", + .AD_OID = "2.5.5.11", + .equality = "generalizedTimeMatch", + .comment = "Generalized Time" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.53", + .AD_OID = "2.5.5.11", + .equality = "generalizedTimeMatch", + .comment = "UTC Time" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.15", + .AD_OID = "2.5.5.12", + .equality = "caseIgnoreMatch", + .substring = "caseIgnoreSubstringsMatch", + .comment = "Directory String" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.43", + .AD_OID = "2.5.5.13", + .comment = "Presentation Address" + }, + { + .Standard_OID = "Not Found Yet", + .AD_OID = "2.5.5.14", + .equality = "distinguishedNameMatch", + .comment = "OctetString: String+DN" + }, + { + .Standard_OID = "1.2.840.113556.1.4.907", + .AD_OID = "2.5.5.15", + .equality = "octetStringMatch", + .comment = "NT Security Descriptor" + }, + { + .Standard_OID = "1.2.840.113556.1.4.906", + .AD_OID = "2.5.5.16", + .equality = "integerMatch", + .comment = "Large Integer" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", + .AD_OID = "2.5.5.17", + .equality = "octetStringMatch", + .comment = "Octet String - Security Identifier (SID)" + }, + { + .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", + .AD_OID = "2.5.5.5", + .equality = "caseExactIA5Match", + .comment = "IA5 String" + }, + { .Standard_OID = NULL + } +}; + + +const struct dsdb_syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid) +{ + int i; + for (i=0; syntax_map[i].Standard_OID; i++) { + if (strcasecmp(ad_oid, syntax_map[i].AD_OID) == 0) { + return &syntax_map[i]; + } + } + return NULL; +} + +const struct dsdb_syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid) +{ + int i; + for (i=0; syntax_map[i].Standard_OID; i++) { + if (strcasecmp(standard_oid, syntax_map[i].Standard_OID) == 0) { + return &syntax_map[i]; + } + } + return NULL; +} diff --git a/source4/dsdb/schema/schema_convert.h b/source4/dsdb/schema/schema_convert.h new file mode 100644 index 0000000000..de379343a6 --- /dev/null +++ b/source4/dsdb/schema/schema_convert.h @@ -0,0 +1,10 @@ +struct syntax_map { + const char *Standard_OID; + const char *AD_OID; + const char *equality; + const char *substring; + const char *comment; +}; + +const struct syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid); +const struct syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid); diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c new file mode 100644 index 0000000000..2f3acd1336 --- /dev/null +++ b/source4/dsdb/schema/schema_description.c @@ -0,0 +1,316 @@ +/* + Unix SMB/CIFS mplementation. + Print schema info into string format + + Copyright (C) Andrew Bartlett 2006-2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ +#include "includes.h" +#include "dsdb/samdb/samdb.h" + +#define IF_NULL_FAIL_RET(x) do { \ + if (!x) { \ + return NULL; \ + } \ + } while (0) + + +char *schema_attribute_description(TALLOC_CTX *mem_ctx, + enum dsdb_schema_convert_target target, + const char *seperator, + const char *oid, + const char *name, + const char *description, + const char *equality, + const char *substring, + const char *syntax, + bool single_value, bool operational) +{ + char *schema_entry = talloc_asprintf(mem_ctx, + "(%s%s%s", seperator, oid, seperator); + + schema_entry = talloc_asprintf_append(schema_entry, + "NAME '%s'%s", name, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (description) { +#if 0 + /* Need a way to escape ' characters from the description */ + schema_entry = talloc_asprintf_append(schema_entry, + "DESC '%s'%s", description, seperator); + IF_NULL_FAIL_RET(schema_entry); +#endif + } + + if (equality) { + schema_entry = talloc_asprintf_append(schema_entry, + "EQUALITY %s%s", equality, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + if (substring) { + schema_entry = talloc_asprintf_append(schema_entry, + "SUBSTR %s%s", substring, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + schema_entry = talloc_asprintf_append(schema_entry, + "SYNTAX %s%s", syntax, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (single_value) { + schema_entry = talloc_asprintf_append(schema_entry, + "SINGLE-VALUE%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (operational) { + schema_entry = talloc_asprintf_append(schema_entry, + "NO-USER-MODIFICATION%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + schema_entry = talloc_asprintf_append(schema_entry, + ")"); + return schema_entry; +} + +char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) +{ + char *schema_description; + const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid); + const char *syntax = map ? map->Standard_OID : attribute->attributeSyntax_oid; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NULL; + } + + + schema_description + = schema_attribute_description(mem_ctx, + TARGET_AD_SCHEMA_SUBENTRY, + " ", + attribute->attributeID_oid, + attribute->lDAPDisplayName, + NULL, NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), + attribute->isSingleValued, + attribute->systemOnly); + talloc_free(tmp_ctx); + return schema_description; +} + +#define APPEND_ATTRS(attributes) \ + do { \ + int k; \ + for (k=0; attributes && attributes[k]; k++) { \ + const char *attr_name = attributes[k]; \ + \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "%s ", \ + attr_name); \ + IF_NULL_FAIL_RET(schema_entry); \ + if (attributes[k+1]) { \ + IF_NULL_FAIL_RET(schema_entry); \ + if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "$%s ", seperator); \ + IF_NULL_FAIL_RET(schema_entry); \ + } else { \ + schema_entry = talloc_asprintf_append(schema_entry, \ + "$ "); \ + } \ + } \ + } \ + } while (0) + + +/* Print a schema class or dITContentRule as a string. + * + * To print a scheam class, specify objectClassCategory but not auxillary_classes + * To print a dITContentRule, specify auxillary_classes but set objectClassCategory == -1 + * + */ + +char *schema_class_description(TALLOC_CTX *mem_ctx, + enum dsdb_schema_convert_target target, + const char *seperator, + const char *oid, + const char *name, + const char **auxillary_classes, + const char *description, + const char *subClassOf, + int objectClassCategory, + char **must, + char **may) +{ + char *schema_entry = talloc_asprintf(mem_ctx, + "(%s%s%s", seperator, oid, seperator); + + IF_NULL_FAIL_RET(schema_entry); + + schema_entry = talloc_asprintf_append(schema_entry, + "NAME '%s'%s", name, seperator); + IF_NULL_FAIL_RET(schema_entry); + + if (description) { + schema_entry = talloc_asprintf_append(schema_entry, + "DESC '%s'%s", description, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (auxillary_classes) { + schema_entry = talloc_asprintf_append(schema_entry, + "AUX ( "); + IF_NULL_FAIL_RET(schema_entry); + + APPEND_ATTRS(auxillary_classes); + + schema_entry = talloc_asprintf_append(schema_entry, + ")%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (subClassOf) { + schema_entry = talloc_asprintf_append(schema_entry, + "SUP %s%s", subClassOf, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + switch (objectClassCategory) { + case -1: + break; + /* Dummy case for when used for printing ditContentRules */ + case 0: + /* + * NOTE: this is an type 88 class + * e.g. 2.5.6.6 NAME 'person' + * but w2k3 gives STRUCTURAL here! + */ + schema_entry = talloc_asprintf_append(schema_entry, + "STRUCTURAL%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + case 1: + schema_entry = talloc_asprintf_append(schema_entry, + "STRUCTURAL%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + case 2: + schema_entry = talloc_asprintf_append(schema_entry, + "ABSTRACT%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + case 3: + schema_entry = talloc_asprintf_append(schema_entry, + "AUXILIARY%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + break; + } + + if (must) { + schema_entry = talloc_asprintf_append(schema_entry, + "MUST ( "); + IF_NULL_FAIL_RET(schema_entry); + + APPEND_ATTRS(must); + + schema_entry = talloc_asprintf_append(schema_entry, + ")%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (may) { + schema_entry = talloc_asprintf_append(schema_entry, + "MAY ( "); + IF_NULL_FAIL_RET(schema_entry); + + APPEND_ATTRS(may); + + schema_entry = talloc_asprintf_append(schema_entry, + ")%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + schema_entry = talloc_asprintf_append(schema_entry, + ")"); + return schema_entry; +} + +char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class *class) +{ + char *schema_description; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NULL; + } + + schema_description + = schema_class_description(mem_ctx, + TARGET_AD_SCHEMA_SUBENTRY, + " ", + class->governsID_oid, + class->lDAPDisplayName, + NULL, + NULL, + class->subClassOf, + class->objectClassCategory, + dsdb_attribute_list(tmp_ctx, + class, DSDB_SCHEMA_ALL_MUST), + dsdb_attribute_list(tmp_ctx, + class, DSDB_SCHEMA_ALL_MAY)); + talloc_free(tmp_ctx); + return schema_description; +} +char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_class *class, + const struct dsdb_schema *schema) +{ + int i; + char *schema_description; + char **aux_class_list = NULL; + char **attrs; + char **must_attr_list = NULL; + char **may_attr_list = NULL; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + const struct dsdb_class *aux_class; + if (!tmp_ctx) { + return NULL; + } + + aux_class_list = merge_attr_list(tmp_ctx, aux_class_list, class->systemAuxiliaryClass); + aux_class_list = merge_attr_list(tmp_ctx, aux_class_list, class->auxiliaryClass); + + for (i=0; aux_class_list && aux_class_list[i]; i++) { + aux_class = dsdb_class_by_lDAPDisplayName(schema, aux_class_list[i]); + + attrs = dsdb_attribute_list(mem_ctx, aux_class, DSDB_SCHEMA_ALL_MUST); + must_attr_list = merge_attr_list(mem_ctx, must_attr_list, attrs); + + attrs = dsdb_attribute_list(mem_ctx, aux_class, DSDB_SCHEMA_ALL_MAY); + may_attr_list = merge_attr_list(mem_ctx, may_attr_list, attrs); + } + + schema_description + = schema_class_description(mem_ctx, + TARGET_AD_SCHEMA_SUBENTRY, + " ", + class->governsID_oid, + class->lDAPDisplayName, + (const char **)aux_class_list, + NULL, + class->subClassOf, + -1, must_attr_list, may_attr_list); + talloc_free(tmp_ctx); + return schema_description; +} diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 85fdbe9e87..65df25ca3f 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -1599,8 +1599,8 @@ WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *sche return WERR_OK; } -static char **merge_attr_list(TALLOC_CTX *mem_ctx, - char **attrs, const char **new_attrs) +char **merge_attr_list(TALLOC_CTX *mem_ctx, + char **attrs, const char **new_attrs) { char **ret_attrs; int i; @@ -1618,60 +1618,73 @@ static char **merge_attr_list(TALLOC_CTX *mem_ctx, new_len = orig_len + str_list_length(new_attrs); ret_attrs[new_len] = NULL; - } return ret_attrs; } -char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, - const struct dsdb_schema *schema, - const char **class_list, - enum dsdb_attr_list_query query) +/* + Return a merged list of the attributes of exactly one class (not + considering subclasses, auxillary classes etc) +*/ + +char **dsdb_attribute_list(TALLOC_CTX *mem_ctx, const struct dsdb_class *class, enum dsdb_attr_list_query query) +{ + char **attr_list = NULL; + switch (query) { + case DSDB_SCHEMA_ALL_MAY: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); + break; + + case DSDB_SCHEMA_ALL_MUST: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); + break; + + case DSDB_SCHEMA_SYS_MAY: + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); + break; + + case DSDB_SCHEMA_SYS_MUST: + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); + break; + + case DSDB_SCHEMA_MAY: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); + break; + + case DSDB_SCHEMA_MUST: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); + break; + + case DSDB_SCHEMA_ALL: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); + break; + } + return attr_list; +} + +static char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, + const struct dsdb_schema *schema, + const char **class_list, + enum dsdb_attr_list_query query) { int i; const struct dsdb_class *class; char **attr_list = NULL; + char **this_class_list; char **recursive_list; for (i=0; class_list && class_list[i]; i++) { class = dsdb_class_by_lDAPDisplayName(schema, class_list[i]); - switch (query) { - case DSDB_SCHEMA_ALL_MAY: - attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); - break; - - case DSDB_SCHEMA_ALL_MUST: - attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); - break; - - case DSDB_SCHEMA_SYS_MAY: - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); - break; - - case DSDB_SCHEMA_SYS_MUST: - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); - break; - - case DSDB_SCHEMA_MAY: - attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); - break; - - case DSDB_SCHEMA_MUST: - attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); - break; - - case DSDB_SCHEMA_ALL: - attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); - attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); - attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); - break; - } + this_class_list = dsdb_attribute_list(mem_ctx, class, query); + attr_list = merge_attr_list(mem_ctx, attr_list, (const char **)this_class_list); recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema, class->systemAuxiliaryClass, @@ -1682,7 +1695,7 @@ char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema, class->auxiliaryClass, query); - + attr_list = merge_attr_list(mem_ctx, attr_list, (const char **)recursive_list); } diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 042469602c..13d4adf6d4 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -970,6 +970,34 @@ class BaseDnTests(unittest.TestCase): attrs=["netlogon", "highestCommittedUSN"]) self.assertEquals(len(res), 0) +class SchemaTests(unittest.TestCase): + def find_schemadn(self, ldb): + res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"]) + self.assertEquals(len(res), 1) + return res[0]["schemaNamingContext"][0] + + def setUp(self): + self.ldb = ldb + self.schema_dn = self.find_schemadn(ldb) + + def test_generated_schema(self): + """Testing we can read the generated schema via LDAP""" + res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE, + attrs=["objectClasses", "attributeTypes", "dITContentRules"]) + self.assertEquals(len(res), 1) + self.assertTrue("dITContentRules" in res[0]) + self.assertTrue("objectClasses" in res[0]) + self.assertTrue("attributeTypes" in res[0]) + + def test_generated_schema_is_operational(self): + """Testing we don't get the generated schema via LDAP by default""" + res = self.ldb.search("cn=aggregate,"+self.schema_dn, scope=SCOPE_BASE, + attrs=["*"]) + self.assertEquals(len(res), 1) + self.assertFalse("dITContentRules" in res[0]) + self.assertFalse("objectClasses" in res[0]) + self.assertFalse("attributeTypes" in res[0]) + if not "://" in host: host = "ldap://%s" % host @@ -983,4 +1011,6 @@ if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful(): rc = 1 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful(): rc = 1 +if not runner.run(unittest.makeSuite(SchemaTests)).wasSuccessful(): + rc = 1 sys.exit(rc) diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e96cf5f5fc..40ef709ac3 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -10376,552 +10376,3 @@ defaultObjectCategory: CN=Group-Policy-Container,${SCHEMADN} dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema -objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) -objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) -objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) -objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.175 NAME 'infrastructureUpdate' SUP top STRUCTURAL MAY ( dNReferenceUpdate ) ) -objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL MUST ( cn ) MAY ( gPOptions $ gPLink ) ) -objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) ) -objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) ) -objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY ( ipsecOwnersReference $ ipsecName $ ipsecID $ ipsecDataType $ ipsecData ) ) -objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) -objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) -objectClasses: ( 1.2.840.113556.1.5.106 NAME 'queryPolicy' SUP top STRUCTURAL MAY ( lDAPIPDenyList $ lDAPAdminLimits ) ) -objectClasses: ( 1.2.840.113556.1.5.95 NAME 'subnetContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' SUP applicationSettings STRUCTURAL MAY ( serverReference $ msDS-RetiredReplNCSignatures $ retiredReplDSASignatures $ queryPolicyObject $ options $ networkAddress $ msDS-ReplicationEpoch $ msDS-HasInstantiatedNCs $ msDS-hasMasterNCs $ msDS-HasDomainNCs $ msDS-Behavior-Version $ managedBy $ lastBackupRestorationTime $ invocationId $ hasPartialReplicaNCs $ hasMasterNCs $ fRSRootPath $ dMDLocation ) ) -objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) -objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) -objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) -objectClasses: ( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY ( ipsecNegotiationPolicyReference $ ipsecFilterReference ) ) -objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) -objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) -objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) ) -objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY ( tombstoneLifetime $ sPNMappings $ replTopologyStayOfExecution $ msDS-Other-Settings $ garbageCollPeriod $ dSHeuristics ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) -objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) ) -objectClasses: ( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY ( ipsecNFAReference $ ipsecISAKMPReference ) ) -objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) ) -objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) ) -objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) -objectClasses: ( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY ( msDS-AzMinorVersion $ msDS-AzMajorVersion $ msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzScriptTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzDomainTimeout $ description ) ) -objectClasses: ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST ( sAMAccountName $ objectSid ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY ( notificationList $ msDS-Settings $ applicationName ) ) -objectClasses: ( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST ( subClassOf $ schemaIDGUID $ objectClassCategory $ governsID $ defaultObjectCategory $ cn ) MAY ( systemPossSuperiors $ systemOnly $ systemMustContain $ systemMayContain $ systemAuxiliaryClass $ schemaFlagsEx $ rDNAttID $ possSuperiors $ mustContain $ msDs-Schema-Extensions $ msDS-IntId $ mayContain $ lDAPDisplayName $ isDefunct $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ auxiliaryClass ) ) -objectClasses: ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY ( pager $ o $ mobile $ manager $ mail $ initials $ homePhone $ businessCategory $ userCertificate $ userWorkstations $ userSharedFolderOther $ userSharedFolder $ userPrincipalName $ userParameters $ userAccountControl $ unicodePwd $ terminalServer $ servicePrincipalName $ scriptPath $ pwdLastSet $ profilePath $ primaryGroupID $ preferredOU $ otherLoginWorkstations $ operatorCount $ ntPwdHistory $ networkAddress $ msRASSavedFramedRoute $ msRASSavedFramedIPAddress $ msRASSavedCallbackNumber $ msRADIUSServiceType $ msRADIUSFramedRoute $ msRADIUSFramedIPAddress $ msRADIUSCallbackNumber $ msNPSavedCallingStationID $ msNPCallingStationID $ msNPAllowDialin $ mSMQSignCertificatesMig $ mSMQSignCertificates $ mSMQDigestsMig $ mSMQDigests $ msIIS-FTPRoot $ msIIS-FTPDir $ msDS-User-Account-Control-Computed $ msDS-Site-Affinity $ mS-DS-CreatorSID $ msDS-Cached-Membership-Time-Stamp $ msDS-Cached-Membership $ msDRM-IdentityCertificate $ msCOM-UserPartitionSetLink $ maxStorage $ logonWorkstation $ logonHours $ logonCount $ lockoutTime $ localeID $ lmPwdHistory $ lastLogonTimestamp $ lastLogon $ lastLogoff $ homeDrive $ homeDirectory $ groupsToIgnore $ groupPriority $ groupMembershipSAM $ dynamicLDAPServer $ desktopProfile $ defaultClassStore $ dBCSPwd $ controlAccessRights $ codePage $ badPwdCount $ badPasswordTime $ adminCount $ aCSPolicyName $ accountExpires $ x500uniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ uid $ secretary $ roomNumber $ preferredLanguage $ photo $ labeledURI $ jpegPhoto $ homePostalAddress $ givenName $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ audio ) ) -objectClasses: ( 1.2.840.113556.1.3.9 NAME 'dMD' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaUpdate $ schemaInfo $ prefixMap $ msDs-Schema-Extensions $ msDS-IntId $ dmdName ) ) -objectClasses: ( 1.2.840.113556.1.5.20 NAME 'leaf' SUP top ABSTRACT ) -objectClasses: ( 1.2.840.113556.1.5.28 NAME 'secret' SUP leaf STRUCTURAL MAY ( priorValue $ priorSetTime $ lastSetTime $ currentValue ) ) -objectClasses: ( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY ( mailAddress $ serverReference $ serialNumber $ managedBy $ dNSHostName $ bridgeheadTransportList ) ) -objectClasses: ( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY ( objectClasses $ modifyTimeStamp $ extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes ) ) -objectClasses: ( 1.2.840.113556.1.5.34 NAME 'trustedDomain' SUP leaf STRUCTURAL MAY ( trustType $ trustPosixOffset $ trustPartner $ trustDirection $ trustAuthOutgoing $ trustAuthIncoming $ trustAttributes $ securityIdentifier $ msDS-TrustForestTrustInfo $ mS-DS-CreatorSID $ initialAuthOutgoing $ initialAuthIncoming $ flatName $ domainIdentifier $ domainCrossRef $ additionalTrustedServiceNames ) ) -objectClasses: ( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST ( dc ) ) -objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST ( objectSid ) MAY ( foreignIdentifier ) ) -objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) -objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) -objectClasses: ( 1.2.840.113556.1.5.157 NAME 'groupPolicyContainer' SUP container STRUCTURAL MAY ( versionNumber $ gPCWQLFilter $ gPCUserExtensionNames $ gPCMachineExtensionNames $ gPCFunctionalityVersion $ gPCFileSysPath $ flags ) ) -attributeTypes: ( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1720 NAME 'msDS-ReplicationEpoch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.202 NAME 'auditingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.646 NAME 'otherFacsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.256 NAME 'streetAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.121 NAME 'securityIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1307 NAME 'accountNameHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1707 NAME 'msDS-ReplAttributeMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.892 NAME 'gPOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1790 NAME 'msDS-PerUserTrustTombstonesQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.362 NAME 'siteGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1796 NAME 'msDS-AzScriptEngineCacheMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1303 NAME 'tokenGroupsNoGCAcceptable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1418 NAME 'tokenGroupsGlobalAndUniversal' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.470 NAME 'trustAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1702 NAME 'msDS-TrustForestTrustInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.168 NAME 'modifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) -attributeTypes: ( 2.5.4.15 NAME 'businessCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'middleName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.30 NAME 'attributeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1694 NAME 'gPCWQLFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.614 NAME 'adminContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.67 NAME 'lSAModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.66 NAME 'lSACreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.154 NAME 'serverState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.460 NAME 'lDAPDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1130 NAME 'msNPSavedCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.38 NAME 'flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.812 NAME 'createWizardExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.596 NAME 'msExchHouseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.647 NAME 'otherMobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.32 NAME 'attributeSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.149 NAME 'attributeSecurityGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.5 NAME 'serialNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1697 NAME 'msDS-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.141 NAME 'versionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1664 NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.810 NAME 'createDialog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.607 NAME 'queryPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.487 NAME 'fRSRootPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.11 NAME 'ou' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.2.617 NAME 'homePostalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.652 NAME 'assistant' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.361 NAME 'netbootMachineFilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.45 NAME 'x500uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.55 NAME 'dBCSPwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.781 NAME 'lastKnownParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.369 NAME 'fSMORoleOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.459 NAME 'networkAddress' SYNTAX '1.2.840.113556.1.4.905' ) -attributeTypes: ( 1.2.840.113556.1.2.471 NAME 'schemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.2.8 NAME 'possSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.224 NAME 'defaultSecurityDescriptor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.140 NAME 'userSMIMECertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.8 NAME 'userAccountControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.885 NAME 'terminalServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.159 NAME 'accountExpires' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.89 NAME 'nTGroupMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.749 NAME 'url' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.145 NAME 'revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.76 NAME 'objectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1705 NAME 'msDS-NCReplInboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1661 NAME 'msDS-NC-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1721 NAME 'msDS-UpdateScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.88 NAME 'nextRid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.24 NAME 'x121Address' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) -attributeTypes: ( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.136 NAME 'trustType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.231 NAME 'oMSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1621 NAME 'msDS-Other-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.71 NAME 'machineRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1795 NAME 'msDS-AzDomainTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.133 NAME 'trustPartner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1799 NAME 'msDS-AzScopeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.844 NAME 'lDAPIPDenyList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1305 NAME 'moveTreeState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.49 NAME 'badPasswordTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.151 NAME 'oEMInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.42 NAME 'givenName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1347 NAME 'sPNMappings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.364 NAME 'operatingSystemVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.303 NAME 'notificationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1301 NAME 'tokenGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.97 NAME 'preferredOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1793 NAME 'msDS-NonMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.6 NAME 'c' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.25 NAME 'countryCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.889 NAME 'additionalTrustedServiceNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1798 NAME 'msDS-AzApplicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.890 NAME 'uPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1788 NAME 'msDS-PerUserTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1411 NAME 'ms-DS-MachineAccountQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.157 NAME 'serverRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.34 NAME 'rangeLower' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.415 NAME 'operatingSystemHotfix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1797 NAME 'msDS-AzScriptTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.24 NAME 'mustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 2.5.4.36 NAME 'userCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1124 NAME 'msNPCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1460 NAME 'msDS-User-Account-Control-Computed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.44 NAME 'homeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1792 NAME 'msDS-AzLDAPQuery' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.868 NAME 'isCriticalSystemObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.891 NAME 'gPLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1354 NAME 'scopeFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.60 NAME 'lockoutDuration' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1426 NAME 'msCOM-UserPartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'thumbnailLogo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'thumbnailPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.222 NAME 'location' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.86 NAME 'userWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.65 NAME 'logonWorkstation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1696 NAME 'lastLogonTimestamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.100 NAME 'priorValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.53 NAME 'lastSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.653 NAME 'managedBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.93 NAME 'pwdProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.13 NAME 'builtinCreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.146 NAME 'company' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.675 NAME 'catalogs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.783 NAME 'defaultObjectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1158 NAME 'msRADIUSFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.99 NAME 'priorSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.645 NAME 'userCert' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.530 NAME 'nonSecurityMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 2.5.4.31 NAME 'member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.152 NAME 'groupAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1708 NAME 'msDS-ReplValueMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1805 NAME 'msDS-AzGenerateAudits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1817 NAME 'msDS-AzApplicationVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.219 NAME 'iconPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.9 NAME 'street' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1784 NAME 'msDS-LogonTimeSyncInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.301 NAME 'garbageCollPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.967 NAME 'mSMQSignCertificatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1442 NAME 'msDS-Cached-Membership-Time-Stamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.129 NAME 'trustAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1687 NAME 'extraColumns' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1690 NAME 'adminMultiselectPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.307 NAME 'options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.61 NAME 'lockOutObservationWindow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.57 NAME 'defaultLocalPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.26 NAME 'creationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.16 NAME 'postalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.43 NAME 'initials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.33 NAME 'isSingleValued' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1240 NAME 'netbootSIFFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.2.610 NAME 'employeeNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1349 NAME 'gPCUserExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.50 NAME 'linkID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.4 NAME 'sn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.893 NAME 'gPCFunctionalityVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.74 NAME 'dSASignature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.357 NAME 'nTMixedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.79 NAME 'minPwdLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.32 NAME 'domainPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.507 NAME 'volumeCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1171 NAME 'msRADIUSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.52 NAME 'lastLogon' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.344 NAME 'groupsToIgnore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.13 NAME 'displayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.226 NAME 'adminDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1719 NAME 'msDS-DnsRootAlias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.498 NAME 'creationWizard' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.200 NAME 'controlAccessRights' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.155 NAME 'uASCompat' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.12 NAME 'title' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.118 NAME 'otherPager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.261 NAME 'division' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.35 NAME 'rangeUpper' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.218 NAME 'oMObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.49 NAME 'mAPIID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.518 NAME 'defaultHidingValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.150 NAME 'adminCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'schemaUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.132 NAME 'trustDirection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.557 NAME 'Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.268 NAME 'eFSPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.14 NAME 'builtinModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.18 NAME 'otherTelephone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.649 NAME 'primaryInternationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.35 NAME 'employeeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.54 NAME 'tombstoneLifetime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.365 NAME 'operatingSystemServicePack' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.358 NAME 'netbootInitialization' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.771 NAME 'servicePrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.91 NAME 'otherLoginWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1786 NAME 'msIIS-FTPDir' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1443 NAME 'msDS-Site-Affinity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.76 NAME 'maxStorage' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.281 NAME 'nTSecurityDescriptor' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1816 NAME 'msDS-AzClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.370 NAME 'rIDAvailablePool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.563 NAME 'shellPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1715 NAME 'msDS-SPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.101 NAME 'privateKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.334 NAME 'searchFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.120 NAME 'schemaFlagsEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1212 NAME 'isEphemeral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.511 NAME 'flatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.169 NAME 'showInAdvancedViewOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.95 NAME 'pwdHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.865 NAME 'pekList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.17 NAME 'postalCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1241 NAME 'netbootMirrorDataFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.213 NAME 'defaultClassStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.953 NAME 'mSMQSiteID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.721 NAME 'ipPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.277 NAME 'otherHomePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.10 NAME 'o' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.380 NAME 'extendedCharsAllowed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.363 NAME 'operatingSystem' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1840 NAME 'msDS-ObjectReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1308 NAME 'mSMQInterval1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.153 NAME 'rid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.139 NAME 'profilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1145 NAME 'msRADIUSCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.772 NAME 'aCSPolicyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.81 NAME 'info' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1309 NAME 'mSMQInterval2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.609 NAME 'sIDHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.90 NAME 'unicodePwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1190 NAME 'msRASSavedFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1843 NAME 'msDRM-IdentityCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.51 NAME 'lastLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.598 NAME 'dmdName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.593 NAME 'msExchLabeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.131 NAME 'co' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.648 NAME 'primaryTelexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.514 NAME 'physicalLocationObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1824 NAME 'msDS-AzMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1348 NAME 'gPCMachineExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.356 NAME 'foreignIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) -attributeTypes: ( 1.2.840.113556.1.4.1704 NAME 'msDS-NCReplCursors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1710 NAME 'msDS-AllowedDNSSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.87 NAME 'nETBIOSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1355 NAME 'queryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.961 NAME 'mSMQSiteForeign' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) -attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.62 NAME 'scriptPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.948 NAME 'mSMQDigests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1441 NAME 'msDS-Cached-Membership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.64 NAME 'logonHours' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.894 NAME 'gPCFileSysPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -dITContentRules: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( samDomain ) MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) -dITContentRules: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -dITContentRules: ( 1.2.840.113556.1.5.3 NAME 'samDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -dITContentRules: ( 1.2.840.113556.1.5.9 NAME 'user' AUX ( securityPrincipal $ mailRecipient ) MUST ( sAMAccountName $ objectSid $ cn ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -dITContentRules: ( 1.2.840.113556.1.5.8 NAME 'group' AUX ( mailRecipient $ securityPrincipal ) MUST ( cn $ sAMAccountName $ objectSid $ cn ) MAY ( userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index 1e6348bc1a..ea5b813e8a 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -35,7 +35,6 @@ #include "ldb_includes.h" #include "system/locale.h" #include "lib/ldb/tools/cmdline.h" -#include "utils/schema_convert.h" #include "param/param.h" #include "lib/cmdline/popt_common.h" #include "dsdb/samdb/samdb.h" @@ -45,11 +44,6 @@ struct schema_conv { int skipped; int failures; }; - -enum convert_target { - TARGET_OPENLDAP, - TARGET_FEDORA_DS -}; static void usage(void) @@ -122,179 +116,7 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct } -#define IF_NULL_FAIL_RET(x) do { \ - if (!x) { \ - return NULL; \ - } \ - } while (0) - - -static char *schema_attribute_description(TALLOC_CTX *mem_ctx, - enum convert_target target, - const char *seperator, - const char *oid, - const char *name, - const char *description, - struct syntax_map *map, - const char *syntax, - bool single_value, bool operational) -{ - char *schema_entry = talloc_asprintf(mem_ctx, - "(%s%s%s", seperator, oid, seperator); - - schema_entry = talloc_asprintf_append(schema_entry, - "NAME '%s'%s", name, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (description) { -#if 0 - /* Need a way to escape ' characters from the description */ - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); -#endif - } - - if (map) { - if (map->equality) { - schema_entry = talloc_asprintf_append(schema_entry, - "EQUALITY %s%s", map->equality, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - if (map->substring) { - schema_entry = talloc_asprintf_append(schema_entry, - "SUBSTR %s%s", map->substring, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - syntax = map->Standard_OID; - } - - schema_entry = talloc_asprintf_append(schema_entry, - "SYNTAX %s%s", syntax, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (single_value) { - schema_entry = talloc_asprintf_append(schema_entry, - "SINGLE-VALUE%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - if (operational) { - schema_entry = talloc_asprintf_append(schema_entry, - "NO-USER-MODIFICATION%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - schema_entry = talloc_asprintf_append(schema_entry, - ")"); - return schema_entry; -} - -static char *schema_class_description(TALLOC_CTX *mem_ctx, - enum convert_target target, - const char *seperator, - const char *oid, - const char *name, - const char *description, - const char *subClassOf, - int objectClassCategory, - char **must, - char **may) -{ - char *schema_entry = talloc_asprintf(mem_ctx, - "(%s%s%s", seperator, oid, seperator); - - IF_NULL_FAIL_RET(schema_entry); - - schema_entry = talloc_asprintf_append(schema_entry, - "NAME '%s'%s", name, seperator); - IF_NULL_FAIL_RET(schema_entry); - - if (description) { - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - if (subClassOf) { - schema_entry = talloc_asprintf_append(schema_entry, - "SUP %s%s", subClassOf, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - switch (objectClassCategory) { - case 1: - schema_entry = talloc_asprintf_append(schema_entry, - "STRUCTURAL%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - case 2: - schema_entry = talloc_asprintf_append(schema_entry, - "ABSTRACT%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - case 3: - schema_entry = talloc_asprintf_append(schema_entry, - "AUXILIARY%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - break; - } - -#define APPEND_ATTRS(attributes) \ - do { \ - int k; \ - for (k=0; attributes && attributes[k]; k++) { \ - const char *attr_name = attributes[k]; \ - \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "%s ", \ - attr_name); \ - IF_NULL_FAIL_RET(schema_entry); \ - if (attributes[k+1]) { \ - IF_NULL_FAIL_RET(schema_entry); \ - if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "$%s ", seperator); \ - IF_NULL_FAIL_RET(schema_entry); \ - } else { \ - schema_entry = talloc_asprintf_append(schema_entry, \ - "$ "); \ - } \ - } \ - } \ - } while (0) - - if (must) { - schema_entry = talloc_asprintf_append(schema_entry, - "MUST ( "); - IF_NULL_FAIL_RET(schema_entry); - - APPEND_ATTRS(must); - - schema_entry = talloc_asprintf_append(schema_entry, - ")%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - if (may) { - schema_entry = talloc_asprintf_append(schema_entry, - "MAY ( "); - IF_NULL_FAIL_RET(schema_entry); - - APPEND_ATTRS(may); - - schema_entry = talloc_asprintf_append(schema_entry, - ")%s", seperator); - IF_NULL_FAIL_RET(schema_entry); - } - - schema_entry = talloc_asprintf_append(schema_entry, - ")"); - return schema_entry; -} - -static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_target target, FILE *in, FILE *out) +static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_schema_convert_target target, FILE *in, FILE *out) { /* Read list of attributes to skip, OIDs to map */ TALLOC_CTX *mem_ctx = talloc_new(ldb); @@ -404,10 +226,10 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ const char *description = attribute->adminDescription; const char *oid = attribute->attributeID_oid; const char *syntax = attribute->attributeSyntax_oid; + const char *equality = NULL, *substring = NULL; bool single_value = attribute->isSingleValued; - const struct syntax_map *const_map = find_syntax_map_by_ad_oid(syntax); - struct syntax_map map, *map_p = NULL; + const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(syntax); char *schema_entry = NULL; int j; @@ -425,20 +247,21 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } - if (const_map) { - map = *const_map; - + if (map) { /* We might have been asked to remap this oid, * due to a conflict, or lack of * implementation */ - for (j=0; map.Standard_OID && oid_map && oid_map[j].old_oid; j++) { - if (strcasecmp(map.Standard_OID, oid_map[j].old_oid) == 0) { - map.Standard_OID = oid_map[j].new_oid; + syntax = map->Standard_OID; + /* We might have been asked to remap this oid, due to a conflict */ + for (j=0; syntax && oid_map && oid_map[j].old_oid; j++) { + if (strcasecmp(syntax, oid_map[j].old_oid) == 0) { + syntax = oid_map[j].new_oid; break; } } - - map_p = ↦ + + equality = map->equality; + substring = map->substring; } /* We might have been asked to remap this name, due to a conflict */ @@ -449,7 +272,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } } - schema_entry = schema_attribute_description(mem_ctx, target, seperator, oid, name, description, map_p, syntax, single_value, false); + schema_entry = schema_attribute_description(mem_ctx, target, seperator, oid, name, description, equality, substring, syntax, single_value, false); if (schema_entry == NULL) { ret.failures++; @@ -534,6 +357,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ seperator, oid, name, + NULL, description, subClassOf, objectClassCategory, @@ -567,7 +391,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ struct ldb_context *ldb; struct schema_conv ret; const char *target_str; - enum convert_target target; + enum dsdb_schema_convert_target target; ctx = talloc_new(NULL); ldb = ldb_init(ctx, NULL); diff --git a/source4/utils/config.mk b/source4/utils/config.mk index 61565807d2..37a19077f1 100644 --- a/source4/utils/config.mk +++ b/source4/utils/config.mk @@ -100,12 +100,12 @@ testparm_OBJ_FILES = $(utilssrcdir)/testparm.o [BINARY::oLschema2ldif] INSTALLDIR = BINDIR PRIVATE_DEPENDENCIES = \ - LIBLDB_CMDLINE + LIBLDB_CMDLINE SAMDB # End BINARY oLschema2ldif ################################################ -oLschema2ldif_OBJ_FILES = $(addprefix $(utilssrcdir)/, schema_convert.o oLschema2ldif.o) +oLschema2ldif_OBJ_FILES = $(addprefix $(utilssrcdir)/, oLschema2ldif.o) MANPAGES += $(utilssrcdir)/man/oLschema2ldif.1 @@ -118,7 +118,7 @@ PRIVATE_DEPENDENCIES = \ # End BINARY ad2oLschema ################################################ -ad2oLschema_OBJ_FILES = $(addprefix $(utilssrcdir)/, schema_convert.o ad2oLschema.o) +ad2oLschema_OBJ_FILES = $(addprefix $(utilssrcdir)/, ad2oLschema.o) MANPAGES += $(utilssrcdir)/man/ad2oLschema.1 diff --git a/source4/utils/schema_convert.c b/source4/utils/schema_convert.c deleted file mode 100644 index a5d38451d4..0000000000 --- a/source4/utils/schema_convert.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - ldb database library - - Copyright (C) Simo Sorce 2005 - - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see . -*/ - -#include "schema_convert.h" -#include "ldb_includes.h" - -/* Shared map for converting syntax between formats */ -static const struct syntax_map syntax_map[] = { - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.12", - .AD_OID = "2.5.5.1", - .equality = "distinguishedNameMatch", - .comment = "Object(DS-DN) == a DN" - }, -#if 0 - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.38", - .AD_OID = "2.5.5.2", - .equality = "objectIdentifierMatch", - .comment = "OID String" - }, -#else - { - .Standard_OID = "1.2.840.113556.1.4.905", - .AD_OID = "2.5.5.2", - .equality = "caseIgnoreMatch", - .comment = "OID as a Case Insensitive String" - }, -#endif - { - .Standard_OID = "1.2.840.113556.1.4.905", - .AD_OID = "2.5.5.4", - .equality = "caseIgnoreMatch", - .substring = "caseIgnoreSubstringsMatch", - .comment = "Case Insensitive String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", - .AD_OID = "2.5.5.5", - .equality = "caseExactIA5Match", - .comment = "Printable String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.36", - .AD_OID = "2.5.5.6", - .equality = "numericStringMatch", - .substring = "numericStringSubstringsMatch", - .comment = "Numeric String" - }, - { - .Standard_OID = "1.2.840.113556.1.4.903", - .AD_OID = "2.5.5.7", - .equality = "distinguishedNameMatch", - .comment = "OctetString: Binary+DN" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.7", - .AD_OID = "2.5.5.8", - .equality = "booleanMatch", - .comment = "Boolean" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.27", - .AD_OID = "2.5.5.9", - .equality = "integerMatch", - .comment = "Integer" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", - .AD_OID = "2.5.5.10", - .equality = "octetStringMatch", - .comment = "Octet String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.24", - .AD_OID = "2.5.5.11", - .equality = "generalizedTimeMatch", - .comment = "Generalized Time" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.53", - .AD_OID = "2.5.5.11", - .equality = "generalizedTimeMatch", - .comment = "UTC Time" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.15", - .AD_OID = "2.5.5.12", - .equality = "caseIgnoreMatch", - .substring = "caseIgnoreSubstringsMatch", - .comment = "Directory String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.43", - .AD_OID = "2.5.5.13", - .comment = "Presentation Address" - }, - { - .Standard_OID = "Not Found Yet", - .AD_OID = "2.5.5.14", - .equality = "distinguishedNameMatch", - .comment = "OctetString: String+DN" - }, - { - .Standard_OID = "1.2.840.113556.1.4.907", - .AD_OID = "2.5.5.15", - .equality = "octetStringMatch", - .comment = "NT Security Descriptor" - }, - { - .Standard_OID = "1.2.840.113556.1.4.906", - .AD_OID = "2.5.5.16", - .equality = "integerMatch", - .comment = "Large Integer" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", - .AD_OID = "2.5.5.17", - .equality = "octetStringMatch", - .comment = "Octet String - Security Identifier (SID)" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", - .AD_OID = "2.5.5.5", - .equality = "caseExactIA5Match", - .comment = "IA5 String" - }, - { .Standard_OID = NULL - } -}; - - -const struct syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid) -{ - int i; - for (i=0; syntax_map[i].Standard_OID; i++) { - if (strcasecmp(ad_oid, syntax_map[i].AD_OID) == 0) { - return &syntax_map[i]; - } - } - return NULL; -} - -const struct syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid) -{ - int i; - for (i=0; syntax_map[i].Standard_OID; i++) { - if (strcasecmp(standard_oid, syntax_map[i].Standard_OID) == 0) { - return &syntax_map[i]; - } - } - return NULL; -} diff --git a/source4/utils/schema_convert.h b/source4/utils/schema_convert.h deleted file mode 100644 index de379343a6..0000000000 --- a/source4/utils/schema_convert.h +++ /dev/null @@ -1,10 +0,0 @@ -struct syntax_map { - const char *Standard_OID; - const char *AD_OID; - const char *equality; - const char *substring; - const char *comment; -}; - -const struct syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid); -const struct syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid); diff --git a/testprogs/ejs/minschema.js b/testprogs/ejs/minschema.js index 5f873dd6c4..f088501c1d 100755 --- a/testprogs/ejs/minschema.js +++ b/testprogs/ejs/minschema.js @@ -14,9 +14,7 @@ var options = GetOptions(ARGV, "POPT_COMMON_CREDENTIALS", "verbose", "classes", - "attributes", - "subschema", - "subschema-auto"); + "attributes"); if (options == undefined) { println("Failed to parse options"); return -1; @@ -25,8 +23,6 @@ verbose = options["verbose"]; dump_all = "yes"; dump_classes = options["classes"]; dump_attributes = options["attributes"]; -dump_subschema = options["subschema"]; -dump_subschema_auto = options["subschema-auto"]; if (dump_classes != undefined) { dump_all = undefined; @@ -34,18 +30,9 @@ if (dump_classes != undefined) { if (dump_attributes != undefined) { dump_all = undefined; } -if (dump_subschema != undefined) { - dump_all = undefined; -} -if (dump_subschema_auto != undefined) { - dump_all = undefined; - dump_subschema = "yes"; -} if (dump_all != undefined) { dump_classes = "yes"; dump_attributes = "yes"; - dump_subschema = "yes"; - dump_subschema_auto = "yes"; } if (options.ARGV.length != 2) { @@ -697,28 +684,6 @@ function write_aggregate_attribute(attrib) { } -/* - write the aggregate record -*/ -function write_aggregate() { - printf("dn: CN=Aggregate,${SCHEMADN}\n"); - print("objectClass: top -objectClass: subSchema -"); - if (dump_subschema_auto == undefined) { - return; - } - - for (i in objectclasses) { - write_aggregate_objectclass(objectclasses[i]); - } - for (i in attributes) { - write_aggregate_attribute(attributes[i]); - } - for (i in objectclasses) { - write_aggregate_ditcontentrule(objectclasses[i]); - } -} /* load a list from a file @@ -813,10 +778,6 @@ if (dump_attributes != undefined) { if (dump_classes != undefined) { write_ldif(objectclasses, class_attrs); } -if (dump_subschema != undefined) { - write_aggregate(); -} - if (verbose == undefined) { exit(0); } -- cgit From 76bcaa10ac7464933b632e8b04715a87d6ecc50b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 21:20:05 +1000 Subject: Fix the build, after the ad2oLschema changes. (This used to be commit 7361821b21ef78c564c41466783048606a0b6e98) --- source4/utils/oLschema2ldif.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c index b501b75529..d045b084b5 100644 --- a/source4/utils/oLschema2ldif.c +++ b/source4/utils/oLschema2ldif.c @@ -31,9 +31,10 @@ * Author: Simo Sorce */ +#include "includes.h" #include "ldb_includes.h" #include "tools/cmdline.h" -#include "utils/schema_convert.h" +#include "dsdb/samdb/samdb.h" #define SCHEMA_UNKNOWN 0 #define SCHEMA_NAME 1 @@ -432,7 +433,7 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry) case SCHEMA_SYNTAX: { - const struct syntax_map *map = + const struct dsdb_syntax_map *map = find_syntax_map_by_standard_oid(token->value); if (!map) { break; -- cgit From 44b6ffae0b489cecf7c70adaf93a9bd77b386993 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:23:47 +0200 Subject: configure: remove duplicate definition of --with-winbindd-socket-dir. I think this should have gone with fa361354433fb9a5c09c84997a7c51f3052c294e. Michael (This used to be commit 91fcaac68b215461a13c1b517f6cede29af5e55c) --- source4/build/m4/check_path.m4 | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index a209a4b85a..dc1e849a43 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -86,22 +86,6 @@ AC_ARG_WITH(winbindd-privileged-socket-dir, ;; esac]) -################################################# -# set where the winbindd privilaged socket should be put -AC_ARG_WITH(winbindd-socket-dir, -[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)], -[ case "$withval" in - yes|no) - # - # Just in case anybody calls it without argument - # - AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default]) - ;; - * ) - winbindd_socket_dir="$withval" - ;; - esac]) - ################################################# # set where the NTP signing deamon socket should be put AC_ARG_WITH(ntp-signd-socket-dir, -- cgit From df4e1ad130da96db641eed9ac5841cf8e6b57130 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:07:54 +0200 Subject: configure: format help string for --with-fhs with AS_HELP_STRING(). Michael (This used to be commit 837d0b3eb213ce6d0ce5345308d1b42ae2b08d67) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index dc1e849a43..74b510fa31 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -24,7 +24,7 @@ winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" AC_ARG_WITH(fhs, -[ --with-fhs Use FHS-compliant paths (default=no)], +[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])], lockdir="${localstatedir}/lib/samba" piddir="${localstatedir}/run/samba" logfilebase="${localstatedir}/log/samba" -- cgit From 7b3bb570518a2c618556815e5fea15866d8917f5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:13:34 +0200 Subject: configure: use AS_HELP_STRING for --with-privatedir Michael (This used to be commit eafde5bee0a68fd4cf61ae64dfb24e4deb16b95a) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 74b510fa31..959020116f 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -41,7 +41,7 @@ AC_ARG_WITH(fhs, ################################################# # set private directory location AC_ARG_WITH(privatedir, -[ --with-privatedir=DIR Where to put sam.ldb and other private files containing key material ($ac_default_prefix/private)], +[AS_HELP_STRING([--with-privatedir=DIR],[Where to put sam.ldb and other private files containing key material ($ac_default_prefix/private)])], [ case "$withval" in yes|no) # -- cgit From cc7d7ba95b870a5e94da718870aaedd88a567fa7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:25:09 +0200 Subject: configure: use AS_HELP_STRING for --with-winbindd-socket-dir . Michael (This used to be commit 1304eda283b29fff8960633b1329c0a1611e1ca3) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 959020116f..6a4363f4b2 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -57,7 +57,7 @@ AC_ARG_WITH(privatedir, ################################################# # set where the winbindd socket should be put AC_ARG_WITH(winbindd-socket-dir, -[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($winbindd_socket_dir)], +[AS_HELP_STRING([--with-winbindd-socket-dir=DIR],[Where to put the winbindd socket ($winbindd_socket_dir)])], [ case "$withval" in yes|no) # -- cgit From d143e5fcab521c5e236a158aa5388b3984877b06 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:25:42 +0200 Subject: configure: use AS_HELP_STRING for --with-winbindd-privileged-socket-dir. Michael (This used to be commit 3bf8116531d4eb0cc25bc7bac70ae3c77642a5a3) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 6a4363f4b2..4771225d95 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -73,7 +73,7 @@ AC_ARG_WITH(winbindd-socket-dir, ################################################# # set where the winbindd privilaged socket should be put AC_ARG_WITH(winbindd-privileged-socket-dir, -[ --with-winbindd-privileged-socket-dir=DIR Where to put the winbindd socket ($winbindd_privileged_socket_dir)], +[AS_HELP_STRING([--with-winbindd-privileged-socket-dir=DIR],[Where to put the winbindd socket ($winbindd_privileged_socket_dir)])], [ case "$withval" in yes|no) # -- cgit From 76c96ad6d7c48bf7250963f0c304860392c3d1bb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:27:15 +0200 Subject: configure: use AS_HELP_STRING for --ntp-signd-socket-dir. Michael (This used to be commit dd07dcbc916236d80d9a7087860a6f504bbb09e8) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 4771225d95..3f7c9bd9f0 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -89,7 +89,7 @@ AC_ARG_WITH(winbindd-privileged-socket-dir, ################################################# # set where the NTP signing deamon socket should be put AC_ARG_WITH(ntp-signd-socket-dir, -[ --with-ntp-signd-socket-dir=DIR Where to put the NTP signing deamon socket ($ac_default_prefix/run/ntp_signd)], +[AS_HELP_STRING([--with-ntp-signd-socket-dir=DIR],[Where to put the NTP signing deamon socket ($ac_default_prefix/run/ntp_signd)])], [ case "$withval" in yes|no) # -- cgit From 3ebf7f0427ba4daa2c12c18f6cfbb977d46fad35 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:28:36 +0200 Subject: configure: use AS_HELP_STRING for --with-lockdir. Michael (This used to be commit ed4a6e780a3f57854338520e4608cfc8dce4ef3e) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 3f7c9bd9f0..0bd7a9f18d 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -105,7 +105,7 @@ AC_ARG_WITH(ntp-signd-socket-dir, ################################################# # set lock directory location AC_ARG_WITH(lockdir, -[ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)], +[AS_HELP_STRING([--with-lockdir=DIR],[Where to put lock files ($ac_default_prefix/var/locks)])], [ case "$withval" in yes|no) # -- cgit From 42104c3d1193f6f4b358c89a47c776d5a3c9b49e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:30:02 +0200 Subject: configure: use AS_HELP_STRING for --with-piddir Michael (This used to be commit f05a9fe46ff428e48be9a5af4a6769cd78712c11) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 0bd7a9f18d..efac873bd3 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -121,7 +121,7 @@ AC_ARG_WITH(lockdir, ################################################# # set pid directory location AC_ARG_WITH(piddir, -[ --with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks)], +[AS_HELP_STRING([--with-piddir=DIR],[Where to put pid files ($ac_default_prefix/var/locks)])], [ case "$withval" in yes|no) # -- cgit From 56bf6489a63050fc8d3eda8a92487896471026eb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:31:23 +0200 Subject: configure: use AS_HELP_STRING for --with-logfilebase. Michael (This used to be commit f9c15b817a24bed26a339479c53fc2f5cc5b36df) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index efac873bd3..52f88f184f 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -137,7 +137,7 @@ AC_ARG_WITH(piddir, ################################################# # set log directory location AC_ARG_WITH(logfilebase, -[ --with-logfilebase=DIR Where to put log files (\$(VARDIR))], +[AS_HELP_STRING([--with-logfilebase=DIR],[Where to put log files (\$(VARDIR))])], [ case "$withval" in yes|no) # -- cgit From 37b6e7886b47578bf55c894dc88b7929ef1f5b96 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:33:04 +0200 Subject: configure: use AS_HELP_STRING for --with-selftest-prefix. Michael (This used to be commit eea4f597acf743fa783be3e5809e24aebc79f238) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 52f88f184f..e03f13391c 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -170,7 +170,7 @@ AC_SUBST(modulesdir) selftest_prefix="./st" AC_SUBST(selftest_prefix) AC_ARG_WITH(selftest-prefix, -[ --with-selftest-prefix=DIR The prefix where make test will be run ($selftest_prefix)], +[AS_HELP_STRING([--with-selftest-prefix=DIR],[The prefix where make test will be run ($selftest_prefix)])], [ case "$withval" in yes|no) AC_MSG_WARN([--with-selftest-prefix called without argument - will use default]) -- cgit From 982aa673e24fc54727370de59d82644f2b3f1e59 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:34:43 +0200 Subject: configure: use AS_HELP_STRING for --enable-debug. Michael (This used to be commit 1f4bf8fbd5bfc9c58bb5668fe25586766605b268) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index e03f13391c..f0f9581371 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -182,7 +182,7 @@ AC_ARG_WITH(selftest-prefix, debug=no AC_ARG_ENABLE(debug, -[ --enable-debug Turn on compiler debugging information (default=no)], +[AS_HELP_STRING([--enable-debug],[Turn on compiler debugging information (default=no)])], [if test x$enable_debug = xyes; then debug=yes fi]) -- cgit From a903c39d2b5c89b243462fc02cb5b1ca077c6b38 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:35:52 +0200 Subject: configure: use AS_HELP_STRING for --enable-developer Michael (This used to be commit b10d4723891c39693100bfaaf1ac29adce9f7a86) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index f0f9581371..dd12e210d1 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -190,7 +190,7 @@ AC_ARG_ENABLE(debug, developer=no AC_SUBST(developer) AC_ARG_ENABLE(developer, -[ --enable-developer Turn on developer warnings and debugging (default=no)], +[AS_HELP_STRING([--enable-developer],[Turn on developer warnings and debugging (default=no)])], [if test x$enable_developer = xyes; then debug=yes developer=yes -- cgit From 613b8d398ed73be958e90a1d4c2b728d2139b3fb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 16 Aug 2008 00:37:26 +0200 Subject: configure: use AS_HELP_STRING for --with-disable-ext-lib Michael (This used to be commit 88cf5d8b708d6247772b33128f0e212a4c2e9ba8) --- source4/build/m4/check_path.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index dd12e210d1..c45a803633 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -198,7 +198,7 @@ AC_ARG_ENABLE(developer, dnl disable these external libs AC_ARG_WITH(disable-ext-lib, -[ --with-disable-ext-lib=LIB Comma-seperated list of external libraries], +[AS_HELP_STRING([--with-disable-ext-lib=LIB],[Comma-seperated list of external libraries])], [ if test $withval; then for i in `echo $withval | sed -e's/,/ /g'` do -- cgit From 46c94dd8b28cbb6fca28f4884b65be034e135fbb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 10:16:45 +1000 Subject: Merge the two attribute syntax tables. This merges the table once found in the oLschema2ldif tool (and moved many times) with the table used for DRSUAPI. The OpenLDAP schema map has been updated, to ensure that despite a number of attributes being declared as OIDs, they are actually used as strings (as they are actually LDAP class/attribute names). Andrew Bartlett (This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108) --- source4/dsdb/config.mk | 3 +- source4/dsdb/schema/schema.h | 11 +-- source4/dsdb/schema/schema_convert.c | 160 ------------------------------- source4/dsdb/schema/schema_convert.h | 10 -- source4/dsdb/schema/schema_description.c | 4 +- source4/dsdb/schema/schema_syntax.c | 70 +++++++++++++- source4/setup/schema-map-openldap-2.3 | 3 + source4/utils/ad2oLschema.c | 4 +- source4/utils/oLschema2ldif.c | 4 +- 9 files changed, 82 insertions(+), 187 deletions(-) delete mode 100644 source4/dsdb/schema/schema_convert.c delete mode 100644 source4/dsdb/schema/schema_convert.h diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index d430c3f957..ae35078537 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -35,8 +35,7 @@ PRIVATE_DEPENDENCIES = SAMDB_COMMON NDR_DRSUAPI NDR_DRSBLOBS SAMDB_SCHEMA_OBJ_FILES = $(addprefix $(dsdbsrcdir)/schema/, \ schema_init.o \ schema_syntax.o \ - schema_description.o \ - schema_convert.o) + schema_description.o) $(eval $(call proto_header_template,$(dsdbsrcdir)/schema/proto.h,$(SAMDB_SCHEMA_OBJ_FILES:.o=.c))) # PUBLIC_HEADERS += dsdb/schema/schema.h diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index cd714e9c61..df7826d61d 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -32,6 +32,9 @@ struct dsdb_syntax { uint32_t oMSyntax; struct ldb_val oMObjectClass; const char *attributeSyntax_oid; + const char *equality; + const char *substring; + const char *comment; WERROR (*drsuapi_to_ldb)(const struct dsdb_schema *schema, const struct dsdb_attribute *attr, @@ -174,14 +177,6 @@ enum dsdb_schema_convert_target { TARGET_AD_SCHEMA_SUBENTRY }; -struct dsdb_syntax_map { - const char *Standard_OID; - const char *AD_OID; - const char *equality; - const char *substring; - const char *comment; -}; - #include "dsdb/schema/proto.h" #endif /* _DSDB_SCHEMA_H */ diff --git a/source4/dsdb/schema/schema_convert.c b/source4/dsdb/schema/schema_convert.c deleted file mode 100644 index 673e7a3bae..0000000000 --- a/source4/dsdb/schema/schema_convert.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - ldb database library - - Copyright (C) Simo Sorce 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "dsdb/samdb/samdb.h" - -/* Shared map for converting syntax between formats */ -static const struct dsdb_syntax_map syntax_map[] = { - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.12", - .AD_OID = "2.5.5.1", - .equality = "distinguishedNameMatch", - .comment = "Object(DS-DN) == a DN" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.38", - .AD_OID = "2.5.5.2", - .equality = "objectIdentifierMatch", - .comment = "OID String" - }, - { - .Standard_OID = "1.2.840.113556.1.4.905", - .AD_OID = "2.5.5.4", - .equality = "caseIgnoreMatch", - .substring = "caseIgnoreSubstringsMatch", - .comment = "Case Insensitive String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", - .AD_OID = "2.5.5.5", - .equality = "caseExactIA5Match", - .comment = "Printable String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.36", - .AD_OID = "2.5.5.6", - .equality = "numericStringMatch", - .substring = "numericStringSubstringsMatch", - .comment = "Numeric String" - }, - { - .Standard_OID = "1.2.840.113556.1.4.903", - .AD_OID = "2.5.5.7", - .equality = "distinguishedNameMatch", - .comment = "OctetString: Binary+DN" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.7", - .AD_OID = "2.5.5.8", - .equality = "booleanMatch", - .comment = "Boolean" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.27", - .AD_OID = "2.5.5.9", - .equality = "integerMatch", - .comment = "Integer" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", - .AD_OID = "2.5.5.10", - .equality = "octetStringMatch", - .comment = "Octet String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.24", - .AD_OID = "2.5.5.11", - .equality = "generalizedTimeMatch", - .comment = "Generalized Time" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.53", - .AD_OID = "2.5.5.11", - .equality = "generalizedTimeMatch", - .comment = "UTC Time" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.15", - .AD_OID = "2.5.5.12", - .equality = "caseIgnoreMatch", - .substring = "caseIgnoreSubstringsMatch", - .comment = "Directory String" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.43", - .AD_OID = "2.5.5.13", - .comment = "Presentation Address" - }, - { - .Standard_OID = "Not Found Yet", - .AD_OID = "2.5.5.14", - .equality = "distinguishedNameMatch", - .comment = "OctetString: String+DN" - }, - { - .Standard_OID = "1.2.840.113556.1.4.907", - .AD_OID = "2.5.5.15", - .equality = "octetStringMatch", - .comment = "NT Security Descriptor" - }, - { - .Standard_OID = "1.2.840.113556.1.4.906", - .AD_OID = "2.5.5.16", - .equality = "integerMatch", - .comment = "Large Integer" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40", - .AD_OID = "2.5.5.17", - .equality = "octetStringMatch", - .comment = "Octet String - Security Identifier (SID)" - }, - { - .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26", - .AD_OID = "2.5.5.5", - .equality = "caseExactIA5Match", - .comment = "IA5 String" - }, - { .Standard_OID = NULL - } -}; - - -const struct dsdb_syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid) -{ - int i; - for (i=0; syntax_map[i].Standard_OID; i++) { - if (strcasecmp(ad_oid, syntax_map[i].AD_OID) == 0) { - return &syntax_map[i]; - } - } - return NULL; -} - -const struct dsdb_syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid) -{ - int i; - for (i=0; syntax_map[i].Standard_OID; i++) { - if (strcasecmp(standard_oid, syntax_map[i].Standard_OID) == 0) { - return &syntax_map[i]; - } - } - return NULL; -} diff --git a/source4/dsdb/schema/schema_convert.h b/source4/dsdb/schema/schema_convert.h deleted file mode 100644 index de379343a6..0000000000 --- a/source4/dsdb/schema/schema_convert.h +++ /dev/null @@ -1,10 +0,0 @@ -struct syntax_map { - const char *Standard_OID; - const char *AD_OID; - const char *equality; - const char *substring; - const char *comment; -}; - -const struct syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid); -const struct syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid); diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 2f3acd1336..9d93af9260 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -90,8 +90,8 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) { char *schema_description; - const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid); - const char *syntax = map ? map->Standard_OID : attribute->attributeSyntax_oid; + const struct dsdb_syntax *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid); + const char *syntax = map ? map->ldap_oid : attribute->attributeSyntax_oid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return NULL; diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index beacfc49c2..b1ca256e62 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -3,7 +3,9 @@ DSDB schema syntaxes Copyright (C) Stefan Metzmacher 2006 - + Copyright (C) Simo Sorce 2005 + Copyright (C) Andrew Bartlett 2008 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or @@ -1120,6 +1122,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.8", .drsuapi_to_ldb = dsdb_syntax_BOOL_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_BOOL_ldb_to_drsuapi, + .equality = "booleanMatch", + .comment = "Boolean" },{ .name = "Integer", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.27", @@ -1127,6 +1131,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.9", .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi, + .equality = "integerMatch", + .comment = "Integer" },{ .name = "String(Octet)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40", @@ -1134,6 +1140,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.10", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, + .equality = "octetStringMatch", + .comment = "Octet String" },{ .name = "String(Sid)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40", @@ -1141,6 +1149,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.17", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, + .equality = "octetStringMatch", + .comment = "Octet String - Security Identifier (SID)" },{ .name = "String(Object-Identifier)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38", @@ -1148,6 +1158,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.2", .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi, + .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */ + .comment = "OID String" },{ .name = "Enumeration", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.27", @@ -1163,6 +1175,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.6", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, + .equality = "numericStringMatch", + .substring = "numericStringSubstringsMatch", + .comment = "Numeric String" },{ .name = "String(Printable)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.44", @@ -1177,6 +1192,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.4", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, + .equality = "caseIgnoreMatch", + .substring = "caseIgnoreSubstringsMatch", + .comment = "Case Insensitive String" },{ .name = "String(IA5)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26", @@ -1184,6 +1202,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.5", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, + .equality = "caseExactIA5Match", + .comment = "Printable String" },{ .name = "String(UTC-Time)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.53", @@ -1191,6 +1211,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.11", .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi, + .equality = "generalizedTimeMatch", + .comment = "UTC Time" },{ .name = "String(Generalized-Time)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24", @@ -1198,6 +1220,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.11", .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi, + .equality = "generalizedTimeMatch", + .comment = "Generalized Time" },{ /* not used in w2k3 schema */ .name = "String(Case Sensitive)", @@ -1213,6 +1237,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.12", .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi, + .equality = "caseIgnoreMatch", + .substring = "caseIgnoreSubstringsMatch", + .comment = "Directory String" },{ .name = "Interval/LargeInteger", .ldap_oid = "1.2.840.113556.1.4.906", @@ -1220,6 +1247,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.16", .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi, + .equality = "integerMatch", + .comment = "Large Integer" },{ .name = "String(NT-Sec-Desc)", .ldap_oid = "1.2.840.113556.1.4.907", @@ -1235,6 +1264,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.1", .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi, + .equality = "distinguishedNameMatch", + .comment = "Object(DS-DN) == a DN" },{ .name = "Object(DN-Binary)", .ldap_oid = "1.2.840.113556.1.4.903", @@ -1243,6 +1274,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.7", .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi, + .equality = "distinguishedNameMatch", + .comment = "OctetString: Binary+DN" },{ /* not used in w2k3 schema */ .name = "Object(OR-Name)", @@ -1274,6 +1307,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.13", .drsuapi_to_ldb = dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi, + .comment = "Presentation Address" },{ /* not used in w2k3 schema */ .name = "Object(Access-Point)", @@ -1283,6 +1317,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.14", .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, + .equality = "distinguishedNameMatch", + .comment = "OctetString: String+DN" },{ /* not used in w2k3 schema */ .name = "Object(DN-String)", @@ -1295,6 +1331,38 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { } }; +const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid) +{ + int i; + for (i=0; dsdb_syntaxes[i].ldap_oid; i++) { + if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) { + return &dsdb_syntaxes[i]; + } + } + return NULL; +} + +const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax) +{ + int i; + for (i=0; dsdb_syntaxes[i].ldap_oid; i++) { + if (oMSyntax == dsdb_syntaxes[i].oMSyntax) { + return &dsdb_syntaxes[i]; + } + } + return NULL; +} + +const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid) +{ + int i; + for (i=0; dsdb_syntaxes[i].ldap_oid; i++) { + if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) { + return &dsdb_syntaxes[i]; + } + } + return NULL; +} const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr) { uint32_t i; diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index f5279616d1..7de2e67b5e 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -39,3 +39,6 @@ modifyTimeStamp:samba4ModifyTimestamp 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 #Treat Security Descriptors as binary 1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 +#Treat OIDs as case insensitive strings (as otherwise ldap class and +#attribute names, declared at OIDs fail +1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44 diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index ea5b813e8a..e229bd104b 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -229,7 +229,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch const char *equality = NULL, *substring = NULL; bool single_value = attribute->isSingleValued; - const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(syntax); + const struct dsdb_syntax *map = find_syntax_map_by_ad_syntax(attribute->oMSyntax); char *schema_entry = NULL; int j; @@ -251,7 +251,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch /* We might have been asked to remap this oid, * due to a conflict, or lack of * implementation */ - syntax = map->Standard_OID; + syntax = map->ldap_oid; /* We might have been asked to remap this oid, due to a conflict */ for (j=0; syntax && oid_map && oid_map[j].old_oid; j++) { if (strcasecmp(syntax, oid_map[j].old_oid) == 0) { diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c index d045b084b5..6c4e6a9c80 100644 --- a/source4/utils/oLschema2ldif.c +++ b/source4/utils/oLschema2ldif.c @@ -433,12 +433,12 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry) case SCHEMA_SYNTAX: { - const struct dsdb_syntax_map *map = + const struct dsdb_syntax *map = find_syntax_map_by_standard_oid(token->value); if (!map) { break; } - MSG_ADD_STRING("attributeSyntax", map->AD_OID); + MSG_ADD_STRING("attributeSyntax", map->attributeSyntax_oid); break; } case SCHEMA_DESC: -- cgit From 5c6364ba0655316294833f192281d49a4de63b0c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 12:01:27 +1000 Subject: Remove references to the unused @SUBCLASS feature. This was removed from ldb_tdb a while ago Andrew Bartlett (This used to be commit fcb87e77860b449ac3483ccec5e6b5ed087540f2) --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 2 +- source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 37 ++--------------------- source4/lib/ldb/ldb_sqlite3/schema | 35 --------------------- source4/lib/ldb/tests/test-attribs.ldif | 9 ------ source4/lib/ldb/tests/test-index.ldif | 4 --- 5 files changed, 3 insertions(+), 84 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 7c408d0436..428e6b4d4b 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -47,7 +47,7 @@ class MapBaseTestCase(TestCaseInTempDir): ldb.add({"dn": "@PARTITION", "partition": [s4.basedn + ":" + s4.url, s3.basedn + ":" + s3.url], - "replicateEntries": ["@SUBCLASSES", "@ATTRIBUTES", "@INDEXLIST"]}) + "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"]}) def setUp(self): super(MapBaseTestCase, self).setUp() diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index 8742e257f3..a0e63c8da1 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -349,23 +349,7 @@ static char *parsetree_to_sql(struct ldb_module *module, return NULL; } - if (strcasecmp(t->u.equality.attr, "objectclass") == 0) { - /* - * For object classes, we want to search for all objectclasses - * that are subclasses as well. - */ - return lsqlite3_tprintf(mem_ctx, - "SELECT eid FROM ldb_attribute_values\n" - "WHERE norm_attr_name = 'OBJECTCLASS' " - "AND norm_attr_value IN\n" - " (SELECT class_name FROM ldb_object_classes\n" - " WHERE tree_key GLOB\n" - " (SELECT tree_key FROM ldb_object_classes\n" - " WHERE class_name = '%q'\n" - " ) || '*'\n" - " )\n", value.data); - - } else if (strcasecmp(t->u.equality.attr, "dn") == 0) { + if (strcasecmp(t->u.equality.attr, "dn") == 0) { /* DN query is a special ldb case */ const char *cdn = ldb_dn_get_casefold( ldb_dn_new(mem_ctx, module->ldb, @@ -1039,16 +1023,8 @@ static int lsql_add(struct ldb_module *module, struct ldb_request *req) /* See if this is an ltdb special */ if (ldb_dn_is_special(msg->dn)) { - struct ldb_dn *c; - - c = ldb_dn_new(lsql_ac, module->ldb, "@SUBCLASSES"); - if (ldb_dn_compare(msg->dn, c) == 0) { -#warning "insert subclasses into object class tree" - ret = LDB_ERR_UNWILLING_TO_PERFORM; - goto done; - } - /* + struct ldb_dn *c; c = ldb_dn_new(local_ctx, module->ldb, "@INDEXLIST"); if (ldb_dn_compare(module->ldb, msg->dn, c) == 0) { #warning "should we handle indexes somehow ?" @@ -1177,15 +1153,6 @@ static int lsql_modify(struct ldb_module *module, struct ldb_request *req) /* See if this is an ltdb special */ if (ldb_dn_is_special(msg->dn)) { - struct ldb_dn *c; - - c = ldb_dn_new(lsql_ac, module->ldb, "@SUBCLASSES"); - if (ldb_dn_compare(msg->dn, c) == 0) { -#warning "modify subclasses into object class tree" - ret = LDB_ERR_UNWILLING_TO_PERFORM; - goto done; - } - /* Others return an error */ ret = LDB_ERR_UNWILLING_TO_PERFORM; goto done; diff --git a/source4/lib/ldb/ldb_sqlite3/schema b/source4/lib/ldb/ldb_sqlite3/schema index 08dc50de08..ab7c5cc406 100644 --- a/source4/lib/ldb/ldb_sqlite3/schema +++ b/source4/lib/ldb/ldb_sqlite3/schema @@ -326,38 +326,3 @@ UPDATE ldb_attributes integer_p = 0 WHERE attr_name = 'dn' --- ---------------------------------------------------------------------- - -/* - * dn: @SUBCLASSES - * top: domain - * top: person - * domain: domainDNS - * person: organizationalPerson - * person: fooPerson - * organizationalPerson: user - * organizationalPerson: OpenLDAPperson - * user: computer - */ --- insertSubclass - -/* NOT YET UPDATED!!! * - - -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'domain', /* next_tree_key('top') */ '00010001'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'person', /* next_tree_key('top') */ '00010002'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'domainDNS', /* next_tree_key('domain') */ '000100010001'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'organizationalPerson', /* next_tree_key('person') */ '000100020001'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'fooPerson', /* next_tree_key('person') */ '000100020002'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'user', /* next_tree_key('organizationalPerson') */ '0001000200010001'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'OpenLDAPperson', /* next_tree_key('organizationPerson') */ '0001000200010002'; -INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key) - SELECT 'computer', /* next_tree_key('user') */ '0001000200010001'; - diff --git a/source4/lib/ldb/tests/test-attribs.ldif b/source4/lib/ldb/tests/test-attribs.ldif index 0bb3ebead6..79508c4b7b 100644 --- a/source4/lib/ldb/tests/test-attribs.ldif +++ b/source4/lib/ldb/tests/test-attribs.ldif @@ -4,12 +4,3 @@ cn: CASE_INSENSITIVE ou: CASE_INSENSITIVE dn: CASE_INSENSITIVE -dn: @SUBCLASSES -top: domain -top: person -domain: domainDNS -person: organizationalPerson -person: fooPerson -organizationalPerson: user -organizationalPerson: OpenLDAPperson -user: computer diff --git a/source4/lib/ldb/tests/test-index.ldif b/source4/lib/ldb/tests/test-index.ldif index a793537187..268173641d 100644 --- a/source4/lib/ldb/tests/test-index.ldif +++ b/source4/lib/ldb/tests/test-index.ldif @@ -5,7 +5,3 @@ dn: @INDEXLIST dn: @ATTRIBUTES uid: CASE_INSENSITIVE -dn: @SUBCLASSES -top: person -person: organizationalPerson -organizationalPerson: OpenLDAPperson -- cgit From 4c18073b139ddccf5593401b08e55eda937db3e6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 15:12:08 +1000 Subject: Ensure we fail to proceed if the schema won't load. (This used to be commit 07107c45c35a11979bf68a14b2c4df9415880fcb) --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 706b7b18b7..968b19c038 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -125,6 +125,7 @@ static int schema_fsmo_init(struct ldb_module *module) "schema_fsmo_init: dsdb_schema load failed: %s", error_string); talloc_free(mem_ctx); + return ret; } /* dsdb_set_schema() steal schema into the ldb_context */ -- cgit From dbde9cbea0a1d767c88b6cb3390c9fa1d949efe2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 20:20:24 +1000 Subject: Fix segfaults when loading the schema fails. (This used to be commit 9643db1a011edc95aa903908cec708b3a3566e71) --- source4/dsdb/schema/schema_init.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 65df25ca3f..73be580347 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -809,7 +809,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, if (!prefix_val) { *error_string = talloc_asprintf(mem_ctx, "schema_fsmo_init: no prefixMap attribute found"); - talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); @@ -828,7 +827,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string = talloc_asprintf(mem_ctx, "schema_fsmo_init: failed to load oid mappings: %s", win_errstr(status)); - talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -847,7 +845,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, "schema_fsmo_init: failed to load attribute definition: %s:%s", ldb_dn_get_linearized(attrs_res->msgs[i]->dn), win_errstr(status)); - talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -869,7 +866,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, "schema_fsmo_init: failed to load class definition: %s:%s", ldb_dn_get_linearized(objectclass_res->msgs[i]->dn), win_errstr(status)); - talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -914,7 +910,6 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", name, name); if (ret != LDB_SUCCESS) { - printf("Search failed: %s\n", ldb_errstring(ldb)); return ret; } @@ -940,7 +935,8 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, TALLOC_CTX *mem_ctx, - struct ldb_result **objectclasses_res) + struct ldb_result **objectclasses_res, + char **error_string) { TALLOC_CTX *local_ctx = talloc_new(mem_ctx); struct ldb_result *top_res, *ret_res; @@ -949,19 +945,23 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche return LDB_ERR_OPERATIONS_ERROR; } - /* Downlaod 'top' */ + /* Download 'top' */ ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, "(&(objectClass=classSchema)(lDAPDisplayName=top))", NULL, &top_res); if (ret != LDB_SUCCESS) { - printf("Search failed: %s\n", ldb_errstring(ldb)); - return LDB_ERR_OPERATIONS_ERROR; + *error_string = talloc_asprintf(mem_ctx, + "dsdb_schema: failed to search for top classSchema object: %s", + ldb_errstring(ldb)); + return ret; } talloc_steal(local_ctx, top_res); if (top_res->count != 1) { - return LDB_ERR_OPERATIONS_ERROR; + *error_string = talloc_asprintf(mem_ctx, + "dsdb_schema: failed to find top classSchema object"); + return LDB_ERR_NO_SUCH_OBJECT; } ret_res = talloc_zero(local_ctx, struct ldb_result); @@ -972,8 +972,7 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche ret = fetch_oc_recursive(ldb, schemadn, local_ctx, top_res, ret_res); if (ret != LDB_SUCCESS) { - printf("Search failed: %s\n", ldb_errstring(ldb)); - return LDB_ERR_OPERATIONS_ERROR; + return ret; } *objectclasses_res = talloc_move(mem_ctx, &ret_res); @@ -1051,10 +1050,10 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, /* * load the objectClass definitions */ - ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res); + ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res, &error_string); if (ret != LDB_SUCCESS) { *error_string_out = talloc_asprintf(mem_ctx, - "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(ldb)); + "Failed to fetch objectClass schema elements: %s", error_string); talloc_free(tmp_ctx); return ret; } -- cgit From 1dc5e75218e57fc410773161ab6431db33cd4b27 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 20:21:31 +1000 Subject: Allow attributes to be overwritten, not just added to (This used to be commit 0aebae91be0fba7ffa94d73946a94aea930a252a) --- source4/lib/ldb/common/ldb_attributes.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index effd93ae26..ab6aa0b734 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -62,11 +62,20 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, ldb->schema.attributes = a; for (i = 0; i < ldb->schema.num_attributes; i++) { - if (ldb_attr_cmp(attribute, a[i].name) < 0) { + int cmp = ldb_attr_cmp(attribute, a[i].name); + if (cmp == 0) { + if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) { + talloc_free(discard_const_p(char, a[i].name)); + } + /* To cancel out increment below */ + ldb->schema.num_attributes--; + break; + } else if (cmp < 0) { memmove(a+i+1, a+i, sizeof(*a) * (ldb->schema.num_attributes-i)); break; } } + ldb->schema.num_attributes++; a[i].name = attribute; a[i].flags = flags; @@ -80,7 +89,6 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, } } - ldb->schema.num_attributes++; return 0; } @@ -145,7 +153,7 @@ void ldb_schema_attribute_remove(struct ldb_context *ldb, const char *name) int i; a = ldb_schema_attribute_by_name(ldb, name); - if (a == NULL) { + if (a == NULL || a->name == NULL) { return; } -- cgit From bb80a19714048def04b9d94d4e9f125a20a95822 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 20:30:27 +1000 Subject: Note the ldb syntax for attribute syntaxes in the table. This includes additional Samba-specific syntaxes made available from the ldif_handlers code. This commit also changes some table to use #defines, to ensure consistancy in other parts of the code. Andrew Bartlett (This used to be commit e26a5efd9a580ed3728e1f449e367b1cd4a73b5f) --- .gitignore | 2 +- source4/dsdb/samdb/samdb.h | 1 + source4/dsdb/schema/schema.h | 1 + source4/dsdb/schema/schema_syntax.c | 47 ++++++++++++++++++++--------------- source4/lib/ldb-samba/config.mk | 2 +- source4/lib/ldb-samba/ldif_handlers.c | 25 ++++++++++++------- source4/lib/ldb-samba/ldif_handlers.h | 13 ++++++++++ 7 files changed, 60 insertions(+), 31 deletions(-) create mode 100644 source4/lib/ldb-samba/ldif_handlers.h diff --git a/.gitignore b/.gitignore index 1e574f0059..a216677f4a 100644 --- a/.gitignore +++ b/.gitignore @@ -55,7 +55,7 @@ source/ldap_server/proto.h source/lib/db_wrap_proto.h source/lib/charset/charset_proto.h source/lib/cmdline/credentials.h -source/lib/ldb/samba/ldif_handlers.h +source/lib/ldb/samba/ldif_handlers_proto.h source/lib/registry/regf.h source/lib/registry/tdr_regf.c source/lib/registry/tdr_regf.h diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 3e92671fa0..f24a75fd8f 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -31,6 +31,7 @@ struct event_context; #include "librpc/gen_ndr/security.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb-samba/ldif_handlers.h" #include "librpc/gen_ndr/samr.h" #include "librpc/gen_ndr/drsuapi.h" #include "librpc/gen_ndr/drsblobs.h" diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index df7826d61d..68dc8197cb 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -35,6 +35,7 @@ struct dsdb_syntax { const char *equality; const char *substring; const char *comment; + const char *ldb_syntax; WERROR (*drsuapi_to_ldb)(const struct dsdb_schema *schema, const struct dsdb_attribute *attr, diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index b1ca256e62..97cd0020a9 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -1111,7 +1111,6 @@ static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_ return WERR_OK; } - #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) } static const struct dsdb_syntax dsdb_syntaxes[] = { @@ -1126,31 +1125,32 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .comment = "Boolean" },{ .name = "Integer", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.27", + .ldap_oid = LDB_SYNTAX_INTEGER, .oMSyntax = 2, .attributeSyntax_oid = "2.5.5.9", .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi, .equality = "integerMatch", - .comment = "Integer" + .comment = "Integer", },{ .name = "String(Octet)", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40", + .ldap_oid = LDB_SYNTAX_OCTET_STRING, .oMSyntax = 4, .attributeSyntax_oid = "2.5.5.10", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, .equality = "octetStringMatch", - .comment = "Octet String" + .comment = "Octet String", },{ .name = "String(Sid)", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.40", + .ldap_oid = LDB_SYNTAX_OCTET_STRING, .oMSyntax = 4, .attributeSyntax_oid = "2.5.5.17", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, .equality = "octetStringMatch", - .comment = "Octet String - Security Identifier (SID)" + .comment = "Octet String - Security Identifier (SID)", + .ldb_syntax = LDB_SYNTAX_SAMBA_SID },{ .name = "String(Object-Identifier)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.38", @@ -1159,10 +1159,11 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_OID_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_OID_ldb_to_drsuapi, .equality = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */ - .comment = "OID String" + .comment = "OID String", + .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING },{ .name = "Enumeration", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.27", + .ldap_oid = LDB_SYNTAX_INTEGER, .oMSyntax = 10, .attributeSyntax_oid = "2.5.5.9", .drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb, @@ -1194,7 +1195,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, .equality = "caseIgnoreMatch", .substring = "caseIgnoreSubstringsMatch", - .comment = "Case Insensitive String" + .comment = "Case Insensitive String", + .ldb_syntax = LDB_SYNTAX_DIRECTORY_STRING, },{ .name = "String(IA5)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.26", @@ -1212,7 +1214,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi, .equality = "generalizedTimeMatch", - .comment = "UTC Time" + .comment = "UTC Time", },{ .name = "String(Generalized-Time)", .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.24", @@ -1221,7 +1223,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_NTTIME_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_NTTIME_ldb_to_drsuapi, .equality = "generalizedTimeMatch", - .comment = "Generalized Time" + .comment = "Generalized Time", + .ldb_syntax = LDB_SYNTAX_UTC_TIME, },{ /* not used in w2k3 schema */ .name = "String(Case Sensitive)", @@ -1232,14 +1235,14 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, },{ .name = "String(Unicode)", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.15", + .ldap_oid = LDB_SYNTAX_DIRECTORY_STRING, .oMSyntax = 64, .attributeSyntax_oid = "2.5.5.12", .drsuapi_to_ldb = dsdb_syntax_UNICODE_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_UNICODE_ldb_to_drsuapi, .equality = "caseIgnoreMatch", .substring = "caseIgnoreSubstringsMatch", - .comment = "Directory String" + .comment = "Directory String", },{ .name = "Interval/LargeInteger", .ldap_oid = "1.2.840.113556.1.4.906", @@ -1248,24 +1251,25 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_INT64_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_INT64_ldb_to_drsuapi, .equality = "integerMatch", - .comment = "Large Integer" + .comment = "Large Integer", + .ldb_syntax = LDB_SYNTAX_INTEGER, },{ .name = "String(NT-Sec-Desc)", - .ldap_oid = "1.2.840.113556.1.4.907", + .ldap_oid = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR, .oMSyntax = 66, .attributeSyntax_oid = "2.5.5.15", .drsuapi_to_ldb = dsdb_syntax_DATA_BLOB_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DATA_BLOB_ldb_to_drsuapi, },{ .name = "Object(DS-DN)", - .ldap_oid = "1.3.6.1.4.1.1466.115.121.1.12", + .ldap_oid = LDB_SYNTAX_DN, .oMSyntax = 127, .oMObjectClass = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"), .attributeSyntax_oid = "2.5.5.1", .drsuapi_to_ldb = dsdb_syntax_DN_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DN_ldb_to_drsuapi, .equality = "distinguishedNameMatch", - .comment = "Object(DS-DN) == a DN" + .comment = "Object(DS-DN) == a DN", },{ .name = "Object(DN-Binary)", .ldap_oid = "1.2.840.113556.1.4.903", @@ -1275,7 +1279,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_DN_BINARY_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_DN_BINARY_ldb_to_drsuapi, .equality = "distinguishedNameMatch", - .comment = "OctetString: Binary+DN" + .comment = "OctetString: Binary+DN", + .ldb_syntax = LDB_SYNTAX_DN, },{ /* not used in w2k3 schema */ .name = "Object(OR-Name)", @@ -1318,7 +1323,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, .equality = "distinguishedNameMatch", - .comment = "OctetString: String+DN" + .comment = "OctetString: String+DN", + .ldb_syntax = LDB_SYNTAX_DN, },{ /* not used in w2k3 schema */ .name = "Object(DN-String)", @@ -1328,6 +1334,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.14", .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, + .ldb_syntax = LDB_SYNTAX_DN, } }; diff --git a/source4/lib/ldb-samba/config.mk b/source4/lib/ldb-samba/config.mk index cdec317d1f..f84b44dfc7 100644 --- a/source4/lib/ldb-samba/config.mk +++ b/source4/lib/ldb-samba/config.mk @@ -7,5 +7,5 @@ PRIVATE_DEPENDENCIES = LIBSECURITY SAMDB_SCHEMA LIBNDR NDR_MISC NDR_DRSBLOBS ################################################ LDBSAMBA_OBJ_FILES = $(ldb_sambasrcdir)/ldif_handlers.o -$(eval $(call proto_header_template,$(ldb_sambasrcdir)/ldif_handlers.h,$(LDBSAMBA_OBJ_FILES:.o=.c))) +$(eval $(call proto_header_template,$(ldb_sambasrcdir)/ldif_handlers_proto.h,$(LDBSAMBA_OBJ_FILES:.o=.c))) diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 1f718cc1c5..22a57da10b 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -561,8 +561,6 @@ static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx, return ret; } -#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" -#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR" #define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID" #define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY" #define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP" @@ -635,6 +633,21 @@ static const struct { { "prefixMap", LDB_SYNTAX_SAMBA_PREFIX_MAP } }; +const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name) +{ + uint32_t j; + const struct ldb_schema_syntax *s = NULL; + + for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { + if (strcmp(name, samba_syntaxes[j].name) == 0) { + s = &samba_syntaxes[j]; + break; + } + } + return s; +} + + /* register the samba ldif handlers */ @@ -644,15 +657,9 @@ int ldb_register_samba_handlers(struct ldb_context *ldb) for (i=0; i < ARRAY_SIZE(samba_attributes); i++) { int ret; - uint32_t j; const struct ldb_schema_syntax *s = NULL; - for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) { - if (strcmp(samba_attributes[i].syntax, samba_syntaxes[j].name) == 0) { - s = &samba_syntaxes[j]; - break; - } - } + s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax); if (!s) { s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax); diff --git a/source4/lib/ldb-samba/ldif_handlers.h b/source4/lib/ldb-samba/ldif_handlers.h new file mode 100644 index 0000000000..e37c4166c8 --- /dev/null +++ b/source4/lib/ldb-samba/ldif_handlers.h @@ -0,0 +1,13 @@ +#ifndef __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ +#define __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ + +#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID" +#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "1.2.840.113556.1.4.907" + +#include "lib/ldb-samba/ldif_handlers_proto.h" + +#undef _PRINTF_ATTRIBUTE +#define _PRINTF_ATTRIBUTE(a1, a2) + +#endif /* __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ */ + -- cgit From c2221240105b223b6afded16614593d80f74e9d9 Mon Sep 17 00:00:00 2001 From: Matthieu Suiche Date: Thu, 10 Jul 2008 09:31:43 +0000 Subject: lib/compression: Import of lzxpress decompression algorithm Signed-off-by: Stefan Metzmacher (This used to be commit 531882dadd57eb6fa048c5d6e5fe3accc20df751) --- source4/lib/basic.mk | 2 +- source4/lib/compression/lzxpress.c | 144 +++++++++++++++++++++++++++++++++++++ source4/lib/compression/lzxpress.h | 43 +++++++++++ 3 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 source4/lib/compression/lzxpress.c create mode 100644 source4/lib/compression/lzxpress.h diff --git a/source4/lib/basic.mk b/source4/lib/basic.mk index b86df5dc9f..0c68fda2df 100644 --- a/source4/lib/basic.mk +++ b/source4/lib/basic.mk @@ -1,6 +1,6 @@ [SUBSYSTEM::LIBCOMPRESSION] -LIBCOMPRESSION_OBJ_FILES = $(libcompressionsrcdir)/mszip.o +LIBCOMPRESSION_OBJ_FILES = $(libcompressionsrcdir)/mszip.o $(libcompressionsrcdir)/lzxpress.o [SUBSYSTEM::GENCACHE] PRIVATE_DEPENDENCIES = TDB_WRAP diff --git a/source4/lib/compression/lzxpress.c b/source4/lib/compression/lzxpress.c new file mode 100644 index 0000000000..506305176f --- /dev/null +++ b/source4/lib/compression/lzxpress.c @@ -0,0 +1,144 @@ +/* + * Copyright (C) Matthieu Suiche 2008 + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include "includes.h" +#include "replace.h" +#include "lzxpress.h" + + +#define __BUF_POS_CONST(buf,ofs)(((const uint8_t *)buf)+(ofs)) +#define __PULL_BYTE(buf,ofs) \ + ((uint8_t)((*__BUF_POS_CONST(buf,ofs)) & 0xFF)) + +#ifndef PULL_LE_UINT16 +#define PULL_LE_UINT16(buf,ofs) ((uint16_t)( \ + ((uint16_t)(((uint16_t)(__PULL_BYTE(buf,(ofs)+0))) << 0)) | \ + ((uint16_t)(((uint16_t)(__PULL_BYTE(buf,(ofs)+1))) << 8)) \ +)) +#endif + +#ifndef PULL_LE_UINT32 +#define PULL_LE_UINT32(buf,ofs) ((uint32_t)( \ + ((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+0))) << 0)) | \ + ((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+1))) << 8)) | \ + ((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+2))) << 16)) | \ + ((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+3))) << 24)) \ +)) +#endif + +static uint32_t xpress_decompress(uint8_t *input, + uint32_t input_size, + uint8_t *output, + uint32_t output_size) +{ + uint32_t output_index, input_index; + uint32_t indicator, indicator_bit; + uint32_t length; + uint32_t offset; + uint32_t nibble_index; + + output_index = 0; + input_index = 0; + indicator = 0; + indicator_bit = 0; + length = 0; + offset = 0; + nibble_index = 0; + + do { + if (indicator_bit == 0) { + indicator = PULL_LE_UINT32(input, input_index); + input_index += sizeof(uint32_t); + indicator_bit = 32; + } + indicator_bit--; + + /* + * check whether the bit specified by indicator_bit is set or not + * set in indicator. For example, if indicator_bit has value 4 + * check whether the 4th bit of the value in indicator is set + */ + if (((indicator >> indicator_bit) & 1) == 0) { + output[output_index] = input[input_index]; + input_index += sizeof(uint8_t); + output_index += sizeof(uint8_t); + } else { + length = PULL_LE_UINT16(input, input_index); + input_index += sizeof(uint16_t); + offset = length / 8; + length = length % 8; + + if (length == 7) { + if (nibble_index == 0) { + nibble_index = input_index; + length = input[input_index] % 16; + input_index += sizeof(uint8_t); + } else { + length = input[nibble_index] / 16; + nibble_index = 0; + } + + if (length == 15) { + length = input[input_index]; + input_index += sizeof(uint8_t); + if (length == 255) { + length = PULL_LE_UINT16(input, input_index); + input_index += sizeof(uint16_t); + length -= (15 + 7); + } + length += 15; + } + length += 7; + } + + length += 3; + + do { + if (output_index >= output_size) break; + output[output_index] = output[output_index - offset - 1]; + output_index += sizeof(uint8_t); + length -= sizeof(uint8_t); + } while (length != 0); + } + + } while ((output_index < output_size) && (input_index < input_size)); + + return output_index; +} + +uint32_t lzxpress_decompress(DATA_BLOB *inbuf, + DATA_BLOB *outbuf) +{ + return xpress_decompress(inbuf->data, inbuf->length, outbuf->data, outbuf->length); +} diff --git a/source4/lib/compression/lzxpress.h b/source4/lib/compression/lzxpress.h new file mode 100644 index 0000000000..4862fd2635 --- /dev/null +++ b/source4/lib/compression/lzxpress.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) Matthieu Suiche 2008 + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifndef _LZXPRESS_H +#define _LZXPRESS_H + +#define XPRESS_BLOCK_SIZE 0x10000 + +uint32_t lzxpress_decompress(DATA_BLOB *inbuf, + DATA_BLOB *outbuf); + +#endif /* _LZXPRESS_H */ -- cgit From ffa18ca49a2e9d179c122c4dff56fe2dcf54c365 Mon Sep 17 00:00:00 2001 From: Matthieu Suiche Date: Thu, 10 Jul 2008 09:31:43 +0000 Subject: librpc/ndr: add support for XPRESS decompression Signed-off-by: Stefan Metzmacher (This used to be commit 6a9720c99d36a575ea8ed92e94ff6d2fe6f3e27d) --- source4/librpc/ndr/ndr_compression.c | 61 +++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/source4/librpc/ndr/ndr_compression.c b/source4/librpc/ndr/ndr_compression.c index 86a5a2560e..ffa37f61a3 100644 --- a/source4/librpc/ndr/ndr_compression.c +++ b/source4/librpc/ndr/ndr_compression.c @@ -4,6 +4,7 @@ libndr compression support Copyright (C) Stefan Metzmacher 2005 + Copyright (C) Matthieu Suiche 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,6 +22,7 @@ #include "includes.h" #include "lib/compression/mszip.h" +#include "lib/compression/lzxpress.h" #include "librpc/ndr/libndr.h" #include "librpc/ndr/ndr_compression.h" @@ -158,12 +160,12 @@ static enum ndr_err_code ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp bool *last) { DATA_BLOB comp_chunk; + DATA_BLOB plain_chunk; uint32_t comp_chunk_offset; + uint32_t plain_chunk_offset; uint32_t comp_chunk_size; uint32_t plain_chunk_size; - comp_chunk_offset = ndrpull->offset; - NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &plain_chunk_size)); if (plain_chunk_size > 0x00010000) { return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, "Bad XPRESS plain chunk size %08X > 0x00010000 (PULL)", @@ -172,15 +174,21 @@ static enum ndr_err_code ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &comp_chunk_size)); + comp_chunk_offset = ndrpull->offset; NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size)); - comp_chunk.length = comp_chunk_size + 8; + comp_chunk.length = comp_chunk_size; comp_chunk.data = ndrpull->data + comp_chunk_offset; + plain_chunk_offset = ndrpush->offset; + NDR_CHECK(ndr_push_zero(ndrpush, plain_chunk_size)); + plain_chunk.length = plain_chunk_size; + plain_chunk.data = ndrpush->data + plain_chunk_offset; + DEBUG(10,("XPRESS plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n", plain_chunk_size, plain_chunk_size, comp_chunk_size, comp_chunk_size)); - /* For now, we just copy over the compressed blob */ - NDR_CHECK(ndr_push_bytes(ndrpush, comp_chunk.data, comp_chunk.length)); + /* Uncompressing the buffer using LZ Xpress algorithm */ + lzxpress_decompress(&comp_chunk, &plain_chunk); if ((plain_chunk_size < 0x00010000) || (ndrpull->offset+4 >= ndrpull->data_size)) { /* this is the last chunk */ @@ -197,6 +205,10 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr, struct ndr_push *ndrpush; struct ndr_pull *comndr; DATA_BLOB uncompressed; + uint32_t payload_header[4]; + uint32_t payload_size; + uint32_t payload_offset; + uint8_t *payload; bool last = false; ndrpush = ndr_push_init_ctx(subndr, subndr->iconv_convenience); @@ -207,6 +219,13 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr, } uncompressed = ndr_push_blob(ndrpush); + if (uncompressed.length != decompressed_len) { + return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, + "Bad XPRESS uncompressed_len [%u] != [%u](0x%08X) (PULL)", + (int)uncompressed.length, + (int)decompressed_len, + (int)decompressed_len); + } comndr = talloc_zero(subndr, struct ndr_pull); NDR_ERR_HAVE_NO_MEMORY(comndr); @@ -219,6 +238,38 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr, comndr->iconv_convenience = talloc_reference(comndr, subndr->iconv_convenience); + NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[0])); + NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[1])); + NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[2])); + NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[3])); + + if (payload_header[0] != 0x00081001) { + return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, + "Bad XPRESS payload_header[0] [0x%08X] != [0x00081001] (PULL)", + payload_header[0]); + } + if (payload_header[1] != 0xCCCCCCCC) { + return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, + "Bad XPRESS payload_header[1] [0x%08X] != [0xCCCCCCCC] (PULL)", + payload_header[1]); + } + + payload_size = payload_header[2]; + + if (payload_header[3] != 0x00000000) { + return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, + "Bad XPRESS payload_header[3] [0x%08X] != [0x00000000] (PULL)", + payload_header[3]); + } + + payload_offset = comndr->offset; + NDR_CHECK(ndr_pull_advance(comndr, payload_size)); + payload = comndr->data + payload_offset; + + comndr->data = payload; + comndr->data_size = payload_size; + comndr->offset = 0; + *_comndr = comndr; return NDR_ERR_SUCCESS; } -- cgit From 41fdbffa72cab3c4f18ef5f34ab2fa0ec10d4d53 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 18 Aug 2008 14:25:41 +0200 Subject: zlib: we don't need the inflateReset2 prototype twice metze (This used to be commit 0dbbc287f65a51330c5309df5a96b3acd4d044d5) --- source4/lib/zlib/zlib.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/source4/lib/zlib/zlib.h b/source4/lib/zlib/zlib.h index 20a16d9588..e80eed9a7e 100644 --- a/source4/lib/zlib/zlib.h +++ b/source4/lib/zlib/zlib.h @@ -789,8 +789,6 @@ ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, destination. */ -ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm, unsigned flags)); - ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); /* This function is equivalent to inflateEnd followed by inflateInit, -- cgit From 5e4f668468d83b09765c4b15ff1b40b88401fb00 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 15 Aug 2008 13:32:51 +0200 Subject: zlib: fix compiler warnings metze (This used to be commit ce44a608f66bf27070fd43d576551fde6f545d7c) --- source4/lib/zlib/adler32.c | 3 +-- source4/lib/zlib/compress.c | 5 ++--- source4/lib/zlib/crc32.c | 4 ++-- source4/lib/zlib/deflate.c | 8 ++++---- source4/lib/zlib/gzio.c | 16 +++++++--------- source4/lib/zlib/infback.c | 24 +++++++++++------------ source4/lib/zlib/inffast.c | 10 +++++----- source4/lib/zlib/inflate.c | 46 ++++++++++++++++++++++----------------------- source4/lib/zlib/trees.c | 12 ++++++------ source4/lib/zlib/uncompr.c | 5 ++--- source4/lib/zlib/zlib.h | 19 +++++++++++++++---- source4/lib/zlib/zutil.h | 2 +- 12 files changed, 80 insertions(+), 74 deletions(-) diff --git a/source4/lib/zlib/adler32.c b/source4/lib/zlib/adler32.c index 007ba26277..b5333d7b8e 100644 --- a/source4/lib/zlib/adler32.c +++ b/source4/lib/zlib/adler32.c @@ -5,8 +5,7 @@ /* @(#) $Id$ */ -#define ZLIB_INTERNAL -#include "zlib.h" +#include "zutil.h" #define BASE 65521UL /* largest prime smaller than 65536 */ #define NMAX 5552 diff --git a/source4/lib/zlib/compress.c b/source4/lib/zlib/compress.c index df04f0148e..40a53cd476 100644 --- a/source4/lib/zlib/compress.c +++ b/source4/lib/zlib/compress.c @@ -5,8 +5,7 @@ /* @(#) $Id$ */ -#define ZLIB_INTERNAL -#include "zlib.h" +#include "zutil.h" /* =========================================================================== Compresses the source buffer into the destination buffer. The level @@ -29,7 +28,7 @@ int ZEXPORT compress2 (dest, destLen, source, sourceLen, level) z_stream stream; int err; - stream.next_in = (Bytef*)source; + stream.next_in = source; stream.avail_in = (uInt)sourceLen; #ifdef MAXSEG_64K /* Check for source > 64K on 16-bit machine: */ diff --git a/source4/lib/zlib/crc32.c b/source4/lib/zlib/crc32.c index f658a9ef55..4d6e699e60 100644 --- a/source4/lib/zlib/crc32.c +++ b/source4/lib/zlib/crc32.c @@ -11,6 +11,8 @@ /* @(#) $Id$ */ +#include "zutil.h" /* for STDC and FAR definitions */ + /* Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore protection on the static variables used to control the first-use generation @@ -26,8 +28,6 @@ # endif /* !DYNAMIC_CRC_TABLE */ #endif /* MAKECRCH */ -#include "zutil.h" /* for STDC and FAR definitions */ - #define local static /* Find a four-byte integer type for crc32_little() and crc32_big(). */ diff --git a/source4/lib/zlib/deflate.c b/source4/lib/zlib/deflate.c index 29ce1f64a5..2720aab911 100644 --- a/source4/lib/zlib/deflate.c +++ b/source4/lib/zlib/deflate.c @@ -154,9 +154,6 @@ local const config configuration_table[10] = { * meaning. */ -#define EQUAL 0 -/* result of memcmp for equal strings */ - #ifndef NO_DUMMY_DECL struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ #endif @@ -297,7 +294,7 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || s->pending_buf == Z_NULL) { s->status = FINISH_STATE; - strm->msg = (char*)ERR_MSG(Z_MEM_ERROR); + strm->msg = ERR_MSG(Z_MEM_ERROR); deflateEnd (strm); return Z_MEM_ERROR; } @@ -1226,6 +1223,9 @@ local uInt longest_match_fast(s, cur_match) } #ifdef DEBUG +#define EQUAL 0 +/* result of memcmp for equal strings */ + /* =========================================================================== * Check that the match at match_start is indeed a match. */ diff --git a/source4/lib/zlib/gzio.c b/source4/lib/zlib/gzio.c index 7e90f4928f..0b51297936 100644 --- a/source4/lib/zlib/gzio.c +++ b/source4/lib/zlib/gzio.c @@ -7,8 +7,6 @@ /* @(#) $Id$ */ -#include - #include "zutil.h" #ifdef NO_DEFLATE /* for compatibility with old definition */ @@ -46,7 +44,7 @@ extern void free OF((voidpf ptr)); static int const gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */ /* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ +/*#define ASCII_FLAG 0x01 *//* bit 0 set: file probably ascii text */ #define HEAD_CRC 0x02 /* bit 1 set: header CRC present */ #define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ #define ORIG_NAME 0x08 /* bit 3 set: original file name present */ @@ -98,7 +96,7 @@ local gzFile gz_open (path, mode, fd) int err; int level = Z_DEFAULT_COMPRESSION; /* compression level */ int strategy = Z_DEFAULT_STRATEGY; /* compression strategy */ - char *p = (char*)mode; + const char *p = mode; gz_stream *s; char fmode[80]; /* copy of mode, without the compression level */ char *m = fmode; @@ -565,7 +563,7 @@ int ZEXPORT gzwrite (file, buf, len) if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR; - s->stream.next_in = (Bytef*)buf; + s->stream.next_in = (const Bytef*)buf; s->stream.avail_in = len; while (s->stream.avail_in != 0) { @@ -694,7 +692,7 @@ int ZEXPORT gzputs(file, s) gzFile file; const char *s; { - return gzwrite(file, (char*)s, (unsigned)strlen(s)); + return gzwrite(file, (voidpc)s, (unsigned)strlen(s)); } @@ -988,7 +986,7 @@ const char * ZEXPORT gzerror (file, errnum) gzFile file; int *errnum; { - char *m; + const char *m; gz_stream *s = (gz_stream*)file; if (s == NULL) { @@ -998,9 +996,9 @@ const char * ZEXPORT gzerror (file, errnum) *errnum = s->z_err; if (*errnum == Z_OK) return (const char*)""; - m = (char*)(*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg); + m = (*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg); - if (m == NULL || *m == '\0') m = (char*)ERR_MSG(s->z_err); + if (m == NULL || *m == '\0') m = ERR_MSG(s->z_err); TRYFREE(s->msg); s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3); diff --git a/source4/lib/zlib/infback.c b/source4/lib/zlib/infback.c index 455dbc9ee8..5680937f34 100644 --- a/source4/lib/zlib/infback.c +++ b/source4/lib/zlib/infback.c @@ -246,7 +246,7 @@ out_func out; void FAR *out_desc; { struct inflate_state FAR *state; - unsigned char FAR *next; /* next input */ + unsigned const char FAR *next; /* next input */ unsigned char FAR *put; /* next output */ unsigned have, left; /* available input and output */ unsigned long hold; /* bit buffer */ @@ -308,7 +308,7 @@ void FAR *out_desc; state->mode = TABLE; break; case 3: - strm->msg = (char *)"invalid block type"; + strm->msg = "invalid block type"; state->mode = BAD; } DROPBITS(2); @@ -319,7 +319,7 @@ void FAR *out_desc; BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { - strm->msg = (char *)"invalid stored block lengths"; + strm->msg = "invalid stored block lengths"; state->mode = BAD; break; } @@ -357,7 +357,7 @@ void FAR *out_desc; DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { - strm->msg = (char *)"too many length or distance symbols"; + strm->msg = "too many length or distance symbols"; state->mode = BAD; break; } @@ -379,7 +379,7 @@ void FAR *out_desc; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid code lengths set"; + strm->msg = "invalid code lengths set"; state->mode = BAD; break; } @@ -403,7 +403,7 @@ void FAR *out_desc; NEEDBITS(this.bits + 2); DROPBITS(this.bits); if (state->have == 0) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = "invalid bit length repeat"; state->mode = BAD; break; } @@ -426,7 +426,7 @@ void FAR *out_desc; DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = "invalid bit length repeat"; state->mode = BAD; break; } @@ -445,7 +445,7 @@ void FAR *out_desc; ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid literal/lengths set"; + strm->msg = "invalid literal/lengths set"; state->mode = BAD; break; } @@ -454,7 +454,7 @@ void FAR *out_desc; ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { - strm->msg = (char *)"invalid distances set"; + strm->msg = "invalid distances set"; state->mode = BAD; break; } @@ -512,7 +512,7 @@ void FAR *out_desc; /* invalid code */ if (this.op & 64) { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = "invalid literal/length code"; state->mode = BAD; break; } @@ -544,7 +544,7 @@ void FAR *out_desc; } DROPBITS(this.bits); if (this.op & 64) { - strm->msg = (char *)"invalid distance code"; + strm->msg = "invalid distance code"; state->mode = BAD; break; } @@ -559,7 +559,7 @@ void FAR *out_desc; } if (state->offset > state->wsize - (state->whave < state->wsize ? left : 0)) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = "invalid distance too far back"; state->mode = BAD; break; } diff --git a/source4/lib/zlib/inffast.c b/source4/lib/zlib/inffast.c index bbee92ed1e..bfc727694a 100644 --- a/source4/lib/zlib/inffast.c +++ b/source4/lib/zlib/inffast.c @@ -69,8 +69,8 @@ z_streamp strm; unsigned start; /* inflate()'s starting value for strm->avail_out */ { struct inflate_state FAR *state; - unsigned char FAR *in; /* local strm->next_in */ - unsigned char FAR *last; /* while in < last, enough input available */ + unsigned const char FAR *in; /* local strm->next_in */ + unsigned const char FAR *last; /* while in < last, enough input available */ unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ @@ -187,7 +187,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ if (dist > op) { /* see if copy from window */ op = dist - op; /* distance back in window */ if (op > whave) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = "invalid distance too far back"; state->mode = BAD; break; } @@ -263,7 +263,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ goto dodist; } else { - strm->msg = (char *)"invalid distance code"; + strm->msg = "invalid distance code"; state->mode = BAD; break; } @@ -278,7 +278,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ break; } else { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = "invalid literal/length code"; state->mode = BAD; break; } diff --git a/source4/lib/zlib/inflate.c b/source4/lib/zlib/inflate.c index 0c1ff17951..fbecefd8f5 100644 --- a/source4/lib/zlib/inflate.c +++ b/source4/lib/zlib/inflate.c @@ -97,7 +97,7 @@ local int updatewindow OF((z_streamp strm, unsigned out)); #ifdef BUILDFIXED void makefixed OF((void)); #endif -local unsigned syncsearch OF((unsigned FAR *have, unsigned char FAR *buf, +local unsigned syncsearch OF((unsigned FAR *have, unsigned const char FAR *buf, unsigned len)); int ZEXPORT inflateReset2(strm, flags) @@ -565,7 +565,7 @@ z_streamp strm; int flush; { struct inflate_state FAR *state; - unsigned char FAR *next; /* next input */ + unsigned const char FAR *next; /* next input */ unsigned char FAR *put; /* next output */ unsigned have, left; /* available input and output */ unsigned long hold; /* bit buffer */ @@ -617,19 +617,19 @@ int flush; if ( #endif ((BITS(8) << 8) + (hold >> 8)) % 31) { - strm->msg = (char *)"incorrect header check"; + strm->msg = "incorrect header check"; state->mode = BAD; break; } if (BITS(4) != Z_DEFLATED) { - strm->msg = (char *)"unknown compression method"; + strm->msg = "unknown compression method"; state->mode = BAD; break; } DROPBITS(4); len = BITS(4) + 8; if (len > state->wbits) { - strm->msg = (char *)"invalid window size"; + strm->msg = "invalid window size"; state->mode = BAD; break; } @@ -644,12 +644,12 @@ int flush; NEEDBITS(16); state->flags = (int)(hold); if ((state->flags & 0xff) != Z_DEFLATED) { - strm->msg = (char *)"unknown compression method"; + strm->msg = "unknown compression method"; state->mode = BAD; break; } if (state->flags & 0xe000) { - strm->msg = (char *)"unknown header flags set"; + strm->msg = "unknown header flags set"; state->mode = BAD; break; } @@ -753,7 +753,7 @@ int flush; if (state->flags & 0x0200) { NEEDBITS(16); if (hold != (state->check & 0xffff)) { - strm->msg = (char *)"header crc mismatch"; + strm->msg = "header crc mismatch"; state->mode = BAD; break; } @@ -808,7 +808,7 @@ int flush; state->mode = TABLE; break; case 3: - strm->msg = (char *)"invalid block type"; + strm->msg = "invalid block type"; state->mode = BAD; } DROPBITS(2); @@ -817,7 +817,7 @@ int flush; BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { - strm->msg = (char *)"invalid stored block lengths"; + strm->msg = "invalid stored block lengths"; state->mode = BAD; break; } @@ -853,7 +853,7 @@ int flush; DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { - strm->msg = (char *)"too many length or distance symbols"; + strm->msg = "too many length or distance symbols"; state->mode = BAD; break; } @@ -875,7 +875,7 @@ int flush; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid code lengths set"; + strm->msg = "invalid code lengths set"; state->mode = BAD; break; } @@ -899,7 +899,7 @@ int flush; NEEDBITS(this.bits + 2); DROPBITS(this.bits); if (state->have == 0) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = "invalid bit length repeat"; state->mode = BAD; break; } @@ -922,7 +922,7 @@ int flush; DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = "invalid bit length repeat"; state->mode = BAD; break; } @@ -941,7 +941,7 @@ int flush; ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid literal/lengths set"; + strm->msg = "invalid literal/lengths set"; state->mode = BAD; break; } @@ -950,7 +950,7 @@ int flush; ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { - strm->msg = (char *)"invalid distances set"; + strm->msg = "invalid distances set"; state->mode = BAD; break; } @@ -993,7 +993,7 @@ int flush; break; } if (this.op & 64) { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = "invalid literal/length code"; state->mode = BAD; break; } @@ -1025,7 +1025,7 @@ int flush; } DROPBITS(this.bits); if (this.op & 64) { - strm->msg = (char *)"invalid distance code"; + strm->msg = "invalid distance code"; state->mode = BAD; break; } @@ -1040,13 +1040,13 @@ int flush; } #ifdef INFLATE_STRICT if (state->offset > state->dmax) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = "invalid distance too far back"; state->mode = BAD; break; } #endif if (state->offset > state->whave + out - left) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = "invalid distance too far back"; state->mode = BAD; break; } @@ -1098,7 +1098,7 @@ int flush; state->flags ? hold : #endif REVERSE(hold)) != state->check) { - strm->msg = (char *)"incorrect data check"; + strm->msg = "incorrect data check"; state->mode = BAD; break; } @@ -1111,7 +1111,7 @@ int flush; if (state->wrap && state->flags) { NEEDBITS(32); if (hold != (state->total & 0xffffffffUL)) { - strm->msg = (char *)"incorrect length check"; + strm->msg = "incorrect length check"; state->mode = BAD; break; } @@ -1247,7 +1247,7 @@ gz_headerp head; */ local unsigned syncsearch(have, buf, len) unsigned FAR *have; -unsigned char FAR *buf; +unsigned const char FAR *buf; unsigned len; { unsigned got; diff --git a/source4/lib/zlib/trees.c b/source4/lib/zlib/trees.c index 395e4e1681..eb55679adc 100644 --- a/source4/lib/zlib/trees.c +++ b/source4/lib/zlib/trees.c @@ -150,8 +150,8 @@ local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); local int build_bl_tree OF((deflate_state *s)); local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, int blcodes)); -local void compress_block OF((deflate_state *s, ct_data *ltree, - ct_data *dtree)); +local void compress_block OF((deflate_state *s, const ct_data *ltree, + const ct_data *dtree)); local void set_data_type OF((deflate_state *s)); local unsigned bi_reverse OF((unsigned value, int length)); local void bi_windup OF((deflate_state *s)); @@ -986,7 +986,7 @@ void _tr_flush_block(s, buf, stored_len, eof) } else if (s->strategy == Z_FIXED || static_lenb == opt_lenb) { #endif send_bits(s, (STATIC_TREES<<1)+eof, 3); - compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree); + compress_block(s, static_ltree, static_dtree); #ifdef DEBUG s->compressed_len += 3 + s->static_len; #endif @@ -994,7 +994,7 @@ void _tr_flush_block(s, buf, stored_len, eof) send_bits(s, (DYN_TREES<<1)+eof, 3); send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, max_blindex+1); - compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree); + compress_block(s, s->dyn_ltree, s->dyn_dtree); #ifdef DEBUG s->compressed_len += 3 + s->opt_len; #endif @@ -1071,8 +1071,8 @@ int _tr_tally (s, dist, lc) */ local void compress_block(s, ltree, dtree) deflate_state *s; - ct_data *ltree; /* literal tree */ - ct_data *dtree; /* distance tree */ + const ct_data *ltree; /* literal tree */ + const ct_data *dtree; /* distance tree */ { unsigned dist; /* distance of matched string */ int lc; /* match length or unmatched char (if dist == 0) */ diff --git a/source4/lib/zlib/uncompr.c b/source4/lib/zlib/uncompr.c index b59e3d0def..a052f22e74 100644 --- a/source4/lib/zlib/uncompr.c +++ b/source4/lib/zlib/uncompr.c @@ -5,8 +5,7 @@ /* @(#) $Id$ */ -#define ZLIB_INTERNAL -#include "zlib.h" +#include "zutil.h" /* =========================================================================== Decompresses the source buffer into the destination buffer. sourceLen is @@ -32,7 +31,7 @@ int ZEXPORT uncompress (dest, destLen, source, sourceLen) z_stream stream; int err; - stream.next_in = (Bytef*)source; + stream.next_in = source; stream.avail_in = (uInt)sourceLen; /* Check for source > 64K on 16-bit machine: */ if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; diff --git a/source4/lib/zlib/zlib.h b/source4/lib/zlib/zlib.h index e80eed9a7e..5549f9cf57 100644 --- a/source4/lib/zlib/zlib.h +++ b/source4/lib/zlib/zlib.h @@ -80,7 +80,7 @@ typedef void (*free_func) OF((voidpf opaque, voidpf address)); struct internal_state; typedef struct z_stream_s { - Bytef *next_in; /* next input byte */ + const Bytef *next_in; /* next input byte */ uInt avail_in; /* number of bytes available at next_in */ uLong total_in; /* total nb of input bytes read so far */ @@ -88,7 +88,7 @@ typedef struct z_stream_s { uInt avail_out; /* remaining free space at next_out */ uLong total_out; /* total nb of bytes output so far */ - char *msg; /* last error message, NULL if no error */ + const char *msg; /* last error message, NULL if no error */ struct internal_state FAR *state; /* not visible by applications */ alloc_func zalloc; /* used to allocate the internal state */ @@ -210,6 +210,16 @@ typedef gz_header FAR *gz_headerp; #define zlib_version zlibVersion() /* for compatibility with versions < 1.0.2 */ +#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1) +/** Use gcc attribute to check printf fns. a1 is the 1-based index of + * the parameter containing the format, and a2 the index of the first + * argument. Note that some gcc 2.x versions don't handle this + * properly **/ +#define _Z_PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2))) +#else +#define _Z_PRINTF_ATTRIBUTE(a1, a2) +#endif + /* basic functions */ ZEXTERN const char * ZEXPORT zlibVersion OF((void)); @@ -887,7 +897,7 @@ ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits, match the version of the header file. */ -typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); +typedef unsigned (*in_func) OF((void FAR *, unsigned const char FAR * FAR *)); typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm, @@ -1132,7 +1142,8 @@ ZEXTERN int ZEXPORT gzwrite OF((gzFile file, (0 in case of error). */ -ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); +ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)) + _Z_PRINTF_ATTRIBUTE(2, 3); /* Converts, formats, and writes the args to the compressed file under control of the format string, as in fprintf. gzprintf returns the number of diff --git a/source4/lib/zlib/zutil.h b/source4/lib/zlib/zutil.h index b7d5eff81b..edd8e0acbb 100644 --- a/source4/lib/zlib/zutil.h +++ b/source4/lib/zlib/zutil.h @@ -56,7 +56,7 @@ extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ #define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] #define ERR_RETURN(strm,err) \ - return (strm->msg = (char*)ERR_MSG(err), (err)) + return (strm->msg = ERR_MSG(err), (err)) /* To be used only when the state is known to be valid */ /* common constants */ -- cgit From 7474196d837eb6f9c8e6f26cd649cbb638fd34d8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 18 Aug 2008 14:26:53 +0200 Subject: zlib: mark as modified for samba metze (This used to be commit 0fb265e567d700b3c16eb8f28bc5f26653a819fa) --- source4/lib/zlib/zlib.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source4/lib/zlib/zlib.h b/source4/lib/zlib/zlib.h index 5549f9cf57..edf09d2b1e 100644 --- a/source4/lib/zlib/zlib.h +++ b/source4/lib/zlib/zlib.h @@ -37,8 +37,14 @@ extern "C" { #endif -#define ZLIB_VERSION "1.2.3" -#define ZLIB_VERNUM 0x1230 +#define ZLIB_VERSION "1.2.3.1.Samba" +#define ZLIB_VERNUM 0x1231 +/* + * Modified for Samba by Stefan Metzmacher 2008 + * + * inflateReset2() added and compiler warnings fixed + */ + /* The 'zlib' compression library provides in-memory compression and -- cgit From 6cd8e2bccf2023833f679963244f56ca6854eb66 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 7 Aug 2008 16:24:57 +0000 Subject: ndr_compression: use zlib's inflate() for decompression metze (This used to be commit 25876fc4ab8ba11f00d24bb8ceb517c0e4a4d72d) --- source4/librpc/config.mk | 3 +- source4/librpc/ndr/ndr_compression.c | 92 +++++++++++++++++++++++++++++++----- 2 files changed, 83 insertions(+), 12 deletions(-) diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index d87683dd6f..452bad74fe 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -43,7 +43,8 @@ MANPAGES += $(librpcsrcdir)/tools/ndrdump.1 ################################################ # Start SUBSYSTEM NDR_COMPRESSION [SUBSYSTEM::NDR_COMPRESSION] -PUBLIC_DEPENDENCIES = LIBCOMPRESSION LIBSAMBA-ERRORS LIBNDR +PRIVATE_DEPENDENCIES = LIBCOMPRESSION ZLIB +PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBNDR # End SUBSYSTEM NDR_COMPRESSION ################################################ diff --git a/source4/librpc/ndr/ndr_compression.c b/source4/librpc/ndr/ndr_compression.c index ffa37f61a3..7c2aca72e9 100644 --- a/source4/librpc/ndr/ndr_compression.c +++ b/source4/librpc/ndr/ndr_compression.c @@ -21,14 +21,24 @@ */ #include "includes.h" -#include "lib/compression/mszip.h" #include "lib/compression/lzxpress.h" #include "librpc/ndr/libndr.h" #include "librpc/ndr/ndr_compression.h" +#include + +static voidpf ndr_zlib_alloc(voidpf opaque, uInt items, uInt size) +{ + return talloc_zero_size(opaque, items * size); +} + +static void ndr_zlib_free(voidpf opaque, voidpf address) +{ + talloc_free(address); +} static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpull, struct ndr_push *ndrpush, - struct decomp_state *decomp_state, + z_stream *z, bool *last) { DATA_BLOB comp_chunk; @@ -37,7 +47,7 @@ static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpu DATA_BLOB plain_chunk; uint32_t plain_chunk_offset; uint32_t plain_chunk_size; - int ret; + int z_ret; NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &plain_chunk_size)); if (plain_chunk_size > 0x00008000) { @@ -60,10 +70,71 @@ static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpu plain_chunk.length = plain_chunk_size; plain_chunk.data = ndrpush->data + plain_chunk_offset; - ret = ZIPdecompress(decomp_state, &comp_chunk, &plain_chunk); - if (ret != DECR_OK) { - return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, "Bad ZIPdecompress() error %d (PULL)", - ret); + if (comp_chunk.length < 2) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "Bad MSZIP comp chunk size %u < 2 (PULL)", + (unsigned int)comp_chunk.length); + } + /* CK = Chris Kirmse, official Microsoft purloiner */ + if (comp_chunk.data[0] != 'C' || + comp_chunk.data[1] != 'K') { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "Bad MSZIP invalid prefix [%c%c] != [CK]", + comp_chunk.data[0], comp_chunk.data[1]); + } + + z->next_in = comp_chunk.data + 2; + z->avail_in = comp_chunk.length -2; + z->total_in = 0; + + z->next_out = plain_chunk.data; + z->avail_out = plain_chunk.length; + z->total_out = 0; + + if (!z->opaque) { + /* the first time we need to intialize completely */ + z->zalloc = ndr_zlib_alloc; + z->zfree = ndr_zlib_free; + z->opaque = ndrpull; + + z_ret = inflateInit2(z, -15); + if (z_ret != Z_OK) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "Bad inflateInit2 error %s(%d) (PULL)", + zError(z_ret), z_ret); + + } + } else { + z_ret = inflateReset2(z, Z_RESET_KEEP_WINDOW); + if (z_ret != Z_OK) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "Bad inflateReset2 error %s(%d) (PULL)", + zError(z_ret), z_ret); + } + } + + /* call inflate untill we get Z_STREAM_END or an error */ + while (true) { + z_ret = inflate(z, Z_BLOCK); + if (z_ret != Z_OK) break; + } + + if (z_ret != Z_STREAM_END) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "Bad inflate(Z_BLOCK) error %s(%d) (PULL)", + zError(z_ret), z_ret); + } + + if (z->avail_in) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "MSZIP not all avail_in[%u] bytes consumed (PULL)", + z->avail_in); + } + + if (z->avail_out) { + return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, + "MSZIP not all avail_out[%u] bytes consumed (PULL)", + z->avail_out); } if ((plain_chunk_size < 0x00008000) || (ndrpull->offset+4 >= ndrpull->data_size)) { @@ -85,17 +156,16 @@ static enum ndr_err_code ndr_pull_compression_mszip(struct ndr_pull *subndr, uint32_t payload_size; uint32_t payload_offset; uint8_t *payload; - struct decomp_state *decomp_state; + z_stream z; bool last = false; ndrpush = ndr_push_init_ctx(subndr, subndr->iconv_convenience); NDR_ERR_HAVE_NO_MEMORY(ndrpush); - decomp_state = ZIPdecomp_state(subndr); - NDR_ERR_HAVE_NO_MEMORY(decomp_state); + ZERO_STRUCT(z); while (!last) { - NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, decomp_state, &last)); + NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, &z, &last)); } uncompressed = ndr_push_blob(ndrpush); -- cgit From 4422617f7a5c36740263397b1672f75efe879520 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 18 Aug 2008 15:33:11 +0200 Subject: librpc: don't build the old mszip decompression code metze (This used to be commit f48dfd87badcddc64a1c0bf52939188a4a8f4add) --- source4/lib/basic.mk | 4 ++-- source4/librpc/config.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/lib/basic.mk b/source4/lib/basic.mk index 0c68fda2df..4d076684cd 100644 --- a/source4/lib/basic.mk +++ b/source4/lib/basic.mk @@ -1,6 +1,6 @@ -[SUBSYSTEM::LIBCOMPRESSION] +[SUBSYSTEM::LZXPRESS] -LIBCOMPRESSION_OBJ_FILES = $(libcompressionsrcdir)/mszip.o $(libcompressionsrcdir)/lzxpress.o +LZXPRESS_OBJ_FILES = $(libcompressionsrcdir)/lzxpress.o [SUBSYSTEM::GENCACHE] PRIVATE_DEPENDENCIES = TDB_WRAP diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 452bad74fe..09be67d5aa 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -43,7 +43,7 @@ MANPAGES += $(librpcsrcdir)/tools/ndrdump.1 ################################################ # Start SUBSYSTEM NDR_COMPRESSION [SUBSYSTEM::NDR_COMPRESSION] -PRIVATE_DEPENDENCIES = LIBCOMPRESSION ZLIB +PRIVATE_DEPENDENCIES = ZLIB LZXPRESS PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBNDR # End SUBSYSTEM NDR_COMPRESSION ################################################ -- cgit From 47d80366bef5e62b6727a574b2300cc94a2e18f7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Aug 2008 11:43:41 +1000 Subject: Fix templates.ldb reprovision handling. This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b) --- source4/scripting/python/samba/provision.py | 12 +++++++++++- source4/setup/provision_templates.ldif | 10 ---------- source4/setup/provision_templates_init.ldif | 10 ++++++++++ 3 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 source4/setup/provision_templates_init.ldif diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 4f7fbfc6e6..836509a620 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -617,7 +617,17 @@ def setup_templatesdb(path, setup_path, session_info, credentials, lp): """ templates_ldb = SamDB(path, session_info=session_info, credentials=credentials, lp=lp) - templates_ldb.erase() + # Wipes the database + try: + templates_ldb.erase() + except: + os.unlink(path) + + templates_ldb.load_ldif_file_add(setup_path("provision_templates_init.ldif")) + + templates_ldb = SamDB(path, session_info=session_info, + credentials=credentials, lp=lp) + templates_ldb.load_ldif_file_add(setup_path("provision_templates.ldif")) diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 8f4ed08252..04257549d5 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -2,16 +2,6 @@ # Templates to be put in templates.ldb. Not part of main samdb any more. ### -dn: @OPTIONS -checkBaseOnSearch: TRUE - -dn: @INDEXLIST -@IDXATTR: cn - -dn: @ATTRIBUTES -cn: CASE_INSENSITIVE -dn: CASE_INSENSITIVE - dn: CN=Templates objectClass: top objectClass: container diff --git a/source4/setup/provision_templates_init.ldif b/source4/setup/provision_templates_init.ldif new file mode 100644 index 0000000000..6d6a3c228c --- /dev/null +++ b/source4/setup/provision_templates_init.ldif @@ -0,0 +1,10 @@ +dn: @OPTIONS +checkBaseOnSearch: TRUE + +dn: @INDEXLIST +@IDXATTR: cn + +dn: @ATTRIBUTES +cn: CASE_INSENSITIVE +dn: CASE_INSENSITIVE + -- cgit From 805dd85291fa55695ee7ae2b8f6d3c168d9186e8 Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Tue, 19 Aug 2008 12:03:04 +1000 Subject: Generate Multi-Master Replication configuration for OpenLDAP This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52) --- source4/scripting/python/samba/provision.py | 86 ++++++++++++++++++++++++++--- source4/setup/mmr_serverids.conf | 1 + source4/setup/mmr_syncrepl.conf | 10 ++++ source4/setup/provision-backend | 7 ++- source4/setup/slapd.conf | 36 ++++++++++-- 5 files changed, 128 insertions(+), 12 deletions(-) create mode 100644 source4/setup/mmr_serverids.conf create mode 100644 source4/setup/mmr_syncrepl.conf diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 4f7fbfc6e6..8abcc2f2e3 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -76,7 +76,9 @@ class ProvisionPaths(object): self.memberofconf = None self.fedoradsinf = None self.fedoradspartitions = None - + self.olmmron = None + self.olmmrserveridsconf = None + self.olmmrsyncreplconf = None class ProvisionNames(object): def __init__(self): @@ -242,8 +244,12 @@ def provision_paths_from_lp(lp, dnsdomain): "memberof.conf") paths.fedoradsinf = os.path.join(paths.ldapdir, "fedorads.inf") - paths.fedoradspartitions = os.path.join(paths.ldapdir, - "fedorads-partitions.ldif") + paths.olmmrserveridsconf = os.path.join(paths.ldapdir, + "mmr_serverids.conf") + paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, + "mmr_syncrepl.conf") + paths.olmmron = os.path.join(paths.ldapdir, + "mmr_on.conf") paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" paths.hkcu = "hkcu.ldb" @@ -331,7 +337,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= names.hostname = hostname names.sitename = sitename names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn) - + return names @@ -1141,7 +1147,11 @@ def provision_backend(setup_dir=None, message=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, adminpass=None, root=None, serverrole=None, - ldap_backend_type=None, ldap_backend_port=None): + ldap_backend_type=None, ldap_backend_port=None, + ol_mmr_urls=None, mmr_serverids_config=None, mmr_on_config=None, + mmr_syncrepl_schema_config=None, + mmr_syncrepl_config_config=None, + mmr_syncrepl_user_config=None ): def setup_path(file): return os.path.join(setup_dir, file) @@ -1255,7 +1265,64 @@ def provision_backend(setup_dir=None, message=None, refint_config = read_and_sub_file(setup_path("refint.conf"), { "LINK_ATTRS" : refint_attributes}) - + +######################################################## +### generate serverids and ldap-urls for mmr hosts ### +######################################################## + + mmr_on_config = " " + mmr_serverids_config = " " + + if ol_mmr_urls is not None: + mmr_hosts=ol_mmr_urls + mmr_hosts=filter(None,mmr_hosts.split(' ')) + + mmr_serverids_config = "# Generated from template mmr_serverids.conf\n" + z=0 + for i in mmr_hosts: + z=z+1 + mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"), + { "SERVERID" : str(z), + "LDAPSERVER" : i }) + mmr_on_config = "MirrorMode On" + +######################################################## +### generate syncrepl-blocks for mmr hosts ### +######################################################## + + mmr_syncrepl_schema_config = " " + mmr_syncrepl_config_config = " " + mmr_syncrepl_user_config = " " + + if ol_mmr_urls is not None: + mmr_hosts=ol_mmr_urls + mmr_hosts=filter(None,mmr_hosts.split(' ')) + mmr_syncrepl_schema_config = "# Generated from template mmr_syncrepl.conf\n" + mmr_syncrepl_config_config = "# Generated from template mmr_syncrepl.conf\n" + mmr_syncrepl_user_config = "# Generated from template mmr_syncrepl.conf\n" + z=0 + for i in mmr_hosts: + z=z+1 + mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), + { "RID" : str(z), + "MMRDN": names.schemadn, + "LDAPSERVER" : i }) + + for i in mmr_hosts: + z=z+1 + mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), + { "RID" : str(z), + "MMRDN": names.configdn, + "LDAPSERVER" : i }) + + for i in mmr_hosts: + z=z+1 + mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), + { "RID" : str(z), + "MMRDN": names.domaindn, + "LDAPSERVER" : i }) + + setup_file(setup_path("slapd.conf"), paths.slapdconf, {"DNSDOMAIN": names.dnsdomain, "LDAPDIR": paths.ldapdir, @@ -1263,8 +1330,13 @@ def provision_backend(setup_dir=None, message=None, "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "MEMBEROF_CONFIG": memberof_config, + "MIRRORMODE": mmr_on_config, + "MMR_SERVERIDS_CONFIG": mmr_serverids_config, + "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config, + "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config, + "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config, "REFINT_CONFIG": refint_config}) - setup_file(setup_path("modules.conf"), paths.modulesconf, + setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) setup_db_config(setup_path, os.path.join(paths.ldapdir, "db", "user")) diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf new file mode 100644 index 0000000000..863508d0d6 --- /dev/null +++ b/source4/setup/mmr_serverids.conf @@ -0,0 +1 @@ +ServerID ${SERVERID} "${LDAPSERVER}:9000" diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf new file mode 100644 index 0000000000..857f044ccd --- /dev/null +++ b/source4/setup/mmr_syncrepl.conf @@ -0,0 +1,10 @@ +syncrepl rid=${RID} + provider="${LDAPSERVER}:9000" + searchbase="${MMRDN}" + type=refreshAndPersist + retry="10 +" + bindmethod=simple + binddn="CN=Manager,${MMRDN}" + credentials="linux" + + diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 845dc8679a..049b8752a6 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -64,6 +64,9 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", help="Set server role to provision for (default standalone)") parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") +parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", + help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR") + opts = parser.parse_args()[0] @@ -99,4 +102,6 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd adminpass=opts.ldap_admin_pass, root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, - ldap_backend_port=opts.ldap_backend_port) + ldap_backend_port=opts.ldap_backend_port, + ol_mmr_urls=opts.ol_mmr_urls) + diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 4dcfd2aba7..be68ec2588 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -1,5 +1,10 @@ loglevel 0 +### Multimaster-ServerIDs and URLs ### + +${MMR_SERVERIDS_CONFIG} + + include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid @@ -52,10 +57,12 @@ suffix cn=Samba directory ${LDAPDIR}/db/samba rootdn cn=Manager,cn=Samba - +######################################## +### cn=schema ### database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} +rootpw linux directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -64,16 +71,25 @@ index objectCategory eq index lDAPDisplayName eq index subClassOf eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 + +### Multimaster-Replication of cn=schema Subcontext ### +${MMR_SYNCREPL_SCHEMA_CONFIG} +${MIRRORMODE} + +######################################### +### cn=config ### database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} +rootpw linux directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -85,16 +101,24 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 + +### Multimaster-Replication of cn=config Subcontext ### +${MMR_SYNCREPL_CONFIG_CONFIG} +${MIRRORMODE} +######################################## +### cn=users /base-dn ### database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} +rootpw linux directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq @@ -110,10 +134,14 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 +### Multimaster-Replication of cn=user/base-dn context ### +${MMR_SYNCREPL_USER_CONFIG} +${MIRRORMODE} -- cgit From 7ef21658fbb519859aa7d23a614e1fdbcae95693 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Aug 2008 14:10:14 +1000 Subject: Fix up new OpenLDAP MMR code. This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce) --- source4/scripting/python/samba/provision.py | 67 +++++++++-------------- source4/setup/mmr_serverids.conf | 3 +- source4/setup/mmr_syncrepl.conf | 6 +- source4/setup/slapd.conf | 6 +- source4/setup/tests/blackbox_provision-backend.sh | 1 + 5 files changed, 36 insertions(+), 47 deletions(-) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 8abcc2f2e3..f48a49dcfa 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -243,13 +243,13 @@ def provision_paths_from_lp(lp, dnsdomain): paths.memberofconf = os.path.join(paths.ldapdir, "memberof.conf") paths.fedoradsinf = os.path.join(paths.ldapdir, - "fedorads.inf") + "fedorads.inf") + paths.fedoradspartitions = os.path.join(paths.ldapdir, + "fedorads-partitions.ldif") paths.olmmrserveridsconf = os.path.join(paths.ldapdir, - "mmr_serverids.conf") + "mmr_serverids.conf") paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, - "mmr_syncrepl.conf") - paths.olmmron = os.path.join(paths.ldapdir, - "mmr_on.conf") + "mmr_syncrepl.conf") paths.hklm = "hklm.ldb" paths.hkcr = "hkcr.ldb" paths.hkcu = "hkcu.ldb" @@ -1148,10 +1148,7 @@ def provision_backend(setup_dir=None, message=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, adminpass=None, root=None, serverrole=None, ldap_backend_type=None, ldap_backend_port=None, - ol_mmr_urls=None, mmr_serverids_config=None, mmr_on_config=None, - mmr_syncrepl_schema_config=None, - mmr_syncrepl_config_config=None, - mmr_syncrepl_user_config=None ): + ol_mmr_urls=None): def setup_path(file): return os.path.join(setup_dir, file) @@ -1266,61 +1263,48 @@ def provision_backend(setup_dir=None, message=None, refint_config = read_and_sub_file(setup_path("refint.conf"), { "LINK_ATTRS" : refint_attributes}) -######################################################## -### generate serverids and ldap-urls for mmr hosts ### -######################################################## - - mmr_on_config = " " - mmr_serverids_config = " " - +# generate serverids, ldap-urls and syncrepl-blocks for mmr hosts + mmr_on_config = "" + mmr_serverids_config = "" + mmr_syncrepl_schema_config = "" + mmr_syncrepl_config_config = "" + mmr_syncrepl_user_config = "" + if ol_mmr_urls is not None: - mmr_hosts=ol_mmr_urls - mmr_hosts=filter(None,mmr_hosts.split(' ')) + mmr_hosts=filter(None,ol_mmr_urls.split(' ')) + if (len(mmr_hosts) == 1): + mmr_hosts=filter(None,ol_mmr_urls.split(',')) + + + mmr_on_config = "MirrorMode On" - mmr_serverids_config = "# Generated from template mmr_serverids.conf\n" z=0 for i in mmr_hosts: z=z+1 mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"), { "SERVERID" : str(z), "LDAPSERVER" : i }) - mmr_on_config = "MirrorMode On" - -######################################################## -### generate syncrepl-blocks for mmr hosts ### -######################################################## - mmr_syncrepl_schema_config = " " - mmr_syncrepl_config_config = " " - mmr_syncrepl_user_config = " " - - if ol_mmr_urls is not None: - mmr_hosts=ol_mmr_urls - mmr_hosts=filter(None,mmr_hosts.split(' ')) - mmr_syncrepl_schema_config = "# Generated from template mmr_syncrepl.conf\n" - mmr_syncrepl_config_config = "# Generated from template mmr_syncrepl.conf\n" - mmr_syncrepl_user_config = "# Generated from template mmr_syncrepl.conf\n" - z=0 - for i in mmr_hosts: z=z+1 mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(z), "MMRDN": names.schemadn, - "LDAPSERVER" : i }) + "LDAPSERVER" : i, + "MMR_PASSWORD": adminpass}) - for i in mmr_hosts: z=z+1 mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(z), "MMRDN": names.configdn, - "LDAPSERVER" : i }) + "LDAPSERVER" : i, + "MMR_PASSWORD": adminpass}) - for i in mmr_hosts: z=z+1 mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"), { "RID" : str(z), "MMRDN": names.domaindn, - "LDAPSERVER" : i }) + "LDAPSERVER" : i, + "MMR_PASSWORD": adminpass }) setup_file(setup_path("slapd.conf"), paths.slapdconf, @@ -1335,6 +1319,7 @@ def provision_backend(setup_dir=None, message=None, "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config, "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config, "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config, + "MMR_PASSWORD": adminpass, "REFINT_CONFIG": refint_config}) setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf index 863508d0d6..c6d14010b4 100644 --- a/source4/setup/mmr_serverids.conf +++ b/source4/setup/mmr_serverids.conf @@ -1 +1,2 @@ -ServerID ${SERVERID} "${LDAPSERVER}:9000" +# Generated from template mmr_serverids.conf +ServerID ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf index 857f044ccd..5fa8b8f8a0 100644 --- a/source4/setup/mmr_syncrepl.conf +++ b/source4/setup/mmr_syncrepl.conf @@ -1,10 +1,12 @@ +# Generated from template mmr_syncrepl.conf + syncrepl rid=${RID} - provider="${LDAPSERVER}:9000" + provider="${LDAPSERVER}" searchbase="${MMRDN}" type=refreshAndPersist retry="10 +" bindmethod=simple binddn="CN=Manager,${MMRDN}" - credentials="linux" + credentials="${MMR_PASSWORD}" diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index be68ec2588..141c0cd27a 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -62,7 +62,7 @@ rootdn cn=Manager,cn=Samba database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -89,7 +89,7 @@ ${MIRRORMODE} database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -118,7 +118,7 @@ ${MIRRORMODE} database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh index 312ca5c70e..04f22dbf1d 100755 --- a/source4/setup/tests/blackbox_provision-backend.sh +++ b/source4/setup/tests/blackbox_provision-backend.sh @@ -13,6 +13,7 @@ shift 1 . `dirname $0`/../../../testprogs/blackbox/subunit.sh testit "openldap-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend +testit "openldap-mmr-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls='ldap://localdc1:9000,ldap://localdc2:9000,ldap://localdc3:9000' testit "fedora-ds-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=fedora-ds --targetdir=$PREFIX/fedora-ds-backend reprovision() { -- cgit