2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "dsdb/samdb/samdb.h"
24 #include "lib/ldb/include/ldb_errors.h"
25 #include "lib/util/dlinklist.h"
26 #include "librpc/gen_ndr/ndr_misc.h"
27 #include "librpc/gen_ndr/ndr_drsuapi.h"
28 #include "librpc/gen_ndr/ndr_drsblobs.h"
30 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
34 schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings);
35 W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
37 for (i=0, j=0; i < ctr->num_mappings; i++) {
38 if (ctr->mappings[i].oid.oid == NULL) {
39 return WERR_INVALID_PARAM;
42 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
43 if (ctr->mappings[i].id_prefix != 0) {
44 return WERR_INVALID_PARAM;
47 /* the magic value should be in the last array member */
48 if (i != (ctr->num_mappings - 1)) {
49 return WERR_INVALID_PARAM;
52 if (ctr->mappings[i].oid.__ndr_size != 21) {
53 return WERR_INVALID_PARAM;
56 schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
57 W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
59 /* the last array member should contain the magic value not a oid */
60 if (i == (ctr->num_mappings - 1)) {
61 return WERR_INVALID_PARAM;
64 schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16;
65 schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.",
66 ctr->mappings[i].oid.oid);
67 W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
68 schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
73 schema->num_prefixes = j;
77 WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
78 const struct ldb_val *prefixMap,
79 const struct ldb_val *schemaInfo)
82 enum ndr_err_code ndr_err;
83 struct prefixMapBlob pfm;
86 ndr_err = ndr_pull_struct_blob(prefixMap, schema, &pfm,
87 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
88 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
89 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
90 return ntstatus_to_werror(nt_status);
93 if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
97 if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) {
101 /* append the schema info as last element */
102 pfm.ctr.dsdb.num_mappings++;
103 pfm.ctr.dsdb.mappings = talloc_realloc(schema, pfm.ctr.dsdb.mappings,
104 struct drsuapi_DsReplicaOIDMapping,
105 pfm.ctr.dsdb.num_mappings);
106 W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
108 schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
109 W_ERROR_HAVE_NO_MEMORY(schema_info);
111 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0;
112 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length;
113 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info;
115 /* call the drsuapi version */
116 status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
117 talloc_free(pfm.ctr.dsdb.mappings);
118 W_ERROR_NOT_OK_RETURN(status);
123 WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
124 bool include_schema_info,
126 struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
128 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
131 ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
132 W_ERROR_HAVE_NO_MEMORY(ctr);
134 ctr->num_mappings = schema->num_prefixes;
135 if (include_schema_info) ctr->num_mappings++;
136 ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
137 W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
139 for (i=0; i < schema->num_prefixes; i++) {
140 ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16;
141 ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings,
142 schema->prefixes[i].oid,
143 schema->prefixes[i].oid_len - 1);
144 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
147 if (include_schema_info) {
148 ctr->mappings[i].id_prefix = 0;
149 ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings,
150 schema->schema_info);
151 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
158 WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
160 struct ldb_val *prefixMap,
161 struct ldb_val *schemaInfo)
164 enum ndr_err_code ndr_err;
165 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
166 struct prefixMapBlob pfm;
168 status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
169 W_ERROR_NOT_OK_RETURN(status);
171 pfm.version = PREFIX_MAP_VERSION_DSDB;
175 ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, &pfm,
176 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
178 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
179 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
180 return ntstatus_to_werror(nt_status);
183 *schemaInfo = strhex_to_data_blob(schema->schema_info);
184 W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
185 talloc_steal(mem_ctx, schemaInfo->data);
190 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
194 for (i=0; i < ctr->num_mappings; i++) {
195 if (ctr->mappings[i].oid.oid == NULL) {
196 return WERR_INVALID_PARAM;
199 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
200 if (ctr->mappings[i].id_prefix != 0) {
201 return WERR_INVALID_PARAM;
204 /* the magic value should be in the last array member */
205 if (i != (ctr->num_mappings - 1)) {
206 return WERR_INVALID_PARAM;
209 if (ctr->mappings[i].oid.__ndr_size != 21) {
210 return WERR_INVALID_PARAM;
213 if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
214 return WERR_DS_DRA_SCHEMA_MISMATCH;
217 /* the last array member should contain the magic value not a oid */
218 if (i == (ctr->num_mappings - 1)) {
219 return WERR_INVALID_PARAM;
222 for (j=0; j < schema->num_prefixes; j++) {
224 if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
228 oid_len = strlen(ctr->mappings[i].oid.oid);
230 if (oid_len != (schema->prefixes[j].oid_len - 1)) {
231 return WERR_DS_DRA_SCHEMA_MISMATCH;
234 if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
235 return WERR_DS_DRA_SCHEMA_MISMATCH;
241 if (j == schema->num_prefixes) {
242 return WERR_DS_DRA_SCHEMA_MISMATCH;
250 WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out)
254 for (i=0; i < schema->num_prefixes; i++) {
259 if (strncmp(schema->prefixes[i].oid, in, schema->prefixes[i].oid_len) != 0) {
263 val_str = in + schema->prefixes[i].oid_len;
267 if (val_str[0] == '\0') {
268 return WERR_INVALID_PARAM;
271 /* two '.' chars are invalid */
272 if (val_str[0] == '.') {
273 return WERR_INVALID_PARAM;
276 val = strtoul(val_str, &end_str, 10);
277 if (end_str[0] == '.' && end_str[1] != '\0') {
279 * if it's a '.' and not the last char
280 * then maybe an other mapping apply
283 } else if (end_str[0] != '\0') {
284 return WERR_INVALID_PARAM;
285 } else if (val > 0xFFFF) {
286 return WERR_INVALID_PARAM;
289 *out = schema->prefixes[i].id | val;
293 return WERR_DS_NO_MSDS_INTID;
296 WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out)
300 for (i=0; i < schema->num_prefixes; i++) {
302 if (schema->prefixes[i].id != (in & 0xFFFF0000)) {
306 val = talloc_asprintf(mem_ctx, "%s%u",
307 schema->prefixes[i].oid,
309 W_ERROR_HAVE_NO_MEMORY(val);
315 return WERR_DS_NO_MSDS_INTID;
318 #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
319 (p)->elem = samdb_result_string(msg, attr, NULL);\
320 if (strict && (p)->elem == NULL) { \
321 d_printf("%s: %s == NULL\n", __location__, attr); \
322 return WERR_INVALID_PARAM; \
324 talloc_steal(mem_ctx, (p)->elem); \
327 #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
328 int get_string_list_counter; \
329 struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
330 if (get_string_list_el == NULL) { \
332 d_printf("%s: %s == NULL\n", __location__, attr); \
333 return WERR_INVALID_PARAM; \
339 (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
340 for (get_string_list_counter=0; \
341 get_string_list_counter < get_string_list_el->num_values; \
342 get_string_list_counter++) { \
343 (p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
344 (const char *)get_string_list_el->values[get_string_list_counter].data, \
345 get_string_list_el->values[get_string_list_counter].length); \
346 if (!(p)->elem[get_string_list_counter]) { \
347 d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
350 (p)->elem[get_string_list_counter+1] = NULL; \
352 talloc_steal(mem_ctx, (p)->elem); \
355 #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
357 str = samdb_result_string(msg, attr, NULL);\
360 d_printf("%s: %s == NULL\n", __location__, attr); \
361 return WERR_INVALID_PARAM; \
365 } else if (strcasecmp("TRUE", str) == 0) { \
367 } else if (strcasecmp("FALSE", str) == 0) { \
370 d_printf("%s: %s == %s\n", __location__, attr, str); \
371 return WERR_INVALID_PARAM; \
375 #define GET_UINT32_LDB(msg, attr, p, elem) do { \
376 (p)->elem = samdb_result_uint(msg, attr, 0);\
379 #define GET_GUID_LDB(msg, attr, p, elem) do { \
380 (p)->elem = samdb_result_guid(msg, attr);\
383 #define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
384 const struct ldb_val *_val;\
385 _val = ldb_msg_find_ldb_val(msg, attr);\
388 talloc_steal(mem_ctx, (p)->elem.data);\
390 ZERO_STRUCT((p)->elem);\
394 WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
395 struct ldb_message *msg,
397 struct dsdb_attribute *attr)
401 GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, false);
402 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
403 GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, true);
404 if (schema->num_prefixes == 0) {
405 /* set an invalid value */
406 attr->attributeID_id = 0xFFFFFFFF;
408 status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id);
409 if (!W_ERROR_IS_OK(status)) {
410 DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
411 __location__, attr->lDAPDisplayName, attr->attributeID_oid,
412 win_errstr(status)));
416 GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
417 GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
419 GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
421 GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
422 GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
423 GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
424 GET_UINT32_LDB(msg, "linkID", attr, linkID);
426 GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, true);
427 if (schema->num_prefixes == 0) {
428 /* set an invalid value */
429 attr->attributeSyntax_id = 0xFFFFFFFF;
431 status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id);
432 if (!W_ERROR_IS_OK(status)) {
433 DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
434 __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
435 win_errstr(status)));
439 GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
440 GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
442 GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
443 GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower);
444 GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper);
445 GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
447 GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
448 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
450 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
451 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
452 GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, false);
453 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, false);
454 GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false);
455 GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false);
456 GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false);
458 attr->syntax = dsdb_syntax_for_attribute(attr);
460 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
466 WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
467 struct ldb_message *msg,
469 struct dsdb_class *obj)
473 GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, false);
474 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
475 GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, true);
476 if (schema->num_prefixes == 0) {
477 /* set an invalid value */
478 obj->governsID_id = 0xFFFFFFFF;
480 status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id);
481 if (!W_ERROR_IS_OK(status)) {
482 DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
483 __location__, obj->lDAPDisplayName, obj->governsID_oid,
484 win_errstr(status)));
488 GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
490 GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
491 GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, false);
492 GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
494 GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, true);
496 obj->systemAuxiliaryClass = NULL;
498 obj->auxiliaryClass = NULL;
500 GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, false);
501 GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, false);
502 GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, false);
503 GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, false);
505 GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
506 GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, false);
507 GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
509 GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
511 GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
512 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
514 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
515 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
516 GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, false);
517 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, false);
518 GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false);
519 GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false);
520 GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false);
525 static const struct {
528 } name_mappings[] = {
530 { "name", "1.2.840.113556.1.4.1" },
531 { "lDAPDisplayName", "1.2.840.113556.1.2.460" },
532 { "attributeID", "1.2.840.113556.1.2.30" },
533 { "schemaIDGUID", "1.2.840.113556.1.4.148" },
534 { "mAPIID", "1.2.840.113556.1.2.49" },
535 { "attributeSecurityGUID", "1.2.840.113556.1.4.149" },
536 { "searchFlags", "1.2.840.113556.1.2.334" },
537 { "systemFlags", "1.2.840.113556.1.4.375" },
538 { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" },
539 { "linkID", "1.2.840.113556.1.2.50" },
540 { "attributeSyntax", "1.2.840.113556.1.2.32" },
541 { "oMSyntax", "1.2.840.113556.1.2.231" },
542 { "oMObjectClass", "1.2.840.113556.1.2.218" },
543 { "isSingleValued", "1.2.840.113556.1.2.33" },
544 { "rangeLower", "1.2.840.113556.1.2.34" },
545 { "rangeUpper", "1.2.840.113556.1.2.35" },
546 { "extendedCharsAllowed", "1.2.840.113556.1.2.380" },
547 { "schemaFlagsEx", "1.2.840.113556.1.4.120" },
548 { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" },
549 { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" },
550 { "adminDisplayName", "1.2.840.113556.1.2.194" },
551 { "adminDescription", "1.2.840.113556.1.2.226" },
552 { "classDisplayName", "1.2.840.113556.1.4.610" },
553 { "isEphemeral", "1.2.840.113556.1.4.1212" },
554 { "isDefunct", "1.2.840.113556.1.4.661" },
555 { "systemOnly", "1.2.840.113556.1.4.170" },
556 { "governsID", "1.2.840.113556.1.2.22" },
557 { "objectClassCategory", "1.2.840.113556.1.2.370" },
558 { "rDNAttID", "1.2.840.113556.1.2.26" },
559 { "defaultObjectCategory", "1.2.840.113556.1.4.783" },
560 { "subClassOf", "1.2.840.113556.1.2.21" },
561 { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" },
562 { "systemPossSuperiors", "1.2.840.113556.1.4.195" },
563 { "systemMustContain", "1.2.840.113556.1.4.197" },
564 { "systemMayContain", "1.2.840.113556.1.4.196" },
565 { "auxiliaryClass", "1.2.840.113556.1.2.351" },
566 { "possSuperiors", "1.2.840.113556.1.2.8" },
567 { "mustContain", "1.2.840.113556.1.2.24" },
568 { "mayContain", "1.2.840.113556.1.2.25" },
569 { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
570 { "defaultHidingValue", "1.2.840.113556.1.4.518" },
573 static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
574 struct drsuapi_DsReplicaObject *obj,
580 const char *oid = NULL;
582 for(i=0; i < ARRAY_SIZE(name_mappings); i++) {
583 if (strcmp(name_mappings[i].name, name) != 0) continue;
585 oid = name_mappings[i].oid;
593 status = dsdb_map_oid2int(schema, oid, &id);
594 if (!W_ERROR_IS_OK(status)) {
598 for (i=0; i < obj->attribute_ctr.num_attributes; i++) {
599 if (obj->attribute_ctr.attributes[i].attid != id) continue;
602 return &obj->attribute_ctr.attributes[i];
608 #define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
609 struct drsuapi_DsReplicaAttribute *_a; \
610 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
611 if (strict && !_a) { \
612 d_printf("%s: %s == NULL\n", __location__, attr); \
613 return WERR_INVALID_PARAM; \
615 if (strict && _a->value_ctr.num_values != 1) { \
616 d_printf("%s: %s num_values == %u\n", __location__, attr, \
617 _a->value_ctr.num_values); \
618 return WERR_INVALID_PARAM; \
620 if (_a && _a->value_ctr.num_values >= 1) { \
622 _ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, \
623 _a->value_ctr.values[0].blob->data, \
624 _a->value_ctr.values[0].blob->length, \
625 (void **)discard_const(&(p)->elem)); \
627 DEBUG(0,("%s: invalid data!\n", attr)); \
629 _a->value_ctr.values[0].blob->data, \
630 _a->value_ctr.values[0].blob->length); \
631 return WERR_FOOBAR; \
638 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
639 struct drsuapi_DsReplicaAttribute *_a; \
640 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
641 if (strict && !_a) { \
642 d_printf("%s: %s == NULL\n", __location__, attr); \
643 return WERR_INVALID_PARAM; \
645 if (strict && _a->value_ctr.num_values != 1) { \
646 d_printf("%s: %s num_values == %u\n", __location__, attr, \
647 _a->value_ctr.num_values); \
648 return WERR_INVALID_PARAM; \
650 if (strict && !_a->value_ctr.values[0].blob) { \
651 d_printf("%s: %s data == NULL\n", __location__, attr); \
652 return WERR_INVALID_PARAM; \
654 if (_a && _a->value_ctr.num_values >= 1 \
655 && _a->value_ctr.values[0].blob) { \
656 struct drsuapi_DsReplicaObjectIdentifier3 _id3; \
657 enum ndr_err_code _ndr_err; \
658 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
660 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\
661 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
662 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
663 return ntstatus_to_werror(_nt_status); \
665 (p)->elem = _id3.dn; \
671 #define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \
672 struct drsuapi_DsReplicaAttribute *_a; \
673 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
674 if (strict && !_a) { \
675 d_printf("%s: %s == NULL\n", __location__, attr); \
676 return WERR_INVALID_PARAM; \
678 if (strict && _a->value_ctr.num_values != 1) { \
679 d_printf("%s: %s num_values == %u\n", __location__, attr, \
680 (unsigned int)_a->value_ctr.num_values); \
681 return WERR_INVALID_PARAM; \
683 if (strict && !_a->value_ctr.values[0].blob) { \
684 d_printf("%s: %s data == NULL\n", __location__, attr); \
685 return WERR_INVALID_PARAM; \
687 if (strict && _a->value_ctr.values[0].blob->length != 4) { \
688 d_printf("%s: %s length == %u\n", __location__, attr, \
689 (unsigned int)_a->value_ctr.values[0].blob->length); \
690 return WERR_INVALID_PARAM; \
692 if (_a && _a->value_ctr.num_values >= 1 \
693 && _a->value_ctr.values[0].blob \
694 && _a->value_ctr.values[0].blob->length == 4) { \
695 (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?true:false);\
701 #define GET_UINT32_DS(s, r, attr, p, elem) do { \
702 struct drsuapi_DsReplicaAttribute *_a; \
703 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
704 if (_a && _a->value_ctr.num_values >= 1 \
705 && _a->value_ctr.values[0].blob \
706 && _a->value_ctr.values[0].blob->length == 4) { \
707 (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
713 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
714 struct drsuapi_DsReplicaAttribute *_a; \
715 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
716 if (_a && _a->value_ctr.num_values >= 1 \
717 && _a->value_ctr.values[0].blob \
718 && _a->value_ctr.values[0].blob->length == 16) { \
719 enum ndr_err_code _ndr_err; \
720 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
721 mem_ctx, &(p)->elem, \
722 (ndr_pull_flags_fn_t)ndr_pull_GUID); \
723 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
724 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
725 return ntstatus_to_werror(_nt_status); \
728 ZERO_STRUCT((p)->elem);\
732 #define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \
733 struct drsuapi_DsReplicaAttribute *_a; \
734 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
735 if (_a && _a->value_ctr.num_values >= 1 \
736 && _a->value_ctr.values[0].blob) { \
737 (p)->elem = *_a->value_ctr.values[0].blob;\
738 talloc_steal(mem_ctx, (p)->elem.data); \
740 ZERO_STRUCT((p)->elem);\
744 WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
745 struct drsuapi_DsReplicaObject *r,
747 struct dsdb_attribute *attr)
751 GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true);
752 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
753 GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
754 status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid);
755 if (!W_ERROR_IS_OK(status)) {
756 DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n",
757 __location__, attr->lDAPDisplayName, attr->attributeID_id,
758 win_errstr(status)));
761 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
762 GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
764 GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
766 GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
767 GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
768 GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
769 GET_UINT32_DS(schema, r, "linkID", attr, linkID);
771 GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
772 status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid);
773 if (!W_ERROR_IS_OK(status)) {
774 DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n",
775 __location__, attr->lDAPDisplayName, attr->attributeSyntax_id,
776 win_errstr(status)));
779 GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
780 GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
782 GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
783 GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower);
784 GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper);
785 GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
787 GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
788 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
790 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
791 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
792 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, false);
793 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, false);
794 GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, false);
795 GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, false);
796 GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, false);
798 attr->syntax = dsdb_syntax_for_attribute(attr);
800 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
806 WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
807 struct drsuapi_DsReplicaObject *r,
809 struct dsdb_class *obj)
813 GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true);
814 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
815 GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
816 status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid);
817 if (!W_ERROR_IS_OK(status)) {
818 DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n",
819 __location__, obj->lDAPDisplayName, obj->governsID_id,
820 win_errstr(status)));
823 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID);
825 GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
826 GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false);
827 GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
829 GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true);
831 obj->systemAuxiliaryClass = NULL;
832 obj->systemPossSuperiors = NULL;
833 obj->systemMustContain = NULL;
834 obj->systemMayContain = NULL;
836 obj->auxiliaryClass = NULL;
837 obj->possSuperiors = NULL;
838 obj->mustContain = NULL;
839 obj->mayContain = NULL;
841 obj->possibleInferiors = NULL;
843 GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
845 GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
846 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
848 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
849 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
850 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, false);
851 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, false);
852 GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, false);
853 GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, false);
854 GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, false);
859 const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_schema *schema,
862 struct dsdb_attribute *cur;
865 * 0xFFFFFFFF is used as value when no mapping table is available,
866 * so don't try to match with it
868 if (id == 0xFFFFFFFF) return NULL;
870 /* TODO: add binary search */
871 for (cur = schema->attributes; cur; cur = cur->next) {
872 if (cur->attributeID_id != id) continue;
880 const struct dsdb_attribute *dsdb_attribute_by_attributeID_oid(const struct dsdb_schema *schema,
883 struct dsdb_attribute *cur;
885 if (!oid) return NULL;
887 /* TODO: add binary search */
888 for (cur = schema->attributes; cur; cur = cur->next) {
889 if (strcmp(cur->attributeID_oid, oid) != 0) continue;
897 const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb_schema *schema,
900 struct dsdb_attribute *cur;
902 if (!name) return NULL;
904 /* TODO: add binary search */
905 for (cur = schema->attributes; cur; cur = cur->next) {
906 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
914 const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema,
917 struct dsdb_attribute *cur;
919 /* TODO: add binary search */
920 for (cur = schema->attributes; cur; cur = cur->next) {
921 if (cur->linkID != linkID) continue;
929 const struct dsdb_class *dsdb_class_by_governsID_id(const struct dsdb_schema *schema,
932 struct dsdb_class *cur;
935 * 0xFFFFFFFF is used as value when no mapping table is available,
936 * so don't try to match with it
938 if (id == 0xFFFFFFFF) return NULL;
940 /* TODO: add binary search */
941 for (cur = schema->classes; cur; cur = cur->next) {
942 if (cur->governsID_id != id) continue;
950 const struct dsdb_class *dsdb_class_by_governsID_oid(const struct dsdb_schema *schema,
953 struct dsdb_class *cur;
955 if (!oid) return NULL;
957 /* TODO: add binary search */
958 for (cur = schema->classes; cur; cur = cur->next) {
959 if (strcmp(cur->governsID_oid, oid) != 0) continue;
967 const struct dsdb_class *dsdb_class_by_lDAPDisplayName(const struct dsdb_schema *schema,
970 struct dsdb_class *cur;
972 if (!name) return NULL;
974 /* TODO: add binary search */
975 for (cur = schema->classes; cur; cur = cur->next) {
976 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
984 const struct dsdb_class *dsdb_class_by_cn(const struct dsdb_schema *schema,
987 struct dsdb_class *cur;
989 if (!cn) return NULL;
991 /* TODO: add binary search */
992 for (cur = schema->classes; cur; cur = cur->next) {
993 if (strcasecmp(cur->cn, cn) != 0) continue;
1001 const char *dsdb_lDAPDisplayName_by_id(const struct dsdb_schema *schema,
1004 const struct dsdb_attribute *a;
1005 const struct dsdb_class *c;
1007 /* TODO: add binary search */
1008 a = dsdb_attribute_by_attributeID_id(schema, id);
1010 return a->lDAPDisplayName;
1013 c = dsdb_class_by_governsID_id(schema, id);
1015 return c->lDAPDisplayName;
1021 WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret)
1023 const char **attr_list = NULL;
1024 struct dsdb_attribute *cur;
1026 for (cur = schema->attributes; cur; cur = cur->next) {
1027 if (cur->linkID == 0) continue;
1029 attr_list = talloc_realloc(mem_ctx, attr_list, const char *, i+2);
1033 attr_list[i] = cur->lDAPDisplayName;
1036 attr_list[i] = NULL;
1037 *attr_list_ret = attr_list;
1041 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
1045 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
1046 if (ret != LDB_SUCCESS) {
1050 talloc_steal(ldb, schema);
1055 static struct dsdb_schema *global_schema;
1057 int dsdb_set_global_schema(struct ldb_context *ldb)
1060 if (!global_schema) {
1063 ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
1064 if (ret != LDB_SUCCESS) {
1071 const struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb)
1074 const struct dsdb_schema *schema;
1076 /* see if we have a cached copy */
1077 p = ldb_get_opaque(ldb, "dsdb_schema");
1082 schema = talloc_get_type(p, struct dsdb_schema);
1090 void dsdb_make_schema_global(struct ldb_context *ldb)
1093 const struct dsdb_schema *schema;
1095 /* see if we have a cached copy */
1096 p = ldb_get_opaque(ldb, "dsdb_schema");
1101 schema = talloc_get_type(p, struct dsdb_schema);
1106 talloc_steal(talloc_autofree_context(), schema);
1107 global_schema = schema;
1109 dsdb_set_global_schema(ldb);
1112 WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf, const char *df)
1114 struct ldb_ldif *ldif;
1115 struct ldb_message *msg;
1116 TALLOC_CTX *mem_ctx;
1119 struct dsdb_schema *schema;
1120 const struct ldb_val *prefix_val;
1121 const struct ldb_val *info_val;
1122 struct ldb_val info_val_default;
1124 mem_ctx = talloc_new(ldb);
1129 schema = talloc_zero(mem_ctx, struct dsdb_schema);
1135 * load the prefixMap attribute from pf
1137 ldif = ldb_ldif_read_string(ldb, &pf);
1139 status = WERR_INVALID_PARAM;
1142 talloc_steal(mem_ctx, ldif);
1144 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1149 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
1151 status = WERR_INVALID_PARAM;
1155 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
1157 info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000");
1158 if (!info_val_default.data) {
1161 talloc_steal(mem_ctx, info_val_default.data);
1162 info_val = &info_val_default;
1165 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
1166 if (!W_ERROR_IS_OK(status)) {
1171 * load the attribute and class definitions outof df
1173 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
1177 talloc_steal(mem_ctx, ldif);
1179 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1184 is_sa = ldb_msg_check_string_attribute(msg, "objectClass", "attributeSchema");
1185 is_sc = ldb_msg_check_string_attribute(msg, "objectClass", "classSchema");
1188 struct dsdb_attribute *sa;
1190 sa = talloc_zero(schema, struct dsdb_attribute);
1195 status = dsdb_attribute_from_ldb(schema, msg, sa, sa);
1196 if (!W_ERROR_IS_OK(status)) {
1200 DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *);
1202 struct dsdb_class *sc;
1204 sc = talloc_zero(schema, struct dsdb_class);
1209 status = dsdb_class_from_ldb(schema, msg, sc, sc);
1210 if (!W_ERROR_IS_OK(status)) {
1214 DLIST_ADD_END(schema->classes, sc, struct dsdb_class *);
1218 ret = dsdb_set_schema(ldb, schema);
1219 if (ret != LDB_SUCCESS) {
1220 status = WERR_FOOBAR;
1227 status = WERR_NOMEM;
1230 talloc_free(mem_ctx);