2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "lib/ldb/include/ldb_errors.h"
26 #include "lib/util/dlinklist.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "librpc/gen_ndr/ndr_drsuapi.h"
29 #include "librpc/gen_ndr/ndr_drsblobs.h"
30 #include "param/param.h"
32 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
36 schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings);
37 W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
39 for (i=0, j=0; i < ctr->num_mappings; i++) {
40 if (ctr->mappings[i].oid.oid == NULL) {
41 return WERR_INVALID_PARAM;
44 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
45 if (ctr->mappings[i].id_prefix != 0) {
46 return WERR_INVALID_PARAM;
49 /* the magic value should be in the last array member */
50 if (i != (ctr->num_mappings - 1)) {
51 return WERR_INVALID_PARAM;
54 if (ctr->mappings[i].oid.__ndr_size != 21) {
55 return WERR_INVALID_PARAM;
58 schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
59 W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
61 /* the last array member should contain the magic value not a oid */
62 if (i == (ctr->num_mappings - 1)) {
63 return WERR_INVALID_PARAM;
66 schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16;
67 schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.",
68 ctr->mappings[i].oid.oid);
69 W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
70 schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
75 schema->num_prefixes = j;
79 WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
80 const struct ldb_val *prefixMap,
81 const struct ldb_val *schemaInfo)
84 enum ndr_err_code ndr_err;
85 struct prefixMapBlob pfm;
88 TALLOC_CTX *mem_ctx = talloc_new(schema);
89 W_ERROR_HAVE_NO_MEMORY(mem_ctx);
91 ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx, lp_iconv_convenience(global_loadparm), &pfm,
92 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
93 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
94 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
96 return ntstatus_to_werror(nt_status);
99 if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
100 talloc_free(mem_ctx);
104 if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) {
105 talloc_free(mem_ctx);
109 /* append the schema info as last element */
110 pfm.ctr.dsdb.num_mappings++;
111 pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings,
112 struct drsuapi_DsReplicaOIDMapping,
113 pfm.ctr.dsdb.num_mappings);
114 W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
116 schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
117 W_ERROR_HAVE_NO_MEMORY(schema_info);
119 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0;
120 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length;
121 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info;
123 /* call the drsuapi version */
124 status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
125 talloc_free(mem_ctx);
127 W_ERROR_NOT_OK_RETURN(status);
132 WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
133 bool include_schema_info,
135 struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
137 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
140 ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
141 W_ERROR_HAVE_NO_MEMORY(ctr);
143 ctr->num_mappings = schema->num_prefixes;
144 if (include_schema_info) ctr->num_mappings++;
145 ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
146 W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
148 for (i=0; i < schema->num_prefixes; i++) {
149 ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16;
150 ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings,
151 schema->prefixes[i].oid,
152 schema->prefixes[i].oid_len - 1);
153 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
156 if (include_schema_info) {
157 ctr->mappings[i].id_prefix = 0;
158 ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings,
159 schema->schema_info);
160 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
167 WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
169 struct ldb_val *prefixMap,
170 struct ldb_val *schemaInfo)
173 enum ndr_err_code ndr_err;
174 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
175 struct prefixMapBlob pfm;
177 status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
178 W_ERROR_NOT_OK_RETURN(status);
180 pfm.version = PREFIX_MAP_VERSION_DSDB;
184 ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, lp_iconv_convenience(global_loadparm), &pfm,
185 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
187 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
188 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
189 return ntstatus_to_werror(nt_status);
192 *schemaInfo = strhex_to_data_blob(schema->schema_info);
193 W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
194 talloc_steal(mem_ctx, schemaInfo->data);
199 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
203 for (i=0; i < ctr->num_mappings; i++) {
204 if (ctr->mappings[i].oid.oid == NULL) {
205 return WERR_INVALID_PARAM;
208 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
209 if (ctr->mappings[i].id_prefix != 0) {
210 return WERR_INVALID_PARAM;
213 /* the magic value should be in the last array member */
214 if (i != (ctr->num_mappings - 1)) {
215 return WERR_INVALID_PARAM;
218 if (ctr->mappings[i].oid.__ndr_size != 21) {
219 return WERR_INVALID_PARAM;
222 if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
223 return WERR_DS_DRA_SCHEMA_MISMATCH;
226 /* the last array member should contain the magic value not a oid */
227 if (i == (ctr->num_mappings - 1)) {
228 return WERR_INVALID_PARAM;
231 for (j=0; j < schema->num_prefixes; j++) {
233 if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
237 oid_len = strlen(ctr->mappings[i].oid.oid);
239 if (oid_len != (schema->prefixes[j].oid_len - 1)) {
240 return WERR_DS_DRA_SCHEMA_MISMATCH;
243 if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
244 return WERR_DS_DRA_SCHEMA_MISMATCH;
250 if (j == schema->num_prefixes) {
251 return WERR_DS_DRA_SCHEMA_MISMATCH;
259 WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out)
263 for (i=0; i < schema->num_prefixes; i++) {
268 if (strncmp(schema->prefixes[i].oid, in, schema->prefixes[i].oid_len) != 0) {
272 val_str = in + schema->prefixes[i].oid_len;
276 if (val_str[0] == '\0') {
277 return WERR_INVALID_PARAM;
280 /* two '.' chars are invalid */
281 if (val_str[0] == '.') {
282 return WERR_INVALID_PARAM;
285 val = strtoul(val_str, &end_str, 10);
286 if (end_str[0] == '.' && end_str[1] != '\0') {
288 * if it's a '.' and not the last char
289 * then maybe an other mapping apply
292 } else if (end_str[0] != '\0') {
293 return WERR_INVALID_PARAM;
294 } else if (val > 0xFFFF) {
295 return WERR_INVALID_PARAM;
298 *out = schema->prefixes[i].id | val;
302 return WERR_DS_NO_MSDS_INTID;
305 WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out)
309 for (i=0; i < schema->num_prefixes; i++) {
311 if (schema->prefixes[i].id != (in & 0xFFFF0000)) {
315 val = talloc_asprintf(mem_ctx, "%s%u",
316 schema->prefixes[i].oid,
318 W_ERROR_HAVE_NO_MEMORY(val);
324 return WERR_DS_NO_MSDS_INTID;
327 #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
328 (p)->elem = samdb_result_string(msg, attr, NULL);\
329 if (strict && (p)->elem == NULL) { \
330 d_printf("%s: %s == NULL\n", __location__, attr); \
331 return WERR_INVALID_PARAM; \
333 talloc_steal(mem_ctx, (p)->elem); \
336 #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
337 int get_string_list_counter; \
338 struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
339 if (get_string_list_el == NULL) { \
341 d_printf("%s: %s == NULL\n", __location__, attr); \
342 return WERR_INVALID_PARAM; \
348 (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
349 for (get_string_list_counter=0; \
350 get_string_list_counter < get_string_list_el->num_values; \
351 get_string_list_counter++) { \
352 (p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
353 (const char *)get_string_list_el->values[get_string_list_counter].data, \
354 get_string_list_el->values[get_string_list_counter].length); \
355 if (!(p)->elem[get_string_list_counter]) { \
356 d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
359 (p)->elem[get_string_list_counter+1] = NULL; \
361 talloc_steal(mem_ctx, (p)->elem); \
364 #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
366 str = samdb_result_string(msg, attr, NULL);\
369 d_printf("%s: %s == NULL\n", __location__, attr); \
370 return WERR_INVALID_PARAM; \
374 } else if (strcasecmp("TRUE", str) == 0) { \
376 } else if (strcasecmp("FALSE", str) == 0) { \
379 d_printf("%s: %s == %s\n", __location__, attr, str); \
380 return WERR_INVALID_PARAM; \
384 #define GET_UINT32_LDB(msg, attr, p, elem) do { \
385 (p)->elem = samdb_result_uint(msg, attr, 0);\
388 #define GET_GUID_LDB(msg, attr, p, elem) do { \
389 (p)->elem = samdb_result_guid(msg, attr);\
392 #define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
393 const struct ldb_val *_val;\
394 _val = ldb_msg_find_ldb_val(msg, attr);\
397 talloc_steal(mem_ctx, (p)->elem.data);\
399 ZERO_STRUCT((p)->elem);\
403 WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
404 struct ldb_message *msg,
406 struct dsdb_attribute *attr)
410 GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, false);
411 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
412 GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, true);
413 if (schema->num_prefixes == 0) {
414 /* set an invalid value */
415 attr->attributeID_id = 0xFFFFFFFF;
417 status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id);
418 if (!W_ERROR_IS_OK(status)) {
419 DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
420 __location__, attr->lDAPDisplayName, attr->attributeID_oid,
421 win_errstr(status)));
425 GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
426 GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
428 GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
430 GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
431 GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
432 GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
433 GET_UINT32_LDB(msg, "linkID", attr, linkID);
435 GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, true);
436 if (schema->num_prefixes == 0) {
437 /* set an invalid value */
438 attr->attributeSyntax_id = 0xFFFFFFFF;
440 status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id);
441 if (!W_ERROR_IS_OK(status)) {
442 DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
443 __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
444 win_errstr(status)));
448 GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
449 GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
451 GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
452 GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower);
453 GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper);
454 GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
456 GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
457 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
459 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
460 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
461 GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, false);
462 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, false);
463 GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false);
464 GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false);
465 GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false);
467 attr->syntax = dsdb_syntax_for_attribute(attr);
469 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
475 WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
476 struct ldb_message *msg,
478 struct dsdb_class *obj)
482 GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, false);
483 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
484 GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, true);
485 if (schema->num_prefixes == 0) {
486 /* set an invalid value */
487 obj->governsID_id = 0xFFFFFFFF;
489 status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id);
490 if (!W_ERROR_IS_OK(status)) {
491 DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
492 __location__, obj->lDAPDisplayName, obj->governsID_oid,
493 win_errstr(status)));
497 GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
499 GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
500 GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, false);
501 GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
503 GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, true);
505 obj->systemAuxiliaryClass = NULL;
507 obj->auxiliaryClass = NULL;
509 GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, false);
510 GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, false);
511 GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, false);
512 GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, false);
514 GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
515 GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, false);
516 GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
518 GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
520 GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
521 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
523 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
524 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
525 GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, false);
526 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, false);
527 GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false);
528 GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false);
529 GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false);
534 static const struct {
537 } name_mappings[] = {
539 { "name", "1.2.840.113556.1.4.1" },
540 { "lDAPDisplayName", "1.2.840.113556.1.2.460" },
541 { "attributeID", "1.2.840.113556.1.2.30" },
542 { "schemaIDGUID", "1.2.840.113556.1.4.148" },
543 { "mAPIID", "1.2.840.113556.1.2.49" },
544 { "attributeSecurityGUID", "1.2.840.113556.1.4.149" },
545 { "searchFlags", "1.2.840.113556.1.2.334" },
546 { "systemFlags", "1.2.840.113556.1.4.375" },
547 { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" },
548 { "linkID", "1.2.840.113556.1.2.50" },
549 { "attributeSyntax", "1.2.840.113556.1.2.32" },
550 { "oMSyntax", "1.2.840.113556.1.2.231" },
551 { "oMObjectClass", "1.2.840.113556.1.2.218" },
552 { "isSingleValued", "1.2.840.113556.1.2.33" },
553 { "rangeLower", "1.2.840.113556.1.2.34" },
554 { "rangeUpper", "1.2.840.113556.1.2.35" },
555 { "extendedCharsAllowed", "1.2.840.113556.1.2.380" },
556 { "schemaFlagsEx", "1.2.840.113556.1.4.120" },
557 { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" },
558 { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" },
559 { "adminDisplayName", "1.2.840.113556.1.2.194" },
560 { "adminDescription", "1.2.840.113556.1.2.226" },
561 { "classDisplayName", "1.2.840.113556.1.4.610" },
562 { "isEphemeral", "1.2.840.113556.1.4.1212" },
563 { "isDefunct", "1.2.840.113556.1.4.661" },
564 { "systemOnly", "1.2.840.113556.1.4.170" },
565 { "governsID", "1.2.840.113556.1.2.22" },
566 { "objectClassCategory", "1.2.840.113556.1.2.370" },
567 { "rDNAttID", "1.2.840.113556.1.2.26" },
568 { "defaultObjectCategory", "1.2.840.113556.1.4.783" },
569 { "subClassOf", "1.2.840.113556.1.2.21" },
570 { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" },
571 { "systemPossSuperiors", "1.2.840.113556.1.4.195" },
572 { "systemMustContain", "1.2.840.113556.1.4.197" },
573 { "systemMayContain", "1.2.840.113556.1.4.196" },
574 { "auxiliaryClass", "1.2.840.113556.1.2.351" },
575 { "possSuperiors", "1.2.840.113556.1.2.8" },
576 { "mustContain", "1.2.840.113556.1.2.24" },
577 { "mayContain", "1.2.840.113556.1.2.25" },
578 { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
579 { "defaultHidingValue", "1.2.840.113556.1.4.518" },
582 static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
583 struct drsuapi_DsReplicaObject *obj,
589 const char *oid = NULL;
591 for(i=0; i < ARRAY_SIZE(name_mappings); i++) {
592 if (strcmp(name_mappings[i].name, name) != 0) continue;
594 oid = name_mappings[i].oid;
602 status = dsdb_map_oid2int(schema, oid, &id);
603 if (!W_ERROR_IS_OK(status)) {
607 for (i=0; i < obj->attribute_ctr.num_attributes; i++) {
608 if (obj->attribute_ctr.attributes[i].attid != id) continue;
611 return &obj->attribute_ctr.attributes[i];
617 #define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
618 struct drsuapi_DsReplicaAttribute *_a; \
619 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
620 if (strict && !_a) { \
621 d_printf("%s: %s == NULL\n", __location__, attr); \
622 return WERR_INVALID_PARAM; \
624 if (strict && _a->value_ctr.num_values != 1) { \
625 d_printf("%s: %s num_values == %u\n", __location__, attr, \
626 _a->value_ctr.num_values); \
627 return WERR_INVALID_PARAM; \
629 if (_a && _a->value_ctr.num_values >= 1) { \
631 _ret = convert_string_talloc(mem_ctx, lp_iconv_convenience(global_loadparm), CH_UTF16, CH_UNIX, \
632 _a->value_ctr.values[0].blob->data, \
633 _a->value_ctr.values[0].blob->length, \
634 (void **)discard_const(&(p)->elem)); \
636 DEBUG(0,("%s: invalid data!\n", attr)); \
638 _a->value_ctr.values[0].blob->data, \
639 _a->value_ctr.values[0].blob->length); \
640 return WERR_FOOBAR; \
647 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
648 struct drsuapi_DsReplicaAttribute *_a; \
649 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
650 if (strict && !_a) { \
651 d_printf("%s: %s == NULL\n", __location__, attr); \
652 return WERR_INVALID_PARAM; \
654 if (strict && _a->value_ctr.num_values != 1) { \
655 d_printf("%s: %s num_values == %u\n", __location__, attr, \
656 _a->value_ctr.num_values); \
657 return WERR_INVALID_PARAM; \
659 if (strict && !_a->value_ctr.values[0].blob) { \
660 d_printf("%s: %s data == NULL\n", __location__, attr); \
661 return WERR_INVALID_PARAM; \
663 if (_a && _a->value_ctr.num_values >= 1 \
664 && _a->value_ctr.values[0].blob) { \
665 struct drsuapi_DsReplicaObjectIdentifier3 _id3; \
666 enum ndr_err_code _ndr_err; \
667 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
668 mem_ctx, lp_iconv_convenience(global_loadparm), &_id3,\
669 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\
670 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
671 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
672 return ntstatus_to_werror(_nt_status); \
674 (p)->elem = _id3.dn; \
680 #define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \
681 struct drsuapi_DsReplicaAttribute *_a; \
682 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
683 if (strict && !_a) { \
684 d_printf("%s: %s == NULL\n", __location__, attr); \
685 return WERR_INVALID_PARAM; \
687 if (strict && _a->value_ctr.num_values != 1) { \
688 d_printf("%s: %s num_values == %u\n", __location__, attr, \
689 (unsigned int)_a->value_ctr.num_values); \
690 return WERR_INVALID_PARAM; \
692 if (strict && !_a->value_ctr.values[0].blob) { \
693 d_printf("%s: %s data == NULL\n", __location__, attr); \
694 return WERR_INVALID_PARAM; \
696 if (strict && _a->value_ctr.values[0].blob->length != 4) { \
697 d_printf("%s: %s length == %u\n", __location__, attr, \
698 (unsigned int)_a->value_ctr.values[0].blob->length); \
699 return WERR_INVALID_PARAM; \
701 if (_a && _a->value_ctr.num_values >= 1 \
702 && _a->value_ctr.values[0].blob \
703 && _a->value_ctr.values[0].blob->length == 4) { \
704 (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?true:false);\
710 #define GET_UINT32_DS(s, r, attr, p, elem) do { \
711 struct drsuapi_DsReplicaAttribute *_a; \
712 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
713 if (_a && _a->value_ctr.num_values >= 1 \
714 && _a->value_ctr.values[0].blob \
715 && _a->value_ctr.values[0].blob->length == 4) { \
716 (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
722 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
723 struct drsuapi_DsReplicaAttribute *_a; \
724 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
725 if (_a && _a->value_ctr.num_values >= 1 \
726 && _a->value_ctr.values[0].blob \
727 && _a->value_ctr.values[0].blob->length == 16) { \
728 enum ndr_err_code _ndr_err; \
729 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
730 mem_ctx, lp_iconv_convenience(global_loadparm), &(p)->elem, \
731 (ndr_pull_flags_fn_t)ndr_pull_GUID); \
732 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
733 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
734 return ntstatus_to_werror(_nt_status); \
737 ZERO_STRUCT((p)->elem);\
741 #define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \
742 struct drsuapi_DsReplicaAttribute *_a; \
743 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
744 if (_a && _a->value_ctr.num_values >= 1 \
745 && _a->value_ctr.values[0].blob) { \
746 (p)->elem = *_a->value_ctr.values[0].blob;\
747 talloc_steal(mem_ctx, (p)->elem.data); \
749 ZERO_STRUCT((p)->elem);\
753 WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
754 struct drsuapi_DsReplicaObject *r,
756 struct dsdb_attribute *attr)
760 GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true);
761 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
762 GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
763 status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid);
764 if (!W_ERROR_IS_OK(status)) {
765 DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n",
766 __location__, attr->lDAPDisplayName, attr->attributeID_id,
767 win_errstr(status)));
770 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
771 GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
773 GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
775 GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
776 GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
777 GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
778 GET_UINT32_DS(schema, r, "linkID", attr, linkID);
780 GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
781 status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid);
782 if (!W_ERROR_IS_OK(status)) {
783 DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n",
784 __location__, attr->lDAPDisplayName, attr->attributeSyntax_id,
785 win_errstr(status)));
788 GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
789 GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
791 GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
792 GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower);
793 GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper);
794 GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
796 GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
797 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
799 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
800 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
801 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, false);
802 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, false);
803 GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, false);
804 GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, false);
805 GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, false);
807 attr->syntax = dsdb_syntax_for_attribute(attr);
809 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
815 WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
816 struct drsuapi_DsReplicaObject *r,
818 struct dsdb_class *obj)
822 GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true);
823 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
824 GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
825 status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid);
826 if (!W_ERROR_IS_OK(status)) {
827 DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n",
828 __location__, obj->lDAPDisplayName, obj->governsID_id,
829 win_errstr(status)));
832 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID);
834 GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
835 GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false);
836 GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
838 GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true);
840 obj->systemAuxiliaryClass = NULL;
841 obj->systemPossSuperiors = NULL;
842 obj->systemMustContain = NULL;
843 obj->systemMayContain = NULL;
845 obj->auxiliaryClass = NULL;
846 obj->possSuperiors = NULL;
847 obj->mustContain = NULL;
848 obj->mayContain = NULL;
850 obj->possibleInferiors = NULL;
852 GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
854 GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
855 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
857 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
858 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
859 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, false);
860 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, false);
861 GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, false);
862 GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, false);
863 GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, false);
868 const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_schema *schema,
871 struct dsdb_attribute *cur;
874 * 0xFFFFFFFF is used as value when no mapping table is available,
875 * so don't try to match with it
877 if (id == 0xFFFFFFFF) return NULL;
879 /* TODO: add binary search */
880 for (cur = schema->attributes; cur; cur = cur->next) {
881 if (cur->attributeID_id != id) continue;
889 const struct dsdb_attribute *dsdb_attribute_by_attributeID_oid(const struct dsdb_schema *schema,
892 struct dsdb_attribute *cur;
894 if (!oid) return NULL;
896 /* TODO: add binary search */
897 for (cur = schema->attributes; cur; cur = cur->next) {
898 if (strcmp(cur->attributeID_oid, oid) != 0) continue;
906 const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb_schema *schema,
909 struct dsdb_attribute *cur;
911 if (!name) return NULL;
913 /* TODO: add binary search */
914 for (cur = schema->attributes; cur; cur = cur->next) {
915 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
923 const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema,
926 struct dsdb_attribute *cur;
928 /* TODO: add binary search */
929 for (cur = schema->attributes; cur; cur = cur->next) {
930 if (cur->linkID != linkID) continue;
938 const struct dsdb_class *dsdb_class_by_governsID_id(const struct dsdb_schema *schema,
941 struct dsdb_class *cur;
944 * 0xFFFFFFFF is used as value when no mapping table is available,
945 * so don't try to match with it
947 if (id == 0xFFFFFFFF) return NULL;
949 /* TODO: add binary search */
950 for (cur = schema->classes; cur; cur = cur->next) {
951 if (cur->governsID_id != id) continue;
959 const struct dsdb_class *dsdb_class_by_governsID_oid(const struct dsdb_schema *schema,
962 struct dsdb_class *cur;
964 if (!oid) return NULL;
966 /* TODO: add binary search */
967 for (cur = schema->classes; cur; cur = cur->next) {
968 if (strcmp(cur->governsID_oid, oid) != 0) continue;
976 const struct dsdb_class *dsdb_class_by_lDAPDisplayName(const struct dsdb_schema *schema,
979 struct dsdb_class *cur;
981 if (!name) return NULL;
983 /* TODO: add binary search */
984 for (cur = schema->classes; cur; cur = cur->next) {
985 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
993 const struct dsdb_class *dsdb_class_by_cn(const struct dsdb_schema *schema,
996 struct dsdb_class *cur;
998 if (!cn) return NULL;
1000 /* TODO: add binary search */
1001 for (cur = schema->classes; cur; cur = cur->next) {
1002 if (strcasecmp(cur->cn, cn) != 0) continue;
1010 const char *dsdb_lDAPDisplayName_by_id(const struct dsdb_schema *schema,
1013 const struct dsdb_attribute *a;
1014 const struct dsdb_class *c;
1016 /* TODO: add binary search */
1017 a = dsdb_attribute_by_attributeID_id(schema, id);
1019 return a->lDAPDisplayName;
1022 c = dsdb_class_by_governsID_id(schema, id);
1024 return c->lDAPDisplayName;
1030 WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret)
1032 const char **attr_list = NULL;
1033 struct dsdb_attribute *cur;
1035 for (cur = schema->attributes; cur; cur = cur->next) {
1036 if (cur->linkID == 0) continue;
1038 attr_list = talloc_realloc(mem_ctx, attr_list, const char *, i+2);
1042 attr_list[i] = cur->lDAPDisplayName;
1045 attr_list[i] = NULL;
1046 *attr_list_ret = attr_list;
1051 * Attach the schema to an opaque pointer on the ldb, so ldb modules
1055 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
1059 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
1060 if (ret != LDB_SUCCESS) {
1064 talloc_steal(ldb, schema);
1070 * Global variable to hold one copy of the schema, used to avoid memory bloat
1072 static struct dsdb_schema *global_schema;
1075 * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
1077 int dsdb_set_global_schema(struct ldb_context *ldb)
1080 if (!global_schema) {
1083 ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
1084 if (ret != LDB_SUCCESS) {
1092 * Find the schema object for this ldb
1095 struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb)
1098 struct dsdb_schema *schema;
1100 /* see if we have a cached copy */
1101 p = ldb_get_opaque(ldb, "dsdb_schema");
1106 schema = talloc_get_type(p, struct dsdb_schema);
1115 * Make the schema found on this ldb the 'global' schema
1118 void dsdb_make_schema_global(struct ldb_context *ldb)
1120 struct dsdb_schema *schema = dsdb_get_schema(ldb);
1125 talloc_steal(talloc_autofree_context(), schema);
1126 global_schema = schema;
1128 dsdb_set_global_schema(ldb);
1133 * Rather than read a schema from the LDB itself, read it from an ldif
1134 * file. This allows schema to be loaded and used while adding the
1135 * schema itself to the directory.
1138 WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf, const char *df)
1140 struct ldb_ldif *ldif;
1141 struct ldb_message *msg;
1142 TALLOC_CTX *mem_ctx;
1145 struct dsdb_schema *schema;
1146 const struct ldb_val *prefix_val;
1147 const struct ldb_val *info_val;
1148 struct ldb_val info_val_default;
1150 mem_ctx = talloc_new(ldb);
1155 schema = talloc_zero(mem_ctx, struct dsdb_schema);
1161 * load the prefixMap attribute from pf
1163 ldif = ldb_ldif_read_string(ldb, &pf);
1165 status = WERR_INVALID_PARAM;
1168 talloc_steal(mem_ctx, ldif);
1170 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1174 talloc_steal(mem_ctx, msg);
1177 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
1179 status = WERR_INVALID_PARAM;
1183 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
1185 info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000");
1186 if (!info_val_default.data) {
1189 talloc_steal(mem_ctx, info_val_default.data);
1190 info_val = &info_val_default;
1193 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
1194 if (!W_ERROR_IS_OK(status)) {
1199 * load the attribute and class definitions outof df
1201 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
1205 talloc_steal(mem_ctx, ldif);
1207 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1212 talloc_steal(mem_ctx, msg);
1215 is_sa = ldb_msg_check_string_attribute(msg, "objectClass", "attributeSchema");
1216 is_sc = ldb_msg_check_string_attribute(msg, "objectClass", "classSchema");
1219 struct dsdb_attribute *sa;
1221 sa = talloc_zero(schema, struct dsdb_attribute);
1226 status = dsdb_attribute_from_ldb(schema, msg, sa, sa);
1227 if (!W_ERROR_IS_OK(status)) {
1231 DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *);
1233 struct dsdb_class *sc;
1235 sc = talloc_zero(schema, struct dsdb_class);
1240 status = dsdb_class_from_ldb(schema, msg, sc, sc);
1241 if (!W_ERROR_IS_OK(status)) {
1245 DLIST_ADD_END(schema->classes, sc, struct dsdb_class *);
1249 ret = dsdb_set_schema(ldb, schema);
1250 if (ret != LDB_SUCCESS) {
1251 status = WERR_FOOBAR;
1258 status = WERR_NOMEM;
1261 talloc_free(mem_ctx);