2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "dsdb/samdb/samdb.h"
25 #include "lib/ldb/include/ldb_errors.h"
26 #include "lib/util/dlinklist.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "librpc/gen_ndr/ndr_drsuapi.h"
29 #include "librpc/gen_ndr/ndr_drsblobs.h"
31 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
35 schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings);
36 W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
38 for (i=0, j=0; i < ctr->num_mappings; i++) {
39 if (ctr->mappings[i].oid.oid == NULL) {
40 return WERR_INVALID_PARAM;
43 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
44 if (ctr->mappings[i].id_prefix != 0) {
45 return WERR_INVALID_PARAM;
48 /* the magic value should be in the last array member */
49 if (i != (ctr->num_mappings - 1)) {
50 return WERR_INVALID_PARAM;
53 if (ctr->mappings[i].oid.__ndr_size != 21) {
54 return WERR_INVALID_PARAM;
57 schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
58 W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
60 /* the last array member should contain the magic value not a oid */
61 if (i == (ctr->num_mappings - 1)) {
62 return WERR_INVALID_PARAM;
65 schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16;
66 schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.",
67 ctr->mappings[i].oid.oid);
68 W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
69 schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
74 schema->num_prefixes = j;
78 WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
79 const struct ldb_val *prefixMap,
80 const struct ldb_val *schemaInfo)
84 struct prefixMapBlob pfm;
87 nt_status = ndr_pull_struct_blob(prefixMap, schema, &pfm,
88 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
89 if (!NT_STATUS_IS_OK(nt_status)) {
90 return ntstatus_to_werror(nt_status);
93 if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
97 if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) {
101 /* append the schema info as last element */
102 pfm.ctr.dsdb.num_mappings++;
103 pfm.ctr.dsdb.mappings = talloc_realloc(schema, pfm.ctr.dsdb.mappings,
104 struct drsuapi_DsReplicaOIDMapping,
105 pfm.ctr.dsdb.num_mappings);
106 W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
108 schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
109 W_ERROR_HAVE_NO_MEMORY(schema_info);
111 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0;
112 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length;
113 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info;
115 /* call the drsuapi version */
116 status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
117 talloc_free(pfm.ctr.dsdb.mappings);
118 W_ERROR_NOT_OK_RETURN(status);
123 WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
124 bool include_schema_info,
126 struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
128 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
131 ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
132 W_ERROR_HAVE_NO_MEMORY(ctr);
134 ctr->num_mappings = schema->num_prefixes;
135 if (include_schema_info) ctr->num_mappings++;
136 ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
137 W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
139 for (i=0; i < schema->num_prefixes; i++) {
140 ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16;
141 ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings,
142 schema->prefixes[i].oid,
143 schema->prefixes[i].oid_len - 1);
144 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
147 if (include_schema_info) {
148 ctr->mappings[i].id_prefix = 0;
149 ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings,
150 schema->schema_info);
151 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
158 WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
160 struct ldb_val *prefixMap,
161 struct ldb_val *schemaInfo)
165 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
166 struct prefixMapBlob pfm;
168 status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
169 W_ERROR_NOT_OK_RETURN(status);
171 pfm.version = PREFIX_MAP_VERSION_DSDB;
175 nt_status = ndr_push_struct_blob(prefixMap, mem_ctx, &pfm,
176 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
178 if (!NT_STATUS_IS_OK(nt_status)) {
179 return ntstatus_to_werror(nt_status);
182 *schemaInfo = strhex_to_data_blob(schema->schema_info);
183 W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
184 talloc_steal(mem_ctx, schemaInfo->data);
189 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
193 for (i=0; i < ctr->num_mappings; i++) {
194 if (ctr->mappings[i].oid.oid == NULL) {
195 return WERR_INVALID_PARAM;
198 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
199 if (ctr->mappings[i].id_prefix != 0) {
200 return WERR_INVALID_PARAM;
203 /* the magic value should be in the last array member */
204 if (i != (ctr->num_mappings - 1)) {
205 return WERR_INVALID_PARAM;
208 if (ctr->mappings[i].oid.__ndr_size != 21) {
209 return WERR_INVALID_PARAM;
212 if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
213 return WERR_DS_DRA_SCHEMA_MISMATCH;
216 /* the last array member should contain the magic value not a oid */
217 if (i == (ctr->num_mappings - 1)) {
218 return WERR_INVALID_PARAM;
221 for (j=0; j < schema->num_prefixes; j++) {
223 if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
227 oid_len = strlen(ctr->mappings[i].oid.oid);
229 if (oid_len != (schema->prefixes[j].oid_len - 1)) {
230 return WERR_DS_DRA_SCHEMA_MISMATCH;
233 if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
234 return WERR_DS_DRA_SCHEMA_MISMATCH;
240 if (j == schema->num_prefixes) {
241 return WERR_DS_DRA_SCHEMA_MISMATCH;
249 WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out)
253 for (i=0; i < schema->num_prefixes; i++) {
258 if (strncmp(schema->prefixes[i].oid, in, schema->prefixes[i].oid_len) != 0) {
262 val_str = in + schema->prefixes[i].oid_len;
266 if (val_str[0] == '\0') {
267 return WERR_INVALID_PARAM;
270 /* two '.' chars are invalid */
271 if (val_str[0] == '.') {
272 return WERR_INVALID_PARAM;
275 val = strtoul(val_str, &end_str, 10);
276 if (end_str[0] == '.' && end_str[1] != '\0') {
278 * if it's a '.' and not the last char
279 * then maybe an other mapping apply
282 } else if (end_str[0] != '\0') {
283 return WERR_INVALID_PARAM;
284 } else if (val > 0xFFFF) {
285 return WERR_INVALID_PARAM;
288 *out = schema->prefixes[i].id | val;
292 return WERR_DS_NO_MSDS_INTID;
295 WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out)
299 for (i=0; i < schema->num_prefixes; i++) {
301 if (schema->prefixes[i].id != (in & 0xFFFF0000)) {
305 val = talloc_asprintf(mem_ctx, "%s%u",
306 schema->prefixes[i].oid,
308 W_ERROR_HAVE_NO_MEMORY(val);
314 return WERR_DS_NO_MSDS_INTID;
317 #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
318 (p)->elem = samdb_result_string(msg, attr, NULL);\
319 if (strict && (p)->elem == NULL) { \
320 d_printf("%s: %s == NULL\n", __location__, attr); \
321 return WERR_INVALID_PARAM; \
323 talloc_steal(mem_ctx, (p)->elem); \
326 #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
327 int get_string_list_counter; \
328 struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
329 if (get_string_list_el == NULL) { \
331 d_printf("%s: %s == NULL\n", __location__, attr); \
332 return WERR_INVALID_PARAM; \
338 (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
339 for (get_string_list_counter=0; \
340 get_string_list_counter < get_string_list_el->num_values; \
341 get_string_list_counter++) { \
342 (p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
343 (const char *)get_string_list_el->values[get_string_list_counter].data, \
344 get_string_list_el->values[get_string_list_counter].length); \
345 if (!(p)->elem[get_string_list_counter]) { \
346 d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
349 (p)->elem[get_string_list_counter+1] = NULL; \
351 talloc_steal(mem_ctx, (p)->elem); \
354 #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
356 str = samdb_result_string(msg, attr, NULL);\
359 d_printf("%s: %s == NULL\n", __location__, attr); \
360 return WERR_INVALID_PARAM; \
364 } else if (strcasecmp("TRUE", str) == 0) { \
366 } else if (strcasecmp("FALSE", str) == 0) { \
369 d_printf("%s: %s == %s\n", __location__, attr, str); \
370 return WERR_INVALID_PARAM; \
374 #define GET_UINT32_LDB(msg, attr, p, elem) do { \
375 (p)->elem = samdb_result_uint(msg, attr, 0);\
378 #define GET_GUID_LDB(msg, attr, p, elem) do { \
379 (p)->elem = samdb_result_guid(msg, attr);\
382 #define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
383 const struct ldb_val *_val;\
384 _val = ldb_msg_find_ldb_val(msg, attr);\
387 talloc_steal(mem_ctx, (p)->elem.data);\
389 ZERO_STRUCT((p)->elem);\
393 WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
394 struct ldb_message *msg,
396 struct dsdb_attribute *attr)
400 GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, False);
401 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, True);
402 GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, True);
403 if (schema->num_prefixes == 0) {
404 /* set an invalid value */
405 attr->attributeID_id = 0xFFFFFFFF;
407 status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id);
408 if (!W_ERROR_IS_OK(status)) {
409 DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
410 __location__, attr->lDAPDisplayName, attr->attributeID_oid,
411 win_errstr(status)));
415 GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
416 GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
418 GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
420 GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
421 GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
422 GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, False);
423 GET_UINT32_LDB(msg, "linkID", attr, linkID);
425 GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, True);
426 if (schema->num_prefixes == 0) {
427 /* set an invalid value */
428 attr->attributeSyntax_id = 0xFFFFFFFF;
430 status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id);
431 if (!W_ERROR_IS_OK(status)) {
432 DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
433 __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
434 win_errstr(status)));
438 GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
439 GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
441 GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, True);
442 GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower);
443 GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper);
444 GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, False);
446 GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
447 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
449 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, False);
450 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, False);
451 GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, False);
452 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, False);
453 GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, False);
454 GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, False);
455 GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, False);
457 attr->syntax = dsdb_syntax_for_attribute(attr);
459 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
465 WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
466 struct ldb_message *msg,
468 struct dsdb_class *obj)
472 GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, False);
473 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, True);
474 GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, True);
475 if (schema->num_prefixes == 0) {
476 /* set an invalid value */
477 obj->governsID_id = 0xFFFFFFFF;
479 status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id);
480 if (!W_ERROR_IS_OK(status)) {
481 DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
482 __location__, obj->lDAPDisplayName, obj->governsID_oid,
483 win_errstr(status)));
487 GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
489 GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
490 GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, False);
491 GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, True);
493 GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, True);
495 obj->systemAuxiliaryClass = NULL;
496 obj->systemPossSuperiors = NULL;
498 obj->auxiliaryClass = NULL;
499 obj->possSuperiors = NULL;
501 GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, False);
502 GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, False);
503 GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, False);
504 GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, False);
506 GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, False);
508 GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
509 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
511 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, False);
512 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, False);
513 GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, False);
514 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, False);
515 GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, False);
516 GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, False);
517 GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, False);
522 static const struct {
525 } name_mappings[] = {
527 { "name", "1.2.840.113556.1.4.1" },
528 { "lDAPDisplayName", "1.2.840.113556.1.2.460" },
529 { "attributeID", "1.2.840.113556.1.2.30" },
530 { "schemaIDGUID", "1.2.840.113556.1.4.148" },
531 { "mAPIID", "1.2.840.113556.1.2.49" },
532 { "attributeSecurityGUID", "1.2.840.113556.1.4.149" },
533 { "searchFlags", "1.2.840.113556.1.2.334" },
534 { "systemFlags", "1.2.840.113556.1.4.375" },
535 { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" },
536 { "linkID", "1.2.840.113556.1.2.50" },
537 { "attributeSyntax", "1.2.840.113556.1.2.32" },
538 { "oMSyntax", "1.2.840.113556.1.2.231" },
539 { "oMObjectClass", "1.2.840.113556.1.2.218" },
540 { "isSingleValued", "1.2.840.113556.1.2.33" },
541 { "rangeLower", "1.2.840.113556.1.2.34" },
542 { "rangeUpper", "1.2.840.113556.1.2.35" },
543 { "extendedCharsAllowed", "1.2.840.113556.1.2.380" },
544 { "schemaFlagsEx", "1.2.840.113556.1.4.120" },
545 { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" },
546 { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" },
547 { "adminDisplayName", "1.2.840.113556.1.2.194" },
548 { "adminDescription", "1.2.840.113556.1.2.226" },
549 { "classDisplayName", "1.2.840.113556.1.4.610" },
550 { "isEphemeral", "1.2.840.113556.1.4.1212" },
551 { "isDefunct", "1.2.840.113556.1.4.661" },
552 { "systemOnly", "1.2.840.113556.1.4.170" },
553 { "governsID", "1.2.840.113556.1.2.22" },
554 { "objectClassCategory", "1.2.840.113556.1.2.370" },
555 { "rDNAttID", "1.2.840.113556.1.2.26" },
556 { "defaultObjectCategory", "1.2.840.113556.1.4.783" },
557 { "subClassOf", "1.2.840.113556.1.2.21" },
558 { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" },
559 { "systemPossSuperiors", "1.2.840.113556.1.4.195" },
560 { "systemMustContain", "1.2.840.113556.1.4.197" },
561 { "systemMayContain", "1.2.840.113556.1.4.196" },
562 { "auxiliaryClass", "1.2.840.113556.1.2.351" },
563 { "possSuperiors", "1.2.840.113556.1.2.8" },
564 { "mustContain", "1.2.840.113556.1.2.24" },
565 { "mayContain", "1.2.840.113556.1.2.25" },
566 { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
567 { "defaultHidingValue", "1.2.840.113556.1.4.518" },
570 static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
571 struct drsuapi_DsReplicaObject *obj,
577 const char *oid = NULL;
579 for(i=0; i < ARRAY_SIZE(name_mappings); i++) {
580 if (strcmp(name_mappings[i].name, name) != 0) continue;
582 oid = name_mappings[i].oid;
590 status = dsdb_map_oid2int(schema, oid, &id);
591 if (!W_ERROR_IS_OK(status)) {
595 for (i=0; i < obj->attribute_ctr.num_attributes; i++) {
596 if (obj->attribute_ctr.attributes[i].attid != id) continue;
599 return &obj->attribute_ctr.attributes[i];
605 #define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
606 struct drsuapi_DsReplicaAttribute *_a; \
607 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
608 if (strict && !_a) { \
609 d_printf("%s: %s == NULL\n", __location__, attr); \
610 return WERR_INVALID_PARAM; \
612 if (strict && _a->value_ctr.num_values != 1) { \
613 d_printf("%s: %s num_values == %u\n", __location__, attr, \
614 _a->value_ctr.num_values); \
615 return WERR_INVALID_PARAM; \
617 if (_a && _a->value_ctr.num_values >= 1) { \
619 _ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, \
620 _a->value_ctr.values[0].blob->data, \
621 _a->value_ctr.values[0].blob->length, \
622 (void **)discard_const(&(p)->elem)); \
624 DEBUG(0,("%s: invalid data!\n", attr)); \
626 _a->value_ctr.values[0].blob->data, \
627 _a->value_ctr.values[0].blob->length); \
628 return WERR_FOOBAR; \
635 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
636 struct drsuapi_DsReplicaAttribute *_a; \
637 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
638 if (strict && !_a) { \
639 d_printf("%s: %s == NULL\n", __location__, attr); \
640 return WERR_INVALID_PARAM; \
642 if (strict && _a->value_ctr.num_values != 1) { \
643 d_printf("%s: %s num_values == %u\n", __location__, attr, \
644 _a->value_ctr.num_values); \
645 return WERR_INVALID_PARAM; \
647 if (strict && !_a->value_ctr.values[0].blob) { \
648 d_printf("%s: %s data == NULL\n", __location__, attr); \
649 return WERR_INVALID_PARAM; \
651 if (_a && _a->value_ctr.num_values >= 1 \
652 && _a->value_ctr.values[0].blob) { \
653 struct drsuapi_DsReplicaObjectIdentifier3 _id3; \
654 NTSTATUS _nt_status; \
655 _nt_status = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
657 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\
658 if (!NT_STATUS_IS_OK(_nt_status)) { \
659 return ntstatus_to_werror(_nt_status); \
661 (p)->elem = _id3.dn; \
667 #define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \
668 struct drsuapi_DsReplicaAttribute *_a; \
669 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
670 if (strict && !_a) { \
671 d_printf("%s: %s == NULL\n", __location__, attr); \
672 return WERR_INVALID_PARAM; \
674 if (strict && _a->value_ctr.num_values != 1) { \
675 d_printf("%s: %s num_values == %u\n", __location__, attr, \
676 _a->value_ctr.num_values); \
677 return WERR_INVALID_PARAM; \
679 if (strict && !_a->value_ctr.values[0].blob) { \
680 d_printf("%s: %s data == NULL\n", __location__, attr); \
681 return WERR_INVALID_PARAM; \
683 if (strict && _a->value_ctr.values[0].blob->length != 4) { \
684 d_printf("%s: %s length == %u\n", __location__, attr, \
685 _a->value_ctr.values[0].blob->length); \
686 return WERR_INVALID_PARAM; \
688 if (_a && _a->value_ctr.num_values >= 1 \
689 && _a->value_ctr.values[0].blob \
690 && _a->value_ctr.values[0].blob->length == 4) { \
691 (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?True:False);\
697 #define GET_UINT32_DS(s, r, attr, p, elem) do { \
698 struct drsuapi_DsReplicaAttribute *_a; \
699 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
700 if (_a && _a->value_ctr.num_values >= 1 \
701 && _a->value_ctr.values[0].blob \
702 && _a->value_ctr.values[0].blob->length == 4) { \
703 (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
709 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
710 struct drsuapi_DsReplicaAttribute *_a; \
711 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
712 if (_a && _a->value_ctr.num_values >= 1 \
713 && _a->value_ctr.values[0].blob \
714 && _a->value_ctr.values[0].blob->length == 16) { \
715 NTSTATUS _nt_status; \
716 _nt_status = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
717 mem_ctx, &(p)->elem, \
718 (ndr_pull_flags_fn_t)ndr_pull_GUID); \
719 if (!NT_STATUS_IS_OK(_nt_status)) { \
720 return ntstatus_to_werror(_nt_status); \
723 ZERO_STRUCT((p)->elem);\
727 #define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \
728 struct drsuapi_DsReplicaAttribute *_a; \
729 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
730 if (_a && _a->value_ctr.num_values >= 1 \
731 && _a->value_ctr.values[0].blob) { \
732 (p)->elem = *_a->value_ctr.values[0].blob;\
733 talloc_steal(mem_ctx, (p)->elem.data); \
735 ZERO_STRUCT((p)->elem);\
739 WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
740 struct drsuapi_DsReplicaObject *r,
742 struct dsdb_attribute *attr)
746 GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, True);
747 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, True);
748 GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
749 status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid);
750 if (!W_ERROR_IS_OK(status)) {
751 DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n",
752 __location__, attr->lDAPDisplayName, attr->attributeID_id,
753 win_errstr(status)));
756 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
757 GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
759 GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
761 GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
762 GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
763 GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, False);
764 GET_UINT32_DS(schema, r, "linkID", attr, linkID);
766 GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
767 status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid);
768 if (!W_ERROR_IS_OK(status)) {
769 DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n",
770 __location__, attr->lDAPDisplayName, attr->attributeSyntax_id,
771 win_errstr(status)));
774 GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
775 GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
777 GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, True);
778 GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower);
779 GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper);
780 GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, False);
782 GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
783 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
785 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, False);
786 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, False);
787 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, False);
788 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, False);
789 GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, False);
790 GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, False);
791 GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, False);
793 attr->syntax = dsdb_syntax_for_attribute(attr);
795 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
801 WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
802 struct drsuapi_DsReplicaObject *r,
804 struct dsdb_class *obj)
808 GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, True);
809 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, True);
810 GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
811 status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid);
812 if (!W_ERROR_IS_OK(status)) {
813 DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n",
814 __location__, obj->lDAPDisplayName, obj->governsID_id,
815 win_errstr(status)));
818 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID);
820 GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
821 GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, False);
822 GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, True);
824 GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, True);
826 obj->systemAuxiliaryClass = NULL;
827 obj->systemPossSuperiors = NULL;
828 obj->systemMustContain = NULL;
829 obj->systemMayContain = NULL;
831 obj->auxiliaryClass = NULL;
832 obj->possSuperiors = NULL;
833 obj->mustContain = NULL;
834 obj->mayContain = NULL;
836 GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, False);
838 GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
839 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
841 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, False);
842 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, False);
843 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, False);
844 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, False);
845 GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, False);
846 GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, False);
847 GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, False);
852 const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_schema *schema,
855 struct dsdb_attribute *cur;
858 * 0xFFFFFFFF is used as value when no mapping table is available,
859 * so don't try to match with it
861 if (id == 0xFFFFFFFF) return NULL;
863 /* TODO: add binary search */
864 for (cur = schema->attributes; cur; cur = cur->next) {
865 if (cur->attributeID_id != id) continue;
873 const struct dsdb_attribute *dsdb_attribute_by_attributeID_oid(const struct dsdb_schema *schema,
876 struct dsdb_attribute *cur;
878 if (!oid) return NULL;
880 /* TODO: add binary search */
881 for (cur = schema->attributes; cur; cur = cur->next) {
882 if (strcmp(cur->attributeID_oid, oid) != 0) continue;
890 const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb_schema *schema,
893 struct dsdb_attribute *cur;
895 if (!name) return NULL;
897 /* TODO: add binary search */
898 for (cur = schema->attributes; cur; cur = cur->next) {
899 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
907 const struct dsdb_class *dsdb_class_by_governsID_id(const struct dsdb_schema *schema,
910 struct dsdb_class *cur;
913 * 0xFFFFFFFF is used as value when no mapping table is available,
914 * so don't try to match with it
916 if (id == 0xFFFFFFFF) return NULL;
918 /* TODO: add binary search */
919 for (cur = schema->classes; cur; cur = cur->next) {
920 if (cur->governsID_id != id) continue;
928 const struct dsdb_class *dsdb_class_by_governsID_oid(const struct dsdb_schema *schema,
931 struct dsdb_class *cur;
933 if (!oid) return NULL;
935 /* TODO: add binary search */
936 for (cur = schema->classes; cur; cur = cur->next) {
937 if (strcmp(cur->governsID_oid, oid) != 0) continue;
945 const struct dsdb_class *dsdb_class_by_lDAPDisplayName(const struct dsdb_schema *schema,
948 struct dsdb_class *cur;
950 if (!name) return NULL;
952 /* TODO: add binary search */
953 for (cur = schema->classes; cur; cur = cur->next) {
954 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
962 const struct dsdb_class *dsdb_class_by_cn(const struct dsdb_schema *schema,
965 struct dsdb_class *cur;
967 if (!cn) return NULL;
969 /* TODO: add binary search */
970 for (cur = schema->classes; cur; cur = cur->next) {
971 if (strcasecmp(cur->cn, cn) != 0) continue;
979 const char *dsdb_lDAPDisplayName_by_id(const struct dsdb_schema *schema,
982 const struct dsdb_attribute *a;
983 const struct dsdb_class *c;
985 /* TODO: add binary search */
986 a = dsdb_attribute_by_attributeID_id(schema, id);
988 return a->lDAPDisplayName;
991 c = dsdb_class_by_governsID_id(schema, id);
993 return c->lDAPDisplayName;
999 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
1003 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
1004 if (ret != LDB_SUCCESS) {
1008 talloc_steal(ldb, schema);
1013 static struct dsdb_schema *global_schema;
1015 int dsdb_set_global_schema(struct ldb_context *ldb)
1018 if (!global_schema) {
1021 ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
1022 if (ret != LDB_SUCCESS) {
1029 const struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb)
1032 const struct dsdb_schema *schema;
1034 /* see if we have a cached copy */
1035 p = ldb_get_opaque(ldb, "dsdb_schema");
1040 schema = talloc_get_type(p, struct dsdb_schema);
1048 void dsdb_make_schema_global(struct ldb_context *ldb)
1051 const struct dsdb_schema *schema;
1053 /* see if we have a cached copy */
1054 p = ldb_get_opaque(ldb, "dsdb_schema");
1059 schema = talloc_get_type(p, struct dsdb_schema);
1064 talloc_steal(talloc_autofree_context(), schema);
1065 global_schema = schema;
1067 dsdb_set_global_schema(ldb);
1070 WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf, const char *df)
1072 struct ldb_ldif *ldif;
1073 struct ldb_message *msg;
1074 TALLOC_CTX *mem_ctx;
1077 struct dsdb_schema *schema;
1078 const struct ldb_val *prefix_val;
1079 const struct ldb_val *info_val;
1080 struct ldb_val info_val_default;
1082 mem_ctx = talloc_new(ldb);
1087 schema = talloc_zero(mem_ctx, struct dsdb_schema);
1093 * load the prefixMap attribute from pf
1095 ldif = ldb_ldif_read_string(ldb, &pf);
1097 status = WERR_INVALID_PARAM;
1100 talloc_steal(mem_ctx, ldif);
1102 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1107 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
1109 status = WERR_INVALID_PARAM;
1113 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
1115 info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000");
1116 if (!info_val_default.data) {
1119 talloc_steal(mem_ctx, info_val_default.data);
1120 info_val = &info_val_default;
1123 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
1124 if (!W_ERROR_IS_OK(status)) {
1129 * load the attribute and class definitions outof df
1131 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
1135 talloc_steal(mem_ctx, ldif);
1137 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1142 is_sa = ldb_msg_check_string_attribute(msg, "objectClass", "attributeSchema");
1143 is_sc = ldb_msg_check_string_attribute(msg, "objectClass", "classSchema");
1146 struct dsdb_attribute *sa;
1148 sa = talloc_zero(schema, struct dsdb_attribute);
1153 status = dsdb_attribute_from_ldb(schema, msg, sa, sa);
1154 if (!W_ERROR_IS_OK(status)) {
1158 DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *);
1160 struct dsdb_class *sc;
1162 sc = talloc_zero(schema, struct dsdb_class);
1167 status = dsdb_class_from_ldb(schema, msg, sc, sc);
1168 if (!W_ERROR_IS_OK(status)) {
1172 DLIST_ADD_END(schema->classes, sc, struct dsdb_class *);
1176 ret = dsdb_set_schema(ldb, schema);
1177 if (ret != LDB_SUCCESS) {
1178 status = WERR_FOOBAR;
1185 status = WERR_NOMEM;
1188 talloc_free(mem_ctx);