2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "dsdb/samdb/samdb.h"
25 #include "lib/ldb/include/ldb_errors.h"
26 #include "lib/util/dlinklist.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "librpc/gen_ndr/ndr_drsuapi.h"
29 #include "librpc/gen_ndr/ndr_drsblobs.h"
30 #include "param/param.h"
32 struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience)
34 struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema);
39 schema->iconv_convenience = iconv_convenience;
44 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
48 schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings);
49 W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
51 for (i=0, j=0; i < ctr->num_mappings; i++) {
52 if (ctr->mappings[i].oid.oid == NULL) {
53 return WERR_INVALID_PARAM;
56 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
57 if (ctr->mappings[i].id_prefix != 0) {
58 return WERR_INVALID_PARAM;
61 /* the magic value should be in the last array member */
62 if (i != (ctr->num_mappings - 1)) {
63 return WERR_INVALID_PARAM;
66 if (ctr->mappings[i].oid.__ndr_size != 21) {
67 return WERR_INVALID_PARAM;
70 schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
71 W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
73 /* the last array member should contain the magic value not a oid */
74 if (i == (ctr->num_mappings - 1)) {
75 return WERR_INVALID_PARAM;
78 schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16;
79 schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.",
80 ctr->mappings[i].oid.oid);
81 W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
82 schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
87 schema->num_prefixes = j;
91 WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
92 const struct ldb_val *prefixMap,
93 const struct ldb_val *schemaInfo)
96 enum ndr_err_code ndr_err;
97 struct prefixMapBlob pfm;
100 TALLOC_CTX *mem_ctx = talloc_new(schema);
101 W_ERROR_HAVE_NO_MEMORY(mem_ctx);
103 ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
104 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
105 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
106 talloc_free(mem_ctx);
107 return ntstatus_to_werror(nt_status);
110 if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
111 talloc_free(mem_ctx);
115 if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) {
116 talloc_free(mem_ctx);
120 /* append the schema info as last element */
121 pfm.ctr.dsdb.num_mappings++;
122 pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings,
123 struct drsuapi_DsReplicaOIDMapping,
124 pfm.ctr.dsdb.num_mappings);
125 W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
127 schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
128 W_ERROR_HAVE_NO_MEMORY(schema_info);
130 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0;
131 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length;
132 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info;
134 /* call the drsuapi version */
135 status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
136 talloc_free(mem_ctx);
138 W_ERROR_NOT_OK_RETURN(status);
143 WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
144 bool include_schema_info,
146 struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
148 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
151 ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
152 W_ERROR_HAVE_NO_MEMORY(ctr);
154 ctr->num_mappings = schema->num_prefixes;
155 if (include_schema_info) ctr->num_mappings++;
156 ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
157 W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
159 for (i=0; i < schema->num_prefixes; i++) {
160 ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16;
161 ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings,
162 schema->prefixes[i].oid,
163 schema->prefixes[i].oid_len - 1);
164 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
167 if (include_schema_info) {
168 ctr->mappings[i].id_prefix = 0;
169 ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings,
170 schema->schema_info);
171 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
178 WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
180 struct ldb_val *prefixMap,
181 struct ldb_val *schemaInfo)
184 enum ndr_err_code ndr_err;
185 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
186 struct prefixMapBlob pfm;
188 status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
189 W_ERROR_NOT_OK_RETURN(status);
191 pfm.version = PREFIX_MAP_VERSION_DSDB;
195 ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
197 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
198 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
199 return ntstatus_to_werror(nt_status);
202 *schemaInfo = strhex_to_data_blob(schema->schema_info);
203 W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
204 talloc_steal(mem_ctx, schemaInfo->data);
209 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
213 for (i=0; i < ctr->num_mappings; i++) {
214 if (ctr->mappings[i].oid.oid == NULL) {
215 return WERR_INVALID_PARAM;
218 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
219 if (ctr->mappings[i].id_prefix != 0) {
220 return WERR_INVALID_PARAM;
223 /* the magic value should be in the last array member */
224 if (i != (ctr->num_mappings - 1)) {
225 return WERR_INVALID_PARAM;
228 if (ctr->mappings[i].oid.__ndr_size != 21) {
229 return WERR_INVALID_PARAM;
232 if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
233 return WERR_DS_DRA_SCHEMA_MISMATCH;
236 /* the last array member should contain the magic value not a oid */
237 if (i == (ctr->num_mappings - 1)) {
238 return WERR_INVALID_PARAM;
241 for (j=0; j < schema->num_prefixes; j++) {
243 if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
247 oid_len = strlen(ctr->mappings[i].oid.oid);
249 if (oid_len != (schema->prefixes[j].oid_len - 1)) {
250 return WERR_DS_DRA_SCHEMA_MISMATCH;
253 if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
254 return WERR_DS_DRA_SCHEMA_MISMATCH;
260 if (j == schema->num_prefixes) {
261 return WERR_DS_DRA_SCHEMA_MISMATCH;
269 WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out)
273 for (i=0; i < schema->num_prefixes; i++) {
278 if (strncmp(schema->prefixes[i].oid, in, schema->prefixes[i].oid_len) != 0) {
282 val_str = in + schema->prefixes[i].oid_len;
286 if (val_str[0] == '\0') {
287 return WERR_INVALID_PARAM;
290 /* two '.' chars are invalid */
291 if (val_str[0] == '.') {
292 return WERR_INVALID_PARAM;
295 val = strtoul(val_str, &end_str, 10);
296 if (end_str[0] == '.' && end_str[1] != '\0') {
298 * if it's a '.' and not the last char
299 * then maybe an other mapping apply
302 } else if (end_str[0] != '\0') {
303 return WERR_INVALID_PARAM;
304 } else if (val > 0xFFFF) {
305 return WERR_INVALID_PARAM;
308 *out = schema->prefixes[i].id | val;
312 return WERR_DS_NO_MSDS_INTID;
315 WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out)
319 for (i=0; i < schema->num_prefixes; i++) {
321 if (schema->prefixes[i].id != (in & 0xFFFF0000)) {
325 val = talloc_asprintf(mem_ctx, "%s%u",
326 schema->prefixes[i].oid,
328 W_ERROR_HAVE_NO_MEMORY(val);
334 return WERR_DS_NO_MSDS_INTID;
337 #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
338 (p)->elem = samdb_result_string(msg, attr, NULL);\
339 if (strict && (p)->elem == NULL) { \
340 d_printf("%s: %s == NULL\n", __location__, attr); \
341 return WERR_INVALID_PARAM; \
343 talloc_steal(mem_ctx, (p)->elem); \
346 #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
347 int get_string_list_counter; \
348 struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
349 if (get_string_list_el == NULL) { \
351 d_printf("%s: %s == NULL\n", __location__, attr); \
352 return WERR_INVALID_PARAM; \
358 (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
359 for (get_string_list_counter=0; \
360 get_string_list_counter < get_string_list_el->num_values; \
361 get_string_list_counter++) { \
362 (p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
363 (const char *)get_string_list_el->values[get_string_list_counter].data, \
364 get_string_list_el->values[get_string_list_counter].length); \
365 if (!(p)->elem[get_string_list_counter]) { \
366 d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
369 (p)->elem[get_string_list_counter+1] = NULL; \
371 talloc_steal(mem_ctx, (p)->elem); \
374 #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
376 str = samdb_result_string(msg, attr, NULL);\
379 d_printf("%s: %s == NULL\n", __location__, attr); \
380 return WERR_INVALID_PARAM; \
384 } else if (strcasecmp("TRUE", str) == 0) { \
386 } else if (strcasecmp("FALSE", str) == 0) { \
389 d_printf("%s: %s == %s\n", __location__, attr, str); \
390 return WERR_INVALID_PARAM; \
394 #define GET_UINT32_LDB(msg, attr, p, elem) do { \
395 (p)->elem = samdb_result_uint(msg, attr, 0);\
398 #define GET_GUID_LDB(msg, attr, p, elem) do { \
399 (p)->elem = samdb_result_guid(msg, attr);\
402 #define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
403 const struct ldb_val *_val;\
404 _val = ldb_msg_find_ldb_val(msg, attr);\
407 talloc_steal(mem_ctx, (p)->elem.data);\
409 ZERO_STRUCT((p)->elem);\
413 WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
414 struct ldb_message *msg,
416 struct dsdb_attribute *attr)
420 GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, false);
421 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
422 GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, true);
423 if (schema->num_prefixes == 0) {
424 /* set an invalid value */
425 attr->attributeID_id = 0xFFFFFFFF;
427 status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id);
428 if (!W_ERROR_IS_OK(status)) {
429 DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
430 __location__, attr->lDAPDisplayName, attr->attributeID_oid,
431 win_errstr(status)));
435 GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
436 GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
438 GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
440 GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
441 GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
442 GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
443 GET_UINT32_LDB(msg, "linkID", attr, linkID);
445 GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, true);
446 if (schema->num_prefixes == 0) {
447 /* set an invalid value */
448 attr->attributeSyntax_id = 0xFFFFFFFF;
450 status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id);
451 if (!W_ERROR_IS_OK(status)) {
452 DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
453 __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
454 win_errstr(status)));
458 GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
459 GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
461 GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
462 GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower);
463 GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper);
464 GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
466 GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
467 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
469 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
470 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
471 GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, false);
472 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, false);
473 GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false);
474 GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false);
475 GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false);
477 attr->syntax = dsdb_syntax_for_attribute(attr);
479 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
485 WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
486 struct ldb_message *msg,
488 struct dsdb_class *obj)
492 GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, false);
493 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
494 GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, true);
495 if (schema->num_prefixes == 0) {
496 /* set an invalid value */
497 obj->governsID_id = 0xFFFFFFFF;
499 status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id);
500 if (!W_ERROR_IS_OK(status)) {
501 DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
502 __location__, obj->lDAPDisplayName, obj->governsID_oid,
503 win_errstr(status)));
507 GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
509 GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
510 GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, false);
511 GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
513 GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, true);
515 obj->systemAuxiliaryClass = NULL;
517 obj->auxiliaryClass = NULL;
519 GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, false);
520 GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, false);
521 GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, false);
522 GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, false);
524 GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
525 GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, false);
526 GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
528 GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
530 GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
531 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
533 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
534 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
535 GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, false);
536 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, false);
537 GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false);
538 GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false);
539 GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false);
544 static const struct {
547 } name_mappings[] = {
549 { "name", "1.2.840.113556.1.4.1" },
550 { "lDAPDisplayName", "1.2.840.113556.1.2.460" },
551 { "attributeID", "1.2.840.113556.1.2.30" },
552 { "schemaIDGUID", "1.2.840.113556.1.4.148" },
553 { "mAPIID", "1.2.840.113556.1.2.49" },
554 { "attributeSecurityGUID", "1.2.840.113556.1.4.149" },
555 { "searchFlags", "1.2.840.113556.1.2.334" },
556 { "systemFlags", "1.2.840.113556.1.4.375" },
557 { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" },
558 { "linkID", "1.2.840.113556.1.2.50" },
559 { "attributeSyntax", "1.2.840.113556.1.2.32" },
560 { "oMSyntax", "1.2.840.113556.1.2.231" },
561 { "oMObjectClass", "1.2.840.113556.1.2.218" },
562 { "isSingleValued", "1.2.840.113556.1.2.33" },
563 { "rangeLower", "1.2.840.113556.1.2.34" },
564 { "rangeUpper", "1.2.840.113556.1.2.35" },
565 { "extendedCharsAllowed", "1.2.840.113556.1.2.380" },
566 { "schemaFlagsEx", "1.2.840.113556.1.4.120" },
567 { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" },
568 { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" },
569 { "adminDisplayName", "1.2.840.113556.1.2.194" },
570 { "adminDescription", "1.2.840.113556.1.2.226" },
571 { "classDisplayName", "1.2.840.113556.1.4.610" },
572 { "isEphemeral", "1.2.840.113556.1.4.1212" },
573 { "isDefunct", "1.2.840.113556.1.4.661" },
574 { "systemOnly", "1.2.840.113556.1.4.170" },
575 { "governsID", "1.2.840.113556.1.2.22" },
576 { "objectClassCategory", "1.2.840.113556.1.2.370" },
577 { "rDNAttID", "1.2.840.113556.1.2.26" },
578 { "defaultObjectCategory", "1.2.840.113556.1.4.783" },
579 { "subClassOf", "1.2.840.113556.1.2.21" },
580 { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" },
581 { "systemPossSuperiors", "1.2.840.113556.1.4.195" },
582 { "systemMustContain", "1.2.840.113556.1.4.197" },
583 { "systemMayContain", "1.2.840.113556.1.4.196" },
584 { "auxiliaryClass", "1.2.840.113556.1.2.351" },
585 { "possSuperiors", "1.2.840.113556.1.2.8" },
586 { "mustContain", "1.2.840.113556.1.2.24" },
587 { "mayContain", "1.2.840.113556.1.2.25" },
588 { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
589 { "defaultHidingValue", "1.2.840.113556.1.4.518" },
592 static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
593 struct drsuapi_DsReplicaObject *obj,
599 const char *oid = NULL;
601 for(i=0; i < ARRAY_SIZE(name_mappings); i++) {
602 if (strcmp(name_mappings[i].name, name) != 0) continue;
604 oid = name_mappings[i].oid;
612 status = dsdb_map_oid2int(schema, oid, &id);
613 if (!W_ERROR_IS_OK(status)) {
617 for (i=0; i < obj->attribute_ctr.num_attributes; i++) {
618 if (obj->attribute_ctr.attributes[i].attid != id) continue;
621 return &obj->attribute_ctr.attributes[i];
627 #define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
628 struct drsuapi_DsReplicaAttribute *_a; \
629 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
630 if (strict && !_a) { \
631 d_printf("%s: %s == NULL\n", __location__, attr); \
632 return WERR_INVALID_PARAM; \
634 if (strict && _a->value_ctr.num_values != 1) { \
635 d_printf("%s: %s num_values == %u\n", __location__, attr, \
636 _a->value_ctr.num_values); \
637 return WERR_INVALID_PARAM; \
639 if (_a && _a->value_ctr.num_values >= 1) { \
641 _ret = convert_string_talloc(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \
642 _a->value_ctr.values[0].blob->data, \
643 _a->value_ctr.values[0].blob->length, \
644 (void **)discard_const(&(p)->elem)); \
646 DEBUG(0,("%s: invalid data!\n", attr)); \
648 _a->value_ctr.values[0].blob->data, \
649 _a->value_ctr.values[0].blob->length); \
650 return WERR_FOOBAR; \
657 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
658 struct drsuapi_DsReplicaAttribute *_a; \
659 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
660 if (strict && !_a) { \
661 d_printf("%s: %s == NULL\n", __location__, attr); \
662 return WERR_INVALID_PARAM; \
664 if (strict && _a->value_ctr.num_values != 1) { \
665 d_printf("%s: %s num_values == %u\n", __location__, attr, \
666 _a->value_ctr.num_values); \
667 return WERR_INVALID_PARAM; \
669 if (strict && !_a->value_ctr.values[0].blob) { \
670 d_printf("%s: %s data == NULL\n", __location__, attr); \
671 return WERR_INVALID_PARAM; \
673 if (_a && _a->value_ctr.num_values >= 1 \
674 && _a->value_ctr.values[0].blob) { \
675 struct drsuapi_DsReplicaObjectIdentifier3 _id3; \
676 enum ndr_err_code _ndr_err; \
677 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
678 mem_ctx, s->iconv_convenience, &_id3,\
679 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\
680 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
681 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
682 return ntstatus_to_werror(_nt_status); \
684 (p)->elem = _id3.dn; \
690 #define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \
691 struct drsuapi_DsReplicaAttribute *_a; \
692 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
693 if (strict && !_a) { \
694 d_printf("%s: %s == NULL\n", __location__, attr); \
695 return WERR_INVALID_PARAM; \
697 if (strict && _a->value_ctr.num_values != 1) { \
698 d_printf("%s: %s num_values == %u\n", __location__, attr, \
699 (unsigned int)_a->value_ctr.num_values); \
700 return WERR_INVALID_PARAM; \
702 if (strict && !_a->value_ctr.values[0].blob) { \
703 d_printf("%s: %s data == NULL\n", __location__, attr); \
704 return WERR_INVALID_PARAM; \
706 if (strict && _a->value_ctr.values[0].blob->length != 4) { \
707 d_printf("%s: %s length == %u\n", __location__, attr, \
708 (unsigned int)_a->value_ctr.values[0].blob->length); \
709 return WERR_INVALID_PARAM; \
711 if (_a && _a->value_ctr.num_values >= 1 \
712 && _a->value_ctr.values[0].blob \
713 && _a->value_ctr.values[0].blob->length == 4) { \
714 (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?true:false);\
720 #define GET_UINT32_DS(s, r, attr, p, elem) do { \
721 struct drsuapi_DsReplicaAttribute *_a; \
722 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
723 if (_a && _a->value_ctr.num_values >= 1 \
724 && _a->value_ctr.values[0].blob \
725 && _a->value_ctr.values[0].blob->length == 4) { \
726 (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
732 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
733 struct drsuapi_DsReplicaAttribute *_a; \
734 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
735 if (_a && _a->value_ctr.num_values >= 1 \
736 && _a->value_ctr.values[0].blob \
737 && _a->value_ctr.values[0].blob->length == 16) { \
738 enum ndr_err_code _ndr_err; \
739 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
740 mem_ctx, s->iconv_convenience, &(p)->elem, \
741 (ndr_pull_flags_fn_t)ndr_pull_GUID); \
742 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
743 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
744 return ntstatus_to_werror(_nt_status); \
747 ZERO_STRUCT((p)->elem);\
751 #define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \
752 struct drsuapi_DsReplicaAttribute *_a; \
753 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
754 if (_a && _a->value_ctr.num_values >= 1 \
755 && _a->value_ctr.values[0].blob) { \
756 (p)->elem = *_a->value_ctr.values[0].blob;\
757 talloc_steal(mem_ctx, (p)->elem.data); \
759 ZERO_STRUCT((p)->elem);\
763 WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
764 struct drsuapi_DsReplicaObject *r,
766 struct dsdb_attribute *attr)
770 GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true);
771 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
772 GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
773 status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid);
774 if (!W_ERROR_IS_OK(status)) {
775 DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n",
776 __location__, attr->lDAPDisplayName, attr->attributeID_id,
777 win_errstr(status)));
780 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
781 GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
783 GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
785 GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
786 GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
787 GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
788 GET_UINT32_DS(schema, r, "linkID", attr, linkID);
790 GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
791 status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid);
792 if (!W_ERROR_IS_OK(status)) {
793 DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n",
794 __location__, attr->lDAPDisplayName, attr->attributeSyntax_id,
795 win_errstr(status)));
798 GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
799 GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
801 GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
802 GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower);
803 GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper);
804 GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
806 GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
807 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
809 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
810 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
811 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, false);
812 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, false);
813 GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, false);
814 GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, false);
815 GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, false);
817 attr->syntax = dsdb_syntax_for_attribute(attr);
819 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
825 WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
826 struct drsuapi_DsReplicaObject *r,
828 struct dsdb_class *obj)
832 GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true);
833 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
834 GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
835 status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid);
836 if (!W_ERROR_IS_OK(status)) {
837 DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n",
838 __location__, obj->lDAPDisplayName, obj->governsID_id,
839 win_errstr(status)));
842 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID);
844 GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
845 GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false);
846 GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
848 GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true);
850 obj->systemAuxiliaryClass = NULL;
851 obj->systemPossSuperiors = NULL;
852 obj->systemMustContain = NULL;
853 obj->systemMayContain = NULL;
855 obj->auxiliaryClass = NULL;
856 obj->possSuperiors = NULL;
857 obj->mustContain = NULL;
858 obj->mayContain = NULL;
860 obj->possibleInferiors = NULL;
862 GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
864 GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
865 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
867 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
868 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
869 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, false);
870 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, false);
871 GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, false);
872 GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, false);
873 GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, false);
878 const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_schema *schema,
881 struct dsdb_attribute *cur;
884 * 0xFFFFFFFF is used as value when no mapping table is available,
885 * so don't try to match with it
887 if (id == 0xFFFFFFFF) return NULL;
889 /* TODO: add binary search */
890 for (cur = schema->attributes; cur; cur = cur->next) {
891 if (cur->attributeID_id != id) continue;
899 const struct dsdb_attribute *dsdb_attribute_by_attributeID_oid(const struct dsdb_schema *schema,
902 struct dsdb_attribute *cur;
904 if (!oid) return NULL;
906 /* TODO: add binary search */
907 for (cur = schema->attributes; cur; cur = cur->next) {
908 if (strcmp(cur->attributeID_oid, oid) != 0) continue;
916 const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb_schema *schema,
919 struct dsdb_attribute *cur;
921 if (!name) return NULL;
923 /* TODO: add binary search */
924 for (cur = schema->attributes; cur; cur = cur->next) {
925 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
933 const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema,
936 struct dsdb_attribute *cur;
938 /* TODO: add binary search */
939 for (cur = schema->attributes; cur; cur = cur->next) {
940 if (cur->linkID != linkID) continue;
948 const struct dsdb_class *dsdb_class_by_governsID_id(const struct dsdb_schema *schema,
951 struct dsdb_class *cur;
954 * 0xFFFFFFFF is used as value when no mapping table is available,
955 * so don't try to match with it
957 if (id == 0xFFFFFFFF) return NULL;
959 /* TODO: add binary search */
960 for (cur = schema->classes; cur; cur = cur->next) {
961 if (cur->governsID_id != id) continue;
969 const struct dsdb_class *dsdb_class_by_governsID_oid(const struct dsdb_schema *schema,
972 struct dsdb_class *cur;
974 if (!oid) return NULL;
976 /* TODO: add binary search */
977 for (cur = schema->classes; cur; cur = cur->next) {
978 if (strcmp(cur->governsID_oid, oid) != 0) continue;
986 const struct dsdb_class *dsdb_class_by_lDAPDisplayName(const struct dsdb_schema *schema,
989 struct dsdb_class *cur;
991 if (!name) return NULL;
993 /* TODO: add binary search */
994 for (cur = schema->classes; cur; cur = cur->next) {
995 if (strcasecmp(cur->lDAPDisplayName, name) != 0) continue;
1003 const struct dsdb_class *dsdb_class_by_cn(const struct dsdb_schema *schema,
1006 struct dsdb_class *cur;
1008 if (!cn) return NULL;
1010 /* TODO: add binary search */
1011 for (cur = schema->classes; cur; cur = cur->next) {
1012 if (strcasecmp(cur->cn, cn) != 0) continue;
1020 const char *dsdb_lDAPDisplayName_by_id(const struct dsdb_schema *schema,
1023 const struct dsdb_attribute *a;
1024 const struct dsdb_class *c;
1026 /* TODO: add binary search */
1027 a = dsdb_attribute_by_attributeID_id(schema, id);
1029 return a->lDAPDisplayName;
1032 c = dsdb_class_by_governsID_id(schema, id);
1034 return c->lDAPDisplayName;
1040 WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret)
1042 const char **attr_list = NULL;
1043 struct dsdb_attribute *cur;
1045 for (cur = schema->attributes; cur; cur = cur->next) {
1046 if (cur->linkID == 0) continue;
1048 attr_list = talloc_realloc(mem_ctx, attr_list, const char *, i+2);
1052 attr_list[i] = cur->lDAPDisplayName;
1055 attr_list[i] = NULL;
1056 *attr_list_ret = attr_list;
1061 * Attach the schema to an opaque pointer on the ldb, so ldb modules
1065 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
1069 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
1070 if (ret != LDB_SUCCESS) {
1074 talloc_steal(ldb, schema);
1080 * Global variable to hold one copy of the schema, used to avoid memory bloat
1082 static struct dsdb_schema *global_schema;
1085 * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
1087 int dsdb_set_global_schema(struct ldb_context *ldb)
1090 if (!global_schema) {
1093 ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
1094 if (ret != LDB_SUCCESS) {
1102 * Find the schema object for this ldb
1105 struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb)
1108 struct dsdb_schema *schema;
1110 /* see if we have a cached copy */
1111 p = ldb_get_opaque(ldb, "dsdb_schema");
1116 schema = talloc_get_type(p, struct dsdb_schema);
1125 * Make the schema found on this ldb the 'global' schema
1128 void dsdb_make_schema_global(struct ldb_context *ldb)
1130 struct dsdb_schema *schema = dsdb_get_schema(ldb);
1135 talloc_steal(talloc_autofree_context(), schema);
1136 global_schema = schema;
1138 dsdb_set_global_schema(ldb);
1143 * Rather than read a schema from the LDB itself, read it from an ldif
1144 * file. This allows schema to be loaded and used while adding the
1145 * schema itself to the directory.
1148 WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char *pf, const char *df)
1150 struct ldb_ldif *ldif;
1151 struct ldb_message *msg;
1152 TALLOC_CTX *mem_ctx;
1155 struct dsdb_schema *schema;
1156 const struct ldb_val *prefix_val;
1157 const struct ldb_val *info_val;
1158 struct ldb_val info_val_default;
1160 mem_ctx = talloc_new(ldb);
1165 schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")));
1168 * load the prefixMap attribute from pf
1170 ldif = ldb_ldif_read_string(ldb, &pf);
1172 status = WERR_INVALID_PARAM;
1175 talloc_steal(mem_ctx, ldif);
1177 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1181 talloc_steal(mem_ctx, msg);
1184 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
1186 status = WERR_INVALID_PARAM;
1190 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
1192 info_val_default = strhex_to_data_blob("FF0000000000000000000000000000000000000000");
1193 if (!info_val_default.data) {
1196 talloc_steal(mem_ctx, info_val_default.data);
1197 info_val = &info_val_default;
1200 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
1201 if (!W_ERROR_IS_OK(status)) {
1206 * load the attribute and class definitions outof df
1208 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
1212 talloc_steal(mem_ctx, ldif);
1214 msg = ldb_msg_canonicalize(ldb, ldif->msg);
1219 talloc_steal(mem_ctx, msg);
1222 is_sa = ldb_msg_check_string_attribute(msg, "objectClass", "attributeSchema");
1223 is_sc = ldb_msg_check_string_attribute(msg, "objectClass", "classSchema");
1226 struct dsdb_attribute *sa;
1228 sa = talloc_zero(schema, struct dsdb_attribute);
1233 status = dsdb_attribute_from_ldb(schema, msg, sa, sa);
1234 if (!W_ERROR_IS_OK(status)) {
1238 DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *);
1240 struct dsdb_class *sc;
1242 sc = talloc_zero(schema, struct dsdb_class);
1247 status = dsdb_class_from_ldb(schema, msg, sc, sc);
1248 if (!W_ERROR_IS_OK(status)) {
1252 DLIST_ADD_END(schema->classes, sc, struct dsdb_class *);
1256 ret = dsdb_set_schema(ldb, schema);
1257 if (ret != LDB_SUCCESS) {
1258 status = WERR_FOOBAR;
1265 status = WERR_NOMEM;
1268 talloc_free(mem_ctx);