/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- dsdb_new_schema
- dsdb_load_oid_mappings_drsuapi
- dsdb_load_oid_mappings_ldb
- dsdb_get_oid_mappings_drsuapi
- dsdb_get_oid_mappings_ldb
- dsdb_verify_oid_mappings_drsuapi
- dsdb_map_oid2int
- dsdb_map_int2oid
- dsdb_create_prefix_mapping
- dsdb_prefix_map_update
- dsdb_find_prefix_for_oid
- dsdb_write_prefixes_to_ldb
- dsdb_read_prefixes_from_ldb
- dsdb_attribute_from_ldb
- dsdb_class_from_ldb
- dsdb_schema_from_ldb_results
- fetch_oc_recursive
- fetch_objectclass_schema
- dsdb_schema_from_schema_dn
- dsdb_find_object_attr_name
- dsdb_attribute_from_drsuapi
- dsdb_class_from_drsuapi
1 /*
2 Unix SMB/CIFS mplementation.
3 DSDB schema header
4
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20
21 */
22
23 #include "includes.h"
24 #include "dsdb/samdb/samdb.h"
25 #include "lib/ldb/include/ldb_errors.h"
26 #include "../lib/util/dlinklist.h"
27 #include "librpc/gen_ndr/ndr_misc.h"
28 #include "librpc/gen_ndr/ndr_drsuapi.h"
29 #include "librpc/gen_ndr/ndr_drsblobs.h"
30 #include "param/param.h"
31
32 struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience)
/* [<][>][^][v][top][bottom][index][help] */
33 {
34 struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema);
35 if (!schema) {
36 return NULL;
37 }
38
39 schema->iconv_convenience = iconv_convenience;
40 return schema;
41 }
42
43
44 WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
/* [<][>][^][v][top][bottom][index][help] */
45 {
46 uint32_t i,j;
47
48 schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings);
49 W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
50
51 for (i=0, j=0; i < ctr->num_mappings; i++) {
52 if (ctr->mappings[i].oid.oid == NULL) {
53 return WERR_INVALID_PARAM;
54 }
55
56 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
57 if (ctr->mappings[i].id_prefix != 0) {
58 return WERR_INVALID_PARAM;
59 }
60
61 /* the magic value should be in the last array member */
62 if (i != (ctr->num_mappings - 1)) {
63 return WERR_INVALID_PARAM;
64 }
65
66 if (ctr->mappings[i].oid.__ndr_size != 21) {
67 return WERR_INVALID_PARAM;
68 }
69
70 schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
71 W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
72 } else {
73 /* the last array member should contain the magic value not a oid */
74 if (i == (ctr->num_mappings - 1)) {
75 return WERR_INVALID_PARAM;
76 }
77
78 schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16;
79 schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.",
80 ctr->mappings[i].oid.oid);
81 W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
82 schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
83 j++;
84 }
85 }
86
87 schema->num_prefixes = j;
88 return WERR_OK;
89 }
90
91 WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
92 const struct ldb_val *prefixMap,
93 const struct ldb_val *schemaInfo)
94 {
95 WERROR status;
96 enum ndr_err_code ndr_err;
97 struct prefixMapBlob pfm;
98 char *schema_info;
99
100 TALLOC_CTX *mem_ctx = talloc_new(schema);
101 W_ERROR_HAVE_NO_MEMORY(mem_ctx);
102
103 ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
104 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
105 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
106 talloc_free(mem_ctx);
107 return ntstatus_to_werror(nt_status);
108 }
109
110 if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
111 talloc_free(mem_ctx);
112 return WERR_FOOBAR;
113 }
114
115 if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) {
116 talloc_free(mem_ctx);
117 return WERR_FOOBAR;
118 }
119
120 /* append the schema info as last element */
121 pfm.ctr.dsdb.num_mappings++;
122 pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings,
123 struct drsuapi_DsReplicaOIDMapping,
124 pfm.ctr.dsdb.num_mappings);
125 W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
126
127 schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
128 W_ERROR_HAVE_NO_MEMORY(schema_info);
129
130 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0;
131 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length;
132 pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info;
133
134 /* call the drsuapi version */
135 status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
136 talloc_free(mem_ctx);
137
138 W_ERROR_NOT_OK_RETURN(status);
139
140 return WERR_OK;
141 }
142
143 WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
144 bool include_schema_info,
145 TALLOC_CTX *mem_ctx,
146 struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
147 {
148 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
149 uint32_t i;
150
151 ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
152 W_ERROR_HAVE_NO_MEMORY(ctr);
153
154 ctr->num_mappings = schema->num_prefixes;
155 if (include_schema_info) ctr->num_mappings++;
156 ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
157 W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
158
159 for (i=0; i < schema->num_prefixes; i++) {
160 ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16;
161 ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings,
162 schema->prefixes[i].oid,
163 schema->prefixes[i].oid_len - 1);
164 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
165 }
166
167 if (include_schema_info) {
168 ctr->mappings[i].id_prefix = 0;
169 ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings,
170 schema->schema_info);
171 W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
172 }
173
174 *_ctr = ctr;
175 return WERR_OK;
176 }
177
178 WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
179 TALLOC_CTX *mem_ctx,
180 struct ldb_val *prefixMap,
181 struct ldb_val *schemaInfo)
182 {
183 WERROR status;
184 enum ndr_err_code ndr_err;
185 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
186 struct prefixMapBlob pfm;
187
188 status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
189 W_ERROR_NOT_OK_RETURN(status);
190
191 pfm.version = PREFIX_MAP_VERSION_DSDB;
192 pfm.reserved = 0;
193 pfm.ctr.dsdb = *ctr;
194
195 ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
196 talloc_free(ctr);
197 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
198 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
199 return ntstatus_to_werror(nt_status);
200 }
201
202 *schemaInfo = strhex_to_data_blob(mem_ctx, schema->schema_info);
203 W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
204
205 return WERR_OK;
206 }
207
208 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
/* [<][>][^][v][top][bottom][index][help] */
209 {
210 uint32_t i,j;
211
212 for (i=0; i < ctr->num_mappings; i++) {
213 if (ctr->mappings[i].oid.oid == NULL) {
214 return WERR_INVALID_PARAM;
215 }
216
217 if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
218 if (ctr->mappings[i].id_prefix != 0) {
219 return WERR_INVALID_PARAM;
220 }
221
222 /* the magic value should be in the last array member */
223 if (i != (ctr->num_mappings - 1)) {
224 return WERR_INVALID_PARAM;
225 }
226
227 if (ctr->mappings[i].oid.__ndr_size != 21) {
228 return WERR_INVALID_PARAM;
229 }
230
231 if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
232 return WERR_DS_DRA_SCHEMA_MISMATCH;
233 }
234 } else {
235 /* the last array member should contain the magic value not a oid */
236 if (i == (ctr->num_mappings - 1)) {
237 return WERR_INVALID_PARAM;
238 }
239
240 for (j=0; j < schema->num_prefixes; j++) {
241 size_t oid_len;
242 if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
243 continue;
244 }
245
246 oid_len = strlen(ctr->mappings[i].oid.oid);
247
248 if (oid_len != (schema->prefixes[j].oid_len - 1)) {
249 return WERR_DS_DRA_SCHEMA_MISMATCH;
250 }
251
252 if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
253 return WERR_DS_DRA_SCHEMA_MISMATCH;
254 }
255
256 break;
257 }
258
259 if (j == schema->num_prefixes) {
260 return WERR_DS_DRA_SCHEMA_MISMATCH;
261 }
262 }
263 }
264
265 return WERR_OK;
266 }
267
268 WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out)
/* [<][>][^][v][top][bottom][index][help] */
269 {
270 return dsdb_find_prefix_for_oid(schema->num_prefixes, schema->prefixes, in, out);
271 }
272
273
274 WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out)
/* [<][>][^][v][top][bottom][index][help] */
275 {
276 uint32_t i;
277
278 for (i=0; i < schema->num_prefixes; i++) {
279 const char *val;
280 if (schema->prefixes[i].id != (in & 0xFFFF0000)) {
281 continue;
282 }
283
284 val = talloc_asprintf(mem_ctx, "%s%u",
285 schema->prefixes[i].oid,
286 in & 0xFFFF);
287 W_ERROR_HAVE_NO_MEMORY(val);
288
289 *out = val;
290 return WERR_OK;
291 }
292
293 return WERR_DS_NO_MSDS_INTID;
294 }
295
296 /*
297 * this function is called from within a ldb transaction from the schema_fsmo module
298 */
299 WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *schema, const char *full_oid)
/* [<][>][^][v][top][bottom][index][help] */
300 {
301 WERROR status;
302 uint32_t num_prefixes;
303 struct dsdb_schema_oid_prefix *prefixes;
304 TALLOC_CTX *mem_ctx;
305 uint32_t out;
306
307 mem_ctx = talloc_new(ldb);
308 W_ERROR_HAVE_NO_MEMORY(mem_ctx);
309
310 /* Read prefixes from disk*/
311 status = dsdb_read_prefixes_from_ldb( mem_ctx, ldb, &num_prefixes, &prefixes );
312 if (!W_ERROR_IS_OK(status)) {
313 DEBUG(0,("dsdb_create_prefix_mapping: dsdb_read_prefixes_from_ldb: %s\n",
314 win_errstr(status)));
315 talloc_free(mem_ctx);
316 return status;
317 }
318
319 /* Check if there is a prefix for the oid in the prefixes array*/
320 status = dsdb_find_prefix_for_oid( num_prefixes, prefixes, full_oid, &out );
321 if (W_ERROR_IS_OK(status)) {
322 /* prefix found*/
323 talloc_free(mem_ctx);
324 return status;
325 } else if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) {
326 /* error */
327 DEBUG(0,("dsdb_create_prefix_mapping: dsdb_find_prefix_for_oid: %s\n",
328 win_errstr(status)));
329 talloc_free(mem_ctx);
330 return status;
331 }
332
333 /* Create the new mapping for the prefix of full_oid */
334 status = dsdb_prefix_map_update(mem_ctx, &num_prefixes, &prefixes, full_oid);
335 if (!W_ERROR_IS_OK(status)) {
336 DEBUG(0,("dsdb_create_prefix_mapping: dsdb_prefix_map_update: %s\n",
337 win_errstr(status)));
338 talloc_free(mem_ctx);
339 return status;
340 }
341
342 /* Update prefixMap in ldb*/
343 status = dsdb_write_prefixes_to_ldb(mem_ctx, ldb, num_prefixes, prefixes);
344 if (!W_ERROR_IS_OK(status)) {
345 DEBUG(0,("dsdb_create_prefix_mapping: dsdb_write_prefixes_to_ldb: %s\n",
346 win_errstr(status)));
347 talloc_free(mem_ctx);
348 return status;
349 }
350
351 talloc_free(mem_ctx);
352 return status;
353 }
354
355 WERROR dsdb_prefix_map_update(TALLOC_CTX *mem_ctx, uint32_t *num_prefixes, struct dsdb_schema_oid_prefix **prefixes, const char *oid)
/* [<][>][^][v][top][bottom][index][help] */
356 {
357 uint32_t new_num_prefixes, index_new_prefix, new_entry_id;
358 const char* lastDotOffset;
359 size_t size;
360
361 new_num_prefixes = *num_prefixes + 1;
362 index_new_prefix = *num_prefixes;
363
364 /*
365 * this is the algorithm we use to create new mappings for now
366 *
367 * TODO: find what algorithm windows use
368 */
369 new_entry_id = (*num_prefixes)<<16;
370
371 /* Extract the prefix from the oid*/
372 lastDotOffset = strrchr(oid, '.');
373 if (lastDotOffset == NULL) {
374 DEBUG(0,("dsdb_prefix_map_update: failed to find the last dot\n"));
375 return WERR_NOT_FOUND;
376 }
377
378 /* Calculate the size of the remainig string that should be the prefix of it */
379 size = strlen(oid) - strlen(lastDotOffset);
380 if (size <= 0) {
381 DEBUG(0,("dsdb_prefix_map_update: size of the remaining string invalid\n"));
382 return WERR_FOOBAR;
383 }
384 /* Add one because we need to copy the dot */
385 size += 1;
386
387 /* Create a spot in the prefixMap for one more prefix*/
388 (*prefixes) = talloc_realloc(mem_ctx, *prefixes, struct dsdb_schema_oid_prefix, new_num_prefixes);
389 W_ERROR_HAVE_NO_MEMORY(*prefixes);
390
391 /* Add the new prefix entry*/
392 (*prefixes)[index_new_prefix].id = new_entry_id;
393 (*prefixes)[index_new_prefix].oid = talloc_strndup(mem_ctx, oid, size);
394 (*prefixes)[index_new_prefix].oid_len = strlen((*prefixes)[index_new_prefix].oid);
395
396 /* Increase num_prefixes because new prefix has been added */
397 ++(*num_prefixes);
398
399 return WERR_OK;
400 }
401
402 WERROR dsdb_find_prefix_for_oid(uint32_t num_prefixes, const struct dsdb_schema_oid_prefix *prefixes, const char *in, uint32_t *out)
/* [<][>][^][v][top][bottom][index][help] */
403 {
404 uint32_t i;
405
406 for (i=0; i < num_prefixes; i++) {
407 const char *val_str;
408 char *end_str;
409 unsigned val;
410
411 if (strncmp(prefixes[i].oid, in, prefixes[i].oid_len) != 0) {
412 continue;
413 }
414
415 val_str = in + prefixes[i].oid_len;
416 end_str = NULL;
417 errno = 0;
418
419 if (val_str[0] == '\0') {
420 return WERR_INVALID_PARAM;
421 }
422
423 /* two '.' chars are invalid */
424 if (val_str[0] == '.') {
425 return WERR_INVALID_PARAM;
426 }
427
428 val = strtoul(val_str, &end_str, 10);
429 if (end_str[0] == '.' && end_str[1] != '\0') {
430 /*
431 * if it's a '.' and not the last char
432 * then maybe an other mapping apply
433 */
434 continue;
435 } else if (end_str[0] != '\0') {
436 return WERR_INVALID_PARAM;
437 } else if (val > 0xFFFF) {
438 return WERR_INVALID_PARAM;
439 }
440
441 *out = prefixes[i].id | val;
442 return WERR_OK;
443 }
444
445 return WERR_DS_NO_MSDS_INTID;
446 }
447
448 WERROR dsdb_write_prefixes_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
/* [<][>][^][v][top][bottom][index][help] */
449 uint32_t num_prefixes,
450 const struct dsdb_schema_oid_prefix *prefixes)
451 {
452 struct ldb_message msg;
453 struct ldb_dn *schema_dn;
454 struct ldb_message_element el;
455 struct prefixMapBlob pm;
456 struct ldb_val ndr_blob;
457 enum ndr_err_code ndr_err;
458 uint32_t i;
459 int ret;
460
461 schema_dn = samdb_schema_dn(ldb);
462 if (!schema_dn) {
463 DEBUG(0,("dsdb_write_prefixes_to_ldb: no schema dn present\n"));
464 return WERR_FOOBAR;
465 }
466
467 pm.version = PREFIX_MAP_VERSION_DSDB;
468 pm.ctr.dsdb.num_mappings = num_prefixes;
469 pm.ctr.dsdb.mappings = talloc_array(mem_ctx,
470 struct drsuapi_DsReplicaOIDMapping,
471 pm.ctr.dsdb.num_mappings);
472 if (!pm.ctr.dsdb.mappings) {
473 return WERR_NOMEM;
474 }
475
476 for (i=0; i < num_prefixes; i++) {
477 pm.ctr.dsdb.mappings[i].id_prefix = prefixes[i].id>>16;
478 pm.ctr.dsdb.mappings[i].oid.oid = talloc_strdup(pm.ctr.dsdb.mappings, prefixes[i].oid);
479 }
480
481 ndr_err = ndr_push_struct_blob(&ndr_blob, ldb,
482 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
483 &pm,
484 (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
485 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
486 return WERR_FOOBAR;
487 }
488
489 el.num_values = 1;
490 el.values = &ndr_blob;
491 el.flags = LDB_FLAG_MOD_REPLACE;
492 el.name = talloc_strdup(mem_ctx, "prefixMap");
493
494 msg.dn = ldb_dn_copy(mem_ctx, schema_dn);
495 msg.num_elements = 1;
496 msg.elements = ⪙
497
498 ret = ldb_modify( ldb, &msg );
499 if (ret != 0) {
500 DEBUG(0,("dsdb_write_prefixes_to_ldb: ldb_modify failed\n"));
501 return WERR_FOOBAR;
502 }
503
504 return WERR_OK;
505 }
506
507 WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint32_t* num_prefixes, struct dsdb_schema_oid_prefix **prefixes)
/* [<][>][^][v][top][bottom][index][help] */
508 {
509 struct prefixMapBlob *blob;
510 enum ndr_err_code ndr_err;
511 uint32_t i;
512 const struct ldb_val *prefix_val;
513 struct ldb_dn *schema_dn;
514 struct ldb_result *schema_res;
515 int ret;
516 static const char *schema_attrs[] = {
517 "prefixMap",
518 NULL
519 };
520
521 schema_dn = samdb_schema_dn(ldb);
522 if (!schema_dn) {
523 DEBUG(0,("dsdb_read_prefixes_from_ldb: no schema dn present\n"));
524 return WERR_FOOBAR;
525 }
526
527 ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL);
528 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
529 DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefix map present\n"));
530 talloc_free(schema_res);
531 return WERR_FOOBAR;
532 } else if (ret != LDB_SUCCESS) {
533 DEBUG(0,("dsdb_read_prefixes_from_ldb: failed to search the schema head\n"));
534 talloc_free(schema_res);
535 return WERR_FOOBAR;
536 }
537
538 prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
539 if (!prefix_val) {
540 DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefixMap attribute found\n"));
541 talloc_free(schema_res);
542 return WERR_FOOBAR;
543 }
544
545 blob = talloc(mem_ctx, struct prefixMapBlob);
546 W_ERROR_HAVE_NO_MEMORY(blob);
547
548 ndr_err = ndr_pull_struct_blob(prefix_val, blob,
549 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
550 blob,
551 (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
552 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
553 DEBUG(0,("dsdb_read_prefixes_from_ldb: ndr_pull_struct_blob failed\n"));
554 talloc_free(blob);
555 talloc_free(schema_res);
556 return WERR_FOOBAR;
557 }
558
559 talloc_free(schema_res);
560
561 if (blob->version != PREFIX_MAP_VERSION_DSDB) {
562 DEBUG(0,("dsdb_read_prefixes_from_ldb: blob->version incorect\n"));
563 talloc_free(blob);
564 return WERR_FOOBAR;
565 }
566
567 *num_prefixes = blob->ctr.dsdb.num_mappings;
568 *prefixes = talloc_array(mem_ctx, struct dsdb_schema_oid_prefix, *num_prefixes);
569 if(!(*prefixes)) {
570 talloc_free(blob);
571 return WERR_NOMEM;
572 }
573 for (i=0; i < blob->ctr.dsdb.num_mappings; i++) {
574 char *oid;
575 (*prefixes)[i].id = blob->ctr.dsdb.mappings[i].id_prefix<<16;
576 oid = talloc_strdup(mem_ctx, blob->ctr.dsdb.mappings[i].oid.oid);
577 (*prefixes)[i].oid = talloc_asprintf_append(oid, ".");
578 (*prefixes)[i].oid_len = strlen(blob->ctr.dsdb.mappings[i].oid.oid);
579 }
580
581 talloc_free(blob);
582 return WERR_OK;
583 }
584
585 #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
586 (p)->elem = samdb_result_string(msg, attr, NULL);\
587 if (strict && (p)->elem == NULL) { \
588 d_printf("%s: %s == NULL\n", __location__, attr); \
589 return WERR_INVALID_PARAM; \
590 } \
591 talloc_steal(mem_ctx, (p)->elem); \
592 } while (0)
593
594 #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
595 int get_string_list_counter; \
596 struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
597 if (get_string_list_el == NULL) { \
598 if (strict) { \
599 d_printf("%s: %s == NULL\n", __location__, attr); \
600 return WERR_INVALID_PARAM; \
601 } else { \
602 (p)->elem = NULL; \
603 break; \
604 } \
605 } \
606 (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
607 for (get_string_list_counter=0; \
608 get_string_list_counter < get_string_list_el->num_values; \
609 get_string_list_counter++) { \
610 (p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
611 (const char *)get_string_list_el->values[get_string_list_counter].data, \
612 get_string_list_el->values[get_string_list_counter].length); \
613 if (!(p)->elem[get_string_list_counter]) { \
614 d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
615 return WERR_NOMEM; \
616 } \
617 (p)->elem[get_string_list_counter+1] = NULL; \
618 } \
619 talloc_steal(mem_ctx, (p)->elem); \
620 } while (0)
621
622 #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
623 const char *str; \
624 str = samdb_result_string(msg, attr, NULL);\
625 if (str == NULL) { \
626 if (strict) { \
627 d_printf("%s: %s == NULL\n", __location__, attr); \
628 return WERR_INVALID_PARAM; \
629 } else { \
630 (p)->elem = false; \
631 } \
632 } else if (strcasecmp("TRUE", str) == 0) { \
633 (p)->elem = true; \
634 } else if (strcasecmp("FALSE", str) == 0) { \
635 (p)->elem = false; \
636 } else { \
637 d_printf("%s: %s == %s\n", __location__, attr, str); \
638 return WERR_INVALID_PARAM; \
639 } \
640 } while (0)
641
642 #define GET_UINT32_LDB(msg, attr, p, elem) do { \
643 (p)->elem = samdb_result_uint(msg, attr, 0);\
644 } while (0)
645
646 #define GET_UINT32_PTR_LDB(msg, attr, p, elem) do { \
647 uint64_t _v = samdb_result_uint64(msg, attr, UINT64_MAX);\
648 if (_v == UINT64_MAX) { \
649 (p)->elem = NULL; \
650 } else if (_v > UINT32_MAX) { \
651 d_printf("%s: %s == 0x%llX\n", __location__, \
652 attr, (unsigned long long)_v); \
653 return WERR_INVALID_PARAM; \
654 } else { \
655 (p)->elem = talloc(mem_ctx, uint32_t); \
656 if (!(p)->elem) { \
657 d_printf("%s: talloc failed for %s\n", __location__, attr); \
658 return WERR_NOMEM; \
659 } \
660 *(p)->elem = (uint32_t)_v; \
661 } \
662 } while (0)
663
664 #define GET_GUID_LDB(msg, attr, p, elem) do { \
665 (p)->elem = samdb_result_guid(msg, attr);\
666 } while (0)
667
668 #define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
669 const struct ldb_val *_val;\
670 _val = ldb_msg_find_ldb_val(msg, attr);\
671 if (_val) {\
672 (p)->elem = *_val;\
673 talloc_steal(mem_ctx, (p)->elem.data);\
674 } else {\
675 ZERO_STRUCT((p)->elem);\
676 }\
677 } while (0)
678
679 WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
680 struct ldb_message *msg,
681 TALLOC_CTX *mem_ctx,
682 struct dsdb_attribute *attr)
683 {
684 WERROR status;
685
686 GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, false);
687 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
688 GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, true);
689 if (schema->num_prefixes == 0) {
690 /* set an invalid value */
691 attr->attributeID_id = 0xFFFFFFFF;
692 } else {
693 status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id);
694 if (!W_ERROR_IS_OK(status)) {
695 DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
696 __location__, attr->lDAPDisplayName, attr->attributeID_oid,
697 win_errstr(status)));
698 return status;
699 }
700 }
701 GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
702 GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
703
704 GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
705
706 GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
707 GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
708 GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
709 GET_UINT32_LDB(msg, "linkID", attr, linkID);
710
711 GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, true);
712 if (schema->num_prefixes == 0) {
713 /* set an invalid value */
714 attr->attributeSyntax_id = 0xFFFFFFFF;
715 } else {
716 status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id);
717 if (!W_ERROR_IS_OK(status)) {
718 DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
719 __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
720 win_errstr(status)));
721 return status;
722 }
723 }
724 GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
725 GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass);
726
727 GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
728 GET_UINT32_PTR_LDB(msg, "rangeLower", attr, rangeLower);
729 GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, rangeUpper);
730 GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
731
732 GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
733 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
734
735 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
736 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
737 GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, false);
738 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, false);
739 GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false);
740 GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false);
741 GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false);
742
743 attr->syntax = dsdb_syntax_for_attribute(attr);
744 if (!attr->syntax) {
745 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
746 }
747
748 return WERR_OK;
749 }
750
751 WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
752 struct ldb_message *msg,
753 TALLOC_CTX *mem_ctx,
754 struct dsdb_class *obj)
755 {
756 WERROR status;
757
758 GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, false);
759 GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
760 GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, true);
761 if (schema->num_prefixes == 0) {
762 /* set an invalid value */
763 obj->governsID_id = 0xFFFFFFFF;
764 } else {
765 status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id);
766 if (!W_ERROR_IS_OK(status)) {
767 DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
768 __location__, obj->lDAPDisplayName, obj->governsID_oid,
769 win_errstr(status)));
770 return status;
771 }
772 }
773 GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
774
775 GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
776 GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, false);
777 GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
778
779 GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, true);
780
781 GET_STRING_LIST_LDB(msg, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass, false);
782 GET_STRING_LIST_LDB(msg, "auxiliaryClass", mem_ctx, obj, auxiliaryClass, false);
783
784 GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, false);
785 GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, false);
786 GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, false);
787 GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, false);
788
789 GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
790 GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, false);
791 GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
792
793 GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
794
795 GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
796 GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
797
798 GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
799 GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
800 GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, false);
801 GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, false);
802 GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false);
803 GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false);
804 GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false);
805
806 return WERR_OK;
807 }
808
809 #define dsdb_oom(error_string, mem_ctx) *error_string = talloc_asprintf(mem_ctx, "dsdb out of memory at %s:%d\n", __FILE__, __LINE__)
810
811 int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
/* [<][>][^][v][top][bottom][index][help] */
812 struct smb_iconv_convenience *iconv_convenience,
813 struct ldb_result *schema_res,
814 struct ldb_result *attrs_res, struct ldb_result *objectclass_res,
815 struct dsdb_schema **schema_out,
816 char **error_string)
817 {
818 WERROR status;
819 uint32_t i;
820 const struct ldb_val *prefix_val;
821 const struct ldb_val *info_val;
822 struct ldb_val info_val_default;
823 struct dsdb_schema *schema;
824
825 schema = dsdb_new_schema(mem_ctx, iconv_convenience);
826 if (!schema) {
827 dsdb_oom(error_string, mem_ctx);
828 return LDB_ERR_OPERATIONS_ERROR;
829 }
830
831 prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
832 if (!prefix_val) {
833 *error_string = talloc_asprintf(mem_ctx,
834 "schema_fsmo_init: no prefixMap attribute found");
835 return LDB_ERR_CONSTRAINT_VIOLATION;
836 }
837 info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo");
838 if (!info_val) {
839 info_val_default = strhex_to_data_blob(mem_ctx, "FF0000000000000000000000000000000000000000");
840 if (!info_val_default.data) {
841 dsdb_oom(error_string, mem_ctx);
842 return LDB_ERR_OPERATIONS_ERROR;
843 }
844 info_val = &info_val_default;
845 }
846
847 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
848 if (!W_ERROR_IS_OK(status)) {
849 *error_string = talloc_asprintf(mem_ctx,
850 "schema_fsmo_init: failed to load oid mappings: %s",
851 win_errstr(status));
852 return LDB_ERR_CONSTRAINT_VIOLATION;
853 }
854
855 for (i=0; i < attrs_res->count; i++) {
856 struct dsdb_attribute *sa;
857
858 sa = talloc_zero(schema, struct dsdb_attribute);
859 if (!sa) {
860 dsdb_oom(error_string, mem_ctx);
861 return LDB_ERR_OPERATIONS_ERROR;
862 }
863
864 status = dsdb_attribute_from_ldb(schema, attrs_res->msgs[i], sa, sa);
865 if (!W_ERROR_IS_OK(status)) {
866 *error_string = talloc_asprintf(mem_ctx,
867 "schema_fsmo_init: failed to load attribute definition: %s:%s",
868 ldb_dn_get_linearized(attrs_res->msgs[i]->dn),
869 win_errstr(status));
870 return LDB_ERR_CONSTRAINT_VIOLATION;
871 }
872
873 DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *);
874 }
875
876 for (i=0; i < objectclass_res->count; i++) {
877 struct dsdb_class *sc;
878
879 sc = talloc_zero(schema, struct dsdb_class);
880 if (!sc) {
881 dsdb_oom(error_string, mem_ctx);
882 return LDB_ERR_OPERATIONS_ERROR;
883 }
884
885 status = dsdb_class_from_ldb(schema, objectclass_res->msgs[i], sc, sc);
886 if (!W_ERROR_IS_OK(status)) {
887 *error_string = talloc_asprintf(mem_ctx,
888 "schema_fsmo_init: failed to load class definition: %s:%s",
889 ldb_dn_get_linearized(objectclass_res->msgs[i]->dn),
890 win_errstr(status));
891 return LDB_ERR_CONSTRAINT_VIOLATION;
892 }
893
894 DLIST_ADD_END(schema->classes, sc, struct dsdb_class *);
895 }
896
897 schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(ldb, schema, schema_res->msgs[0], "fSMORoleOwner");
898 if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), schema->fsmo.master_dn) == 0) {
899 schema->fsmo.we_are_master = true;
900 } else {
901 schema->fsmo.we_are_master = false;
902 }
903
904 DEBUG(5, ("schema_fsmo_init: we are master: %s\n",
905 (schema->fsmo.we_are_master?"yes":"no")));
906
907 *schema_out = schema;
908 return LDB_SUCCESS;
909 }
910
911 /* This recursive load of the objectClasses presumes that they
912 * everything is in a strict subClassOf hirarchy.
913 *
914 * We load this in order so we produce certain outputs (such as the
915 * exported schema for openldap, and sorted objectClass attribute) 'in
916 * order' */
917
918 static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn,
/* [<][>][^][v][top][bottom][index][help] */
919 TALLOC_CTX *mem_ctx,
920 struct ldb_result *search_from,
921 struct ldb_result *res_list)
922 {
923 int i;
924 int ret = 0;
925 for (i=0; i < search_from->count; i++) {
926 struct ldb_result *res;
927 const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i],
928 "lDAPDisplayname", NULL);
929
930 ret = ldb_search(ldb, mem_ctx, &res,
931 schemadn, LDB_SCOPE_SUBTREE, NULL,
932 "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))",
933 name, name);
934 if (ret != LDB_SUCCESS) {
935 return ret;
936 }
937
938 res_list->msgs = talloc_realloc(res_list, res_list->msgs,
939 struct ldb_message *, res_list->count + 2);
940 if (!res_list->msgs) {
941 return LDB_ERR_OPERATIONS_ERROR;
942 }
943 res_list->msgs[res_list->count] = talloc_move(res_list,
944 &search_from->msgs[i]);
945 res_list->count++;
946 res_list->msgs[res_list->count] = NULL;
947
948 if (res->count > 0) {
949 ret = fetch_oc_recursive(ldb, schemadn, mem_ctx, res, res_list);
950 }
951 if (ret != LDB_SUCCESS) {
952 return ret;
953 }
954 }
955 return ret;
956 }
957
958 static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn,
/* [<][>][^][v][top][bottom][index][help] */
959 TALLOC_CTX *mem_ctx,
960 struct ldb_result **objectclasses_res,
961 char **error_string)
962 {
963 TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
964 struct ldb_result *top_res, *ret_res;
965 int ret;
966 if (!local_ctx) {
967 return LDB_ERR_OPERATIONS_ERROR;
968 }
969
970 /* Download 'top' */
971 ret = ldb_search(ldb, local_ctx, &top_res,
972 schemadn, LDB_SCOPE_SUBTREE, NULL,
973 "(&(objectClass=classSchema)(lDAPDisplayName=top))");
974 if (ret != LDB_SUCCESS) {
975 *error_string = talloc_asprintf(mem_ctx,
976 "dsdb_schema: failed to search for top classSchema object: %s",
977 ldb_errstring(ldb));
978 return ret;
979 }
980
981 if (top_res->count != 1) {
982 *error_string = talloc_asprintf(mem_ctx,
983 "dsdb_schema: failed to find top classSchema object");
984 return LDB_ERR_NO_SUCH_OBJECT;
985 }
986
987 ret_res = talloc_zero(local_ctx, struct ldb_result);
988 if (!ret_res) {
989 return LDB_ERR_OPERATIONS_ERROR;
990 }
991
992 ret = fetch_oc_recursive(ldb, schemadn, local_ctx, top_res, ret_res);
993
994 if (ret != LDB_SUCCESS) {
995 return ret;
996 }
997
998 *objectclasses_res = talloc_move(mem_ctx, &ret_res);
999 return ret;
1000 }
1001
1002 int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
/* [<][>][^][v][top][bottom][index][help] */
1003 struct smb_iconv_convenience *iconv_convenience,
1004 struct ldb_dn *schema_dn,
1005 struct dsdb_schema **schema,
1006 char **error_string_out)
1007 {
1008 TALLOC_CTX *tmp_ctx;
1009 char *error_string;
1010 int ret;
1011
1012 struct ldb_result *schema_res;
1013 struct ldb_result *a_res;
1014 struct ldb_result *c_res;
1015 static const char *schema_attrs[] = {
1016 "prefixMap",
1017 "schemaInfo",
1018 "fSMORoleOwner",
1019 NULL
1020 };
1021
1022 tmp_ctx = talloc_new(mem_ctx);
1023 if (!tmp_ctx) {
1024 dsdb_oom(error_string_out, mem_ctx);
1025 return LDB_ERR_OPERATIONS_ERROR;
1026 }
1027
1028 /*
1029 * setup the prefix mappings and schema info
1030 */
1031 ret = ldb_search(ldb, tmp_ctx, &schema_res,
1032 schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL);
1033 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1034 talloc_free(tmp_ctx);
1035 return ret;
1036 } else if (ret != LDB_SUCCESS) {
1037 *error_string_out = talloc_asprintf(mem_ctx,
1038 "dsdb_schema: failed to search the schema head: %s",
1039 ldb_errstring(ldb));
1040 talloc_free(tmp_ctx);
1041 return ret;
1042 }
1043 if (schema_res->count != 1) {
1044 *error_string_out = talloc_asprintf(mem_ctx,
1045 "dsdb_schema: [%u] schema heads found on a base search",
1046 schema_res->count);
1047 talloc_free(tmp_ctx);
1048 return LDB_ERR_CONSTRAINT_VIOLATION;
1049 }
1050
1051 /*
1052 * load the attribute definitions
1053 */
1054 ret = ldb_search(ldb, tmp_ctx, &a_res,
1055 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
1056 "(objectClass=attributeSchema)");
1057 if (ret != LDB_SUCCESS) {
1058 *error_string_out = talloc_asprintf(mem_ctx,
1059 "dsdb_schema: failed to search attributeSchema objects: %s",
1060 ldb_errstring(ldb));
1061 talloc_free(tmp_ctx);
1062 return ret;
1063 }
1064
1065 /*
1066 * load the objectClass definitions
1067 */
1068 ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res, &error_string);
1069 if (ret != LDB_SUCCESS) {
1070 *error_string_out = talloc_asprintf(mem_ctx,
1071 "Failed to fetch objectClass schema elements: %s", error_string);
1072 talloc_free(tmp_ctx);
1073 return ret;
1074 }
1075
1076 ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb,
1077 lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
1078 schema_res, a_res, c_res, schema, &error_string);
1079 if (ret != LDB_SUCCESS) {
1080 *error_string_out = talloc_asprintf(mem_ctx,
1081 "dsdb_schema load failed: %s",
1082 error_string);
1083 talloc_free(tmp_ctx);
1084 return ret;
1085 }
1086 talloc_steal(mem_ctx, *schema);
1087 talloc_free(tmp_ctx);
1088
1089 return LDB_SUCCESS;
1090 }
1091
1092
1093 static const struct {
1094 const char *name;
1095 const char *oid;
1096 } name_mappings[] = {
1097 { "cn", "2.5.4.3" },
1098 { "name", "1.2.840.113556.1.4.1" },
1099 { "lDAPDisplayName", "1.2.840.113556.1.2.460" },
1100 { "attributeID", "1.2.840.113556.1.2.30" },
1101 { "schemaIDGUID", "1.2.840.113556.1.4.148" },
1102 { "mAPIID", "1.2.840.113556.1.2.49" },
1103 { "attributeSecurityGUID", "1.2.840.113556.1.4.149" },
1104 { "searchFlags", "1.2.840.113556.1.2.334" },
1105 { "systemFlags", "1.2.840.113556.1.4.375" },
1106 { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" },
1107 { "linkID", "1.2.840.113556.1.2.50" },
1108 { "attributeSyntax", "1.2.840.113556.1.2.32" },
1109 { "oMSyntax", "1.2.840.113556.1.2.231" },
1110 { "oMObjectClass", "1.2.840.113556.1.2.218" },
1111 { "isSingleValued", "1.2.840.113556.1.2.33" },
1112 { "rangeLower", "1.2.840.113556.1.2.34" },
1113 { "rangeUpper", "1.2.840.113556.1.2.35" },
1114 { "extendedCharsAllowed", "1.2.840.113556.1.2.380" },
1115 { "schemaFlagsEx", "1.2.840.113556.1.4.120" },
1116 { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" },
1117 { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" },
1118 { "adminDisplayName", "1.2.840.113556.1.2.194" },
1119 { "adminDescription", "1.2.840.113556.1.2.226" },
1120 { "classDisplayName", "1.2.840.113556.1.4.610" },
1121 { "isEphemeral", "1.2.840.113556.1.4.1212" },
1122 { "isDefunct", "1.2.840.113556.1.4.661" },
1123 { "systemOnly", "1.2.840.113556.1.4.170" },
1124 { "governsID", "1.2.840.113556.1.2.22" },
1125 { "objectClassCategory", "1.2.840.113556.1.2.370" },
1126 { "rDNAttID", "1.2.840.113556.1.2.26" },
1127 { "defaultObjectCategory", "1.2.840.113556.1.4.783" },
1128 { "subClassOf", "1.2.840.113556.1.2.21" },
1129 { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" },
1130 { "systemPossSuperiors", "1.2.840.113556.1.4.195" },
1131 { "systemMustContain", "1.2.840.113556.1.4.197" },
1132 { "systemMayContain", "1.2.840.113556.1.4.196" },
1133 { "auxiliaryClass", "1.2.840.113556.1.2.351" },
1134 { "possSuperiors", "1.2.840.113556.1.2.8" },
1135 { "mustContain", "1.2.840.113556.1.2.24" },
1136 { "mayContain", "1.2.840.113556.1.2.25" },
1137 { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
1138 { "defaultHidingValue", "1.2.840.113556.1.4.518" },
1139 };
1140
1141 static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
1142 struct drsuapi_DsReplicaObject *obj,
1143 const char *name,
1144 uint32_t *idx)
1145 {
1146 WERROR status;
1147 uint32_t i, id;
1148 const char *oid = NULL;
1149
1150 for(i=0; i < ARRAY_SIZE(name_mappings); i++) {
1151 if (strcmp(name_mappings[i].name, name) != 0) continue;
1152
1153 oid = name_mappings[i].oid;
1154 break;
1155 }
1156
1157 if (!oid) {
1158 return NULL;
1159 }
1160
1161 status = dsdb_map_oid2int(schema, oid, &id);
1162 if (!W_ERROR_IS_OK(status)) {
1163 return NULL;
1164 }
1165
1166 for (i=0; i < obj->attribute_ctr.num_attributes; i++) {
1167 if (obj->attribute_ctr.attributes[i].attid != id) continue;
1168
1169 if (idx) *idx = i;
1170 return &obj->attribute_ctr.attributes[i];
1171 }
1172
1173 return NULL;
1174 }
1175
1176 #define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
1177 struct drsuapi_DsReplicaAttribute *_a; \
1178 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1179 if (strict && !_a) { \
1180 d_printf("%s: %s == NULL\n", __location__, attr); \
1181 return WERR_INVALID_PARAM; \
1182 } \
1183 if (strict && _a->value_ctr.num_values != 1) { \
1184 d_printf("%s: %s num_values == %u\n", __location__, attr, \
1185 _a->value_ctr.num_values); \
1186 return WERR_INVALID_PARAM; \
1187 } \
1188 if (_a && _a->value_ctr.num_values >= 1) { \
1189 size_t _ret; \
1190 if (!convert_string_talloc_convenience(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \
1191 _a->value_ctr.values[0].blob->data, \
1192 _a->value_ctr.values[0].blob->length, \
1193 (void **)discard_const(&(p)->elem), &_ret, false)) { \
1194 DEBUG(0,("%s: invalid data!\n", attr)); \
1195 dump_data(0, \
1196 _a->value_ctr.values[0].blob->data, \
1197 _a->value_ctr.values[0].blob->length); \
1198 return WERR_FOOBAR; \
1199 } \
1200 } else { \
1201 (p)->elem = NULL; \
1202 } \
1203 } while (0)
1204
1205 #define GET_STRING_LIST_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
1206 int get_string_list_counter; \
1207 struct drsuapi_DsReplicaAttribute *_a; \
1208 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1209 if (strict && !_a) { \
1210 d_printf("%s: %s == NULL\n", __location__, attr); \
1211 return WERR_INVALID_PARAM; \
1212 } \
1213 (p)->elem = _a ? talloc_array(mem_ctx, const char *, _a->value_ctr.num_values + 1) : NULL; \
1214 for (get_string_list_counter=0; \
1215 _a && get_string_list_counter < _a->value_ctr.num_values; \
1216 get_string_list_counter++) { \
1217 size_t _ret; \
1218 if (!convert_string_talloc_convenience(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \
1219 _a->value_ctr.values[get_string_list_counter].blob->data, \
1220 _a->value_ctr.values[get_string_list_counter].blob->length, \
1221 (void **)discard_const(&(p)->elem[get_string_list_counter]), &_ret, false)) { \
1222 DEBUG(0,("%s: invalid data!\n", attr)); \
1223 dump_data(0, \
1224 _a->value_ctr.values[get_string_list_counter].blob->data, \
1225 _a->value_ctr.values[get_string_list_counter].blob->length); \
1226 return WERR_FOOBAR; \
1227 } \
1228 (p)->elem[get_string_list_counter+1] = NULL; \
1229 } \
1230 talloc_steal(mem_ctx, (p)->elem); \
1231 } while (0)
1232
1233 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
1234 struct drsuapi_DsReplicaAttribute *_a; \
1235 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1236 if (strict && !_a) { \
1237 d_printf("%s: %s == NULL\n", __location__, attr); \
1238 return WERR_INVALID_PARAM; \
1239 } \
1240 if (strict && _a->value_ctr.num_values != 1) { \
1241 d_printf("%s: %s num_values == %u\n", __location__, attr, \
1242 _a->value_ctr.num_values); \
1243 return WERR_INVALID_PARAM; \
1244 } \
1245 if (strict && !_a->value_ctr.values[0].blob) { \
1246 d_printf("%s: %s data == NULL\n", __location__, attr); \
1247 return WERR_INVALID_PARAM; \
1248 } \
1249 if (_a && _a->value_ctr.num_values >= 1 \
1250 && _a->value_ctr.values[0].blob) { \
1251 struct drsuapi_DsReplicaObjectIdentifier3 _id3; \
1252 enum ndr_err_code _ndr_err; \
1253 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
1254 mem_ctx, s->iconv_convenience, &_id3,\
1255 (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\
1256 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
1257 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
1258 return ntstatus_to_werror(_nt_status); \
1259 } \
1260 (p)->elem = _id3.dn; \
1261 } else { \
1262 (p)->elem = NULL; \
1263 } \
1264 } while (0)
1265
1266 #define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \
1267 struct drsuapi_DsReplicaAttribute *_a; \
1268 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1269 if (strict && !_a) { \
1270 d_printf("%s: %s == NULL\n", __location__, attr); \
1271 return WERR_INVALID_PARAM; \
1272 } \
1273 if (strict && _a->value_ctr.num_values != 1) { \
1274 d_printf("%s: %s num_values == %u\n", __location__, attr, \
1275 (unsigned int)_a->value_ctr.num_values); \
1276 return WERR_INVALID_PARAM; \
1277 } \
1278 if (strict && !_a->value_ctr.values[0].blob) { \
1279 d_printf("%s: %s data == NULL\n", __location__, attr); \
1280 return WERR_INVALID_PARAM; \
1281 } \
1282 if (strict && _a->value_ctr.values[0].blob->length != 4) { \
1283 d_printf("%s: %s length == %u\n", __location__, attr, \
1284 (unsigned int)_a->value_ctr.values[0].blob->length); \
1285 return WERR_INVALID_PARAM; \
1286 } \
1287 if (_a && _a->value_ctr.num_values >= 1 \
1288 && _a->value_ctr.values[0].blob \
1289 && _a->value_ctr.values[0].blob->length == 4) { \
1290 (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?true:false);\
1291 } else { \
1292 (p)->elem = false; \
1293 } \
1294 } while (0)
1295
1296 #define GET_UINT32_DS(s, r, attr, p, elem) do { \
1297 struct drsuapi_DsReplicaAttribute *_a; \
1298 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1299 if (_a && _a->value_ctr.num_values >= 1 \
1300 && _a->value_ctr.values[0].blob \
1301 && _a->value_ctr.values[0].blob->length == 4) { \
1302 (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
1303 } else { \
1304 (p)->elem = 0; \
1305 } \
1306 } while (0)
1307
1308 #define GET_UINT32_PTR_DS(s, r, attr, p, elem) do { \
1309 struct drsuapi_DsReplicaAttribute *_a; \
1310 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1311 if (_a && _a->value_ctr.num_values >= 1 \
1312 && _a->value_ctr.values[0].blob \
1313 && _a->value_ctr.values[0].blob->length == 4) { \
1314 (p)->elem = talloc(mem_ctx, uint32_t); \
1315 if (!(p)->elem) { \
1316 d_printf("%s: talloc failed for %s\n", __location__, attr); \
1317 return WERR_NOMEM; \
1318 } \
1319 *(p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
1320 } else { \
1321 (p)->elem = NULL; \
1322 } \
1323 } while (0)
1324
1325 #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \
1326 struct drsuapi_DsReplicaAttribute *_a; \
1327 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1328 if (_a && _a->value_ctr.num_values >= 1 \
1329 && _a->value_ctr.values[0].blob \
1330 && _a->value_ctr.values[0].blob->length == 16) { \
1331 enum ndr_err_code _ndr_err; \
1332 _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \
1333 mem_ctx, s->iconv_convenience, &(p)->elem, \
1334 (ndr_pull_flags_fn_t)ndr_pull_GUID); \
1335 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
1336 NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \
1337 return ntstatus_to_werror(_nt_status); \
1338 } \
1339 } else { \
1340 ZERO_STRUCT((p)->elem);\
1341 } \
1342 } while (0)
1343
1344 #define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \
1345 struct drsuapi_DsReplicaAttribute *_a; \
1346 _a = dsdb_find_object_attr_name(s, r, attr, NULL); \
1347 if (_a && _a->value_ctr.num_values >= 1 \
1348 && _a->value_ctr.values[0].blob) { \
1349 (p)->elem = *_a->value_ctr.values[0].blob;\
1350 talloc_steal(mem_ctx, (p)->elem.data); \
1351 } else { \
1352 ZERO_STRUCT((p)->elem);\
1353 }\
1354 } while (0)
1355
1356 WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
1357 struct drsuapi_DsReplicaObject *r,
1358 TALLOC_CTX *mem_ctx,
1359 struct dsdb_attribute *attr)
1360 {
1361 WERROR status;
1362
1363 GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true);
1364 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
1365 GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
1366 status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid);
1367 if (!W_ERROR_IS_OK(status)) {
1368 DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n",
1369 __location__, attr->lDAPDisplayName, attr->attributeID_id,
1370 win_errstr(status)));
1371 return status;
1372 }
1373 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
1374 GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
1375
1376 GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
1377
1378 GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
1379 GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
1380 GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
1381 GET_UINT32_DS(schema, r, "linkID", attr, linkID);
1382
1383 GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
1384 status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid);
1385 if (!W_ERROR_IS_OK(status)) {
1386 DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n",
1387 __location__, attr->lDAPDisplayName, attr->attributeSyntax_id,
1388 win_errstr(status)));
1389 return status;
1390 }
1391 GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
1392 GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
1393
1394 GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
1395 GET_UINT32_PTR_DS(schema, r, "rangeLower", attr, rangeLower);
1396 GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper);
1397 GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
1398
1399 GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
1400 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
1401
1402 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
1403 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, false);
1404 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, false);
1405 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, false);
1406 GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, false);
1407 GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, false);
1408 GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, false);
1409
1410 attr->syntax = dsdb_syntax_for_attribute(attr);
1411 if (!attr->syntax) {
1412 return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
1413 }
1414
1415 return WERR_OK;
1416 }
1417
1418 WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
/* [<][>][^][v][top][bottom][index][help] */
1419 struct drsuapi_DsReplicaObject *r,
1420 TALLOC_CTX *mem_ctx,
1421 struct dsdb_class *obj)
1422 {
1423 WERROR status;
1424
1425 GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true);
1426 GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
1427 GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
1428 status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid);
1429 if (!W_ERROR_IS_OK(status)) {
1430 DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n",
1431 __location__, obj->lDAPDisplayName, obj->governsID_id,
1432 win_errstr(status)));
1433 return status;
1434 }
1435 GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID);
1436
1437 GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
1438 GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false);
1439 GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true);
1440
1441 GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true);
1442
1443
1444 GET_STRING_LIST_DS(schema, r, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass, false);
1445 GET_STRING_LIST_DS(schema, r, "auxiliaryClass", mem_ctx, obj, auxiliaryClass, false);
1446
1447 GET_STRING_LIST_DS(schema, r, "systemMustContain", mem_ctx, obj, systemMustContain, false);
1448 GET_STRING_LIST_DS(schema, r, "systemMayContain", mem_ctx, obj, systemMayContain, false);
1449 GET_STRING_LIST_DS(schema, r, "mustContain", mem_ctx, obj, mustContain, false);
1450 GET_STRING_LIST_DS(schema, r, "mayContain", mem_ctx, obj, mayContain, false);
1451
1452 GET_STRING_LIST_DS(schema, r, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
1453 GET_STRING_LIST_DS(schema, r, "possSuperiors", mem_ctx, obj, possSuperiors, false);
1454 GET_STRING_LIST_DS(schema, r, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
1455
1456 GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
1457
1458 GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
1459 GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
1460
1461 GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
1462 GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, false);
1463 GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, false);
1464 GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, false);
1465 GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, false);
1466 GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, false);
1467 GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, false);
1468
1469 return WERR_OK;
1470 }
1471