X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source4%2Fdsdb%2Fschema%2Fschema_init.c;h=a4c29f1aa54f050166d9fd343738647c16f4cd7c;hb=e7e9f1e2dd279beaaf9d94b39378d24548a531cd;hp=a67aecd1e866289cf6e119eb8e74e3524ef9ab1e;hpb=52542e1affbaad3a29d913ced06f6c5ae0d7b4ad;p=samba.git diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index a67aecd1e86..a4c29f1aa54 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -22,121 +22,202 @@ #include "includes.h" #include "dsdb/samdb/samdb.h" -#include "lib/ldb/include/ldb_errors.h" +#include "dsdb/common/util.h" +#include #include "../lib/util/dlinklist.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "param/param.h" +#include +#include "../lib/util/asn1.h" -struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience) + +struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx) { struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema); if (!schema) { return NULL; } - schema->iconv_convenience = iconv_convenience; return schema; } - -WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr) +struct dsdb_schema *dsdb_schema_copy_shallow(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, + const struct dsdb_schema *schema) { - uint32_t i,j; + int ret; + struct dsdb_class *cls; + struct dsdb_attribute *attr; + struct dsdb_schema *schema_copy; + + schema_copy = dsdb_new_schema(mem_ctx); + if (!schema_copy) { + return NULL; + } - schema->prefixes = talloc_array(schema, struct dsdb_schema_oid_prefix, ctr->num_mappings); - W_ERROR_HAVE_NO_MEMORY(schema->prefixes); + /* schema base_dn */ + schema_copy->base_dn = ldb_dn_copy(schema_copy, schema->base_dn); + if (!schema_copy->base_dn) { + goto failed; + } - for (i=0, j=0; i < ctr->num_mappings; i++) { - if (ctr->mappings[i].oid.oid == NULL) { - return WERR_INVALID_PARAM; + /* copy prexiMap & schemaInfo */ + schema_copy->prefixmap = dsdb_schema_pfm_copy_shallow(schema_copy, + schema->prefixmap); + if (!schema_copy->prefixmap) { + goto failed; + } + + schema_copy->schema_info = talloc_strdup(schema_copy, schema->schema_info); + + /* copy classes and attributes*/ + for (cls = schema->classes; cls; cls = cls->next) { + struct dsdb_class *class_copy = talloc_memdup(schema_copy, + cls, sizeof(*cls)); + if (!class_copy) { + goto failed; } + DLIST_ADD(schema_copy->classes, class_copy); + } + schema_copy->num_classes = schema->num_classes; - if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) { - if (ctr->mappings[i].id_prefix != 0) { - return WERR_INVALID_PARAM; - } - - /* the magic value should be in the last array member */ - if (i != (ctr->num_mappings - 1)) { - return WERR_INVALID_PARAM; - } - - if (ctr->mappings[i].oid.__ndr_size != 21) { - return WERR_INVALID_PARAM; - } - - schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid); - W_ERROR_HAVE_NO_MEMORY(schema->schema_info); - } else { - /* the last array member should contain the magic value not a oid */ - if (i == (ctr->num_mappings - 1)) { - return WERR_INVALID_PARAM; - } - - schema->prefixes[j].id = ctr->mappings[i].id_prefix<<16; - schema->prefixes[j].oid = talloc_asprintf(schema->prefixes, "%s.", - ctr->mappings[i].oid.oid); - W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid); - schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid); - j++; + for (attr = schema->attributes; attr; attr = attr->next) { + struct dsdb_attribute *a_copy = talloc_memdup(schema_copy, + attr, sizeof(*attr)); + if (!a_copy) { + goto failed; } + DLIST_ADD(schema_copy->attributes, a_copy); } + schema_copy->num_attributes = schema->num_attributes; + + /* rebuild indexes */ + ret = dsdb_setup_sorted_accessors(ldb, schema_copy); + if (ret != LDB_SUCCESS) { + goto failed; + } + + /* leave reload_seq_number = 0 so it will be refresh ASAP */ + schema_copy->refresh_fn = schema->refresh_fn; + schema_copy->loaded_from_module = schema->loaded_from_module; + + return schema_copy; + +failed: + talloc_free(schema_copy); + return NULL; +} + + +WERROR dsdb_load_prefixmap_from_drsuapi(struct dsdb_schema *schema, + const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr) +{ + WERROR werr; + const char *schema_info; + struct dsdb_schema_prefixmap *pfm; + + werr = dsdb_schema_pfm_from_drsuapi_pfm(ctr, true, schema, &pfm, &schema_info); + W_ERROR_NOT_OK_RETURN(werr); + + /* set loaded prefixMap */ + talloc_free(schema->prefixmap); + schema->prefixmap = pfm; + + talloc_free(discard_const(schema->schema_info)); + schema->schema_info = schema_info; - schema->num_prefixes = j; return WERR_OK; } -WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema, - const struct ldb_val *prefixMap, - const struct ldb_val *schemaInfo) +static WERROR _dsdb_prefixmap_from_ldb_val(const struct ldb_val *pfm_ldb_val, + TALLOC_CTX *mem_ctx, + struct dsdb_schema_prefixmap **_pfm) { - WERROR status; + WERROR werr; enum ndr_err_code ndr_err; - struct prefixMapBlob pfm; - char *schema_info; + struct prefixMapBlob pfm_blob; - TALLOC_CTX *mem_ctx = talloc_new(schema); - W_ERROR_HAVE_NO_MEMORY(mem_ctx); - - ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); + TALLOC_CTX *temp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(temp_ctx); + + ndr_err = ndr_pull_struct_blob(pfm_ldb_val, temp_ctx, + &pfm_blob, + (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); - talloc_free(mem_ctx); + DEBUG(0,("_dsdb_prefixmap_from_ldb_val: Failed to parse prefixmap of length %u: %s\n", + (unsigned int)pfm_ldb_val->length, ndr_map_error2string(ndr_err))); + talloc_free(temp_ctx); return ntstatus_to_werror(nt_status); } - if (pfm.version != PREFIX_MAP_VERSION_DSDB) { - talloc_free(mem_ctx); - return WERR_FOOBAR; + if (pfm_blob.version != PREFIX_MAP_VERSION_DSDB) { + DEBUG(0,("_dsdb_prefixmap_from_ldb_val: pfm_blob->version %u incorrect\n", (unsigned int)pfm_blob.version)); + talloc_free(temp_ctx); + return WERR_VERSION_PARSE_ERROR; + } + + /* call the drsuapi version */ + werr = dsdb_schema_pfm_from_drsuapi_pfm(&pfm_blob.ctr.dsdb, false, mem_ctx, _pfm, NULL); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0, (__location__ " dsdb_schema_pfm_from_drsuapi_pfm failed: %s\n", win_errstr(werr))); + talloc_free(temp_ctx); + return werr; + } + + talloc_free(temp_ctx); + + return werr; +} + +WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema, + const struct ldb_val *prefixMap, + const struct ldb_val *schemaInfo) +{ + WERROR werr; + const char *schema_info; + struct dsdb_schema_prefixmap *pfm; + TALLOC_CTX *mem_ctx; + + /* verify schemaInfo blob is valid one */ + if (!dsdb_schema_info_blob_is_valid(schemaInfo)) { + DEBUG(0,(__location__": dsdb_schema_info_blob_is_valid() failed.\n")); + return WERR_INVALID_PARAMETER; } - if (schemaInfo->length != 21 && schemaInfo->data[0] == 0xFF) { + mem_ctx = talloc_new(schema); + W_ERROR_HAVE_NO_MEMORY(mem_ctx); + + /* fetch prefixMap */ + werr = _dsdb_prefixmap_from_ldb_val(prefixMap, + mem_ctx, &pfm); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0, (__location__ " _dsdb_prefixmap_from_ldb_val failed: %s\n", win_errstr(werr))); talloc_free(mem_ctx); - return WERR_FOOBAR; + return werr; } - /* append the schema info as last element */ - pfm.ctr.dsdb.num_mappings++; - pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings, - struct drsuapi_DsReplicaOIDMapping, - pfm.ctr.dsdb.num_mappings); - W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings); + /* decode schema_info */ + schema_info = hex_encode_talloc(mem_ctx, + schemaInfo->data, + schemaInfo->length); + if (!schema_info) { + talloc_free(mem_ctx); + return WERR_NOMEM; + } - schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo); - W_ERROR_HAVE_NO_MEMORY(schema_info); + /* store prefixMap and schema_info into cached Schema */ + talloc_free(schema->prefixmap); + schema->prefixmap = talloc_steal(schema, pfm); - pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix = 0; - pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size = schemaInfo->length; - pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid = schema_info; + talloc_free(discard_const(schema->schema_info)); + schema->schema_info = talloc_steal(schema, schema_info); - /* call the drsuapi version */ - status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb); + /* clean up locally allocated mem */ talloc_free(mem_ctx); - W_ERROR_NOT_OK_RETURN(status); - return WERR_OK; } @@ -145,33 +226,27 @@ WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr) { - struct drsuapi_DsReplicaOIDMapping_Ctr *ctr; - uint32_t i; - - ctr = talloc(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr); - W_ERROR_HAVE_NO_MEMORY(ctr); - - ctr->num_mappings = schema->num_prefixes; - if (include_schema_info) ctr->num_mappings++; - ctr->mappings = talloc_array(schema, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings); - W_ERROR_HAVE_NO_MEMORY(ctr->mappings); - - for (i=0; i < schema->num_prefixes; i++) { - ctr->mappings[i].id_prefix = schema->prefixes[i].id>>16; - ctr->mappings[i].oid.oid = talloc_strndup(ctr->mappings, - schema->prefixes[i].oid, - schema->prefixes[i].oid_len - 1); - W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid); - } + return dsdb_drsuapi_pfm_from_schema_pfm(schema->prefixmap, + include_schema_info ? schema->schema_info : NULL, + mem_ctx, _ctr); +} - if (include_schema_info) { - ctr->mappings[i].id_prefix = 0; - ctr->mappings[i].oid.oid = talloc_strdup(ctr->mappings, - schema->schema_info); - W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid); - } +WERROR dsdb_get_drsuapi_prefixmap_as_blob(const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr, + TALLOC_CTX *mem_ctx, + struct ldb_val *prefixMap) +{ + struct prefixMapBlob pfm; + enum ndr_err_code ndr_err; + pfm.version = PREFIX_MAP_VERSION_DSDB; + pfm.reserved = 0; + pfm.ctr.dsdb = *ctr; - *_ctr = ctr; + ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, &pfm, + (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); + return ntstatus_to_werror(nt_status); + } return WERR_OK; } @@ -181,23 +256,14 @@ WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema, struct ldb_val *schemaInfo) { WERROR status; - enum ndr_err_code ndr_err; struct drsuapi_DsReplicaOIDMapping_Ctr *ctr; - struct prefixMapBlob pfm; status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr); W_ERROR_NOT_OK_RETURN(status); - pfm.version = PREFIX_MAP_VERSION_DSDB; - pfm.reserved = 0; - pfm.ctr.dsdb = *ctr; - - ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm, (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); + status = dsdb_get_drsuapi_prefixmap_as_blob(ctr, mem_ctx, prefixMap); talloc_free(ctr); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err); - return ntstatus_to_werror(nt_status); - } + W_ERROR_NOT_OK_RETURN(status); *schemaInfo = strhex_to_data_blob(mem_ctx, schema->schema_info); W_ERROR_HAVE_NO_MEMORY(schemaInfo->data); @@ -205,93 +271,6 @@ WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema, return WERR_OK; } -WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr) -{ - uint32_t i,j; - - for (i=0; i < ctr->num_mappings; i++) { - if (ctr->mappings[i].oid.oid == NULL) { - return WERR_INVALID_PARAM; - } - - if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) { - if (ctr->mappings[i].id_prefix != 0) { - return WERR_INVALID_PARAM; - } - - /* the magic value should be in the last array member */ - if (i != (ctr->num_mappings - 1)) { - return WERR_INVALID_PARAM; - } - - if (ctr->mappings[i].oid.__ndr_size != 21) { - return WERR_INVALID_PARAM; - } - - if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) { - return WERR_DS_DRA_SCHEMA_MISMATCH; - } - } else { - /* the last array member should contain the magic value not a oid */ - if (i == (ctr->num_mappings - 1)) { - return WERR_INVALID_PARAM; - } - - for (j=0; j < schema->num_prefixes; j++) { - size_t oid_len; - if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) { - continue; - } - - oid_len = strlen(ctr->mappings[i].oid.oid); - - if (oid_len != (schema->prefixes[j].oid_len - 1)) { - return WERR_DS_DRA_SCHEMA_MISMATCH; - } - - if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) { - return WERR_DS_DRA_SCHEMA_MISMATCH; - } - - break; - } - - if (j == schema->num_prefixes) { - return WERR_DS_DRA_SCHEMA_MISMATCH; - } - } - } - - return WERR_OK; -} - -WERROR dsdb_map_oid2int(const struct dsdb_schema *schema, const char *in, uint32_t *out) -{ - return dsdb_find_prefix_for_oid(schema->num_prefixes, schema->prefixes, in, out); -} - - -WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CTX *mem_ctx, const char **out) -{ - uint32_t i; - - for (i=0; i < schema->num_prefixes; i++) { - const char *val; - if (schema->prefixes[i].id != (in & 0xFFFF0000)) { - continue; - } - - val = talloc_asprintf(mem_ctx, "%s%u", - schema->prefixes[i].oid, - in & 0xFFFF); - W_ERROR_HAVE_NO_MEMORY(val); - - *out = val; - return WERR_OK; - } - - return WERR_DS_NO_MSDS_INTID; -} /* * this function is called from within a ldb transaction from the schema_fsmo module @@ -299,16 +278,15 @@ WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CT WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *schema, const char *full_oid) { WERROR status; - uint32_t num_prefixes; - struct dsdb_schema_oid_prefix *prefixes; + uint32_t attid; TALLOC_CTX *mem_ctx; - uint32_t out; + struct dsdb_schema_prefixmap *pfm; mem_ctx = talloc_new(ldb); W_ERROR_HAVE_NO_MEMORY(mem_ctx); /* Read prefixes from disk*/ - status = dsdb_read_prefixes_from_ldb( mem_ctx, ldb, &num_prefixes, &prefixes ); + status = dsdb_read_prefixes_from_ldb(ldb, mem_ctx, &pfm); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("dsdb_create_prefix_mapping: dsdb_read_prefixes_from_ldb: %s\n", win_errstr(status))); @@ -317,12 +295,12 @@ WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *s } /* Check if there is a prefix for the oid in the prefixes array*/ - status = dsdb_find_prefix_for_oid( num_prefixes, prefixes, full_oid, &out ); + status = dsdb_schema_pfm_find_oid(pfm, full_oid, NULL); if (W_ERROR_IS_OK(status)) { /* prefix found*/ talloc_free(mem_ctx); return status; - } else if (!W_ERROR_EQUAL(WERR_DS_NO_MSDS_INTID, status)) { + } else if (!W_ERROR_EQUAL(status, WERR_NOT_FOUND)) { /* error */ DEBUG(0,("dsdb_create_prefix_mapping: dsdb_find_prefix_for_oid: %s\n", win_errstr(status))); @@ -331,16 +309,19 @@ WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *s } /* Create the new mapping for the prefix of full_oid */ - status = dsdb_prefix_map_update(mem_ctx, &num_prefixes, &prefixes, full_oid); + status = dsdb_schema_pfm_make_attid(pfm, full_oid, &attid); if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("dsdb_create_prefix_mapping: dsdb_prefix_map_update: %s\n", + DEBUG(0,("dsdb_create_prefix_mapping: dsdb_schema_pfm_make_attid: %s\n", win_errstr(status))); talloc_free(mem_ctx); return status; } + talloc_unlink(schema, schema->prefixmap); + schema->prefixmap = talloc_steal(schema, pfm); + /* Update prefixMap in ldb*/ - status = dsdb_write_prefixes_to_ldb(mem_ctx, ldb, num_prefixes, prefixes); + status = dsdb_write_prefixes_from_schema_to_ldb(mem_ctx, ldb, schema); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("dsdb_create_prefix_mapping: dsdb_write_prefixes_to_ldb: %s\n", win_errstr(status))); @@ -348,188 +329,105 @@ WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *s return status; } + DEBUG(2,(__location__ " Added prefixMap %s - now have %u prefixes\n", + full_oid, schema->prefixmap->length)); + talloc_free(mem_ctx); return status; } -WERROR dsdb_prefix_map_update(TALLOC_CTX *mem_ctx, uint32_t *num_prefixes, struct dsdb_schema_oid_prefix **prefixes, const char *oid) -{ - uint32_t new_num_prefixes, index_new_prefix, new_entry_id; - const char* lastDotOffset; - size_t size; - - new_num_prefixes = *num_prefixes + 1; - index_new_prefix = *num_prefixes; - - /* - * this is the algorithm we use to create new mappings for now - * - * TODO: find what algorithm windows use - */ - new_entry_id = (*num_prefixes)<<16; - - /* Extract the prefix from the oid*/ - lastDotOffset = strrchr(oid, '.'); - if (lastDotOffset == NULL) { - DEBUG(0,("dsdb_prefix_map_update: failed to find the last dot\n")); - return WERR_NOT_FOUND; - } - /* Calculate the size of the remainig string that should be the prefix of it */ - size = strlen(oid) - strlen(lastDotOffset); - if (size <= 0) { - DEBUG(0,("dsdb_prefix_map_update: size of the remaining string invalid\n")); - return WERR_FOOBAR; - } - /* Add one because we need to copy the dot */ - size += 1; - - /* Create a spot in the prefixMap for one more prefix*/ - (*prefixes) = talloc_realloc(mem_ctx, *prefixes, struct dsdb_schema_oid_prefix, new_num_prefixes); - W_ERROR_HAVE_NO_MEMORY(*prefixes); - - /* Add the new prefix entry*/ - (*prefixes)[index_new_prefix].id = new_entry_id; - (*prefixes)[index_new_prefix].oid = talloc_strndup(mem_ctx, oid, size); - (*prefixes)[index_new_prefix].oid_len = strlen((*prefixes)[index_new_prefix].oid); - - /* Increase num_prefixes because new prefix has been added */ - ++(*num_prefixes); - - return WERR_OK; -} - -WERROR dsdb_find_prefix_for_oid(uint32_t num_prefixes, const struct dsdb_schema_oid_prefix *prefixes, const char *in, uint32_t *out) -{ - uint32_t i; - - for (i=0; i < num_prefixes; i++) { - const char *val_str; - char *end_str; - unsigned val; - - if (strncmp(prefixes[i].oid, in, prefixes[i].oid_len) != 0) { - continue; - } - - val_str = in + prefixes[i].oid_len; - end_str = NULL; - errno = 0; - - if (val_str[0] == '\0') { - return WERR_INVALID_PARAM; - } - - /* two '.' chars are invalid */ - if (val_str[0] == '.') { - return WERR_INVALID_PARAM; - } - - val = strtoul(val_str, &end_str, 10); - if (end_str[0] == '.' && end_str[1] != '\0') { - /* - * if it's a '.' and not the last char - * then maybe an other mapping apply - */ - continue; - } else if (end_str[0] != '\0') { - return WERR_INVALID_PARAM; - } else if (val > 0xFFFF) { - return WERR_INVALID_PARAM; - } - - *out = prefixes[i].id | val; - return WERR_OK; - } - - return WERR_DS_NO_MSDS_INTID; -} - -WERROR dsdb_write_prefixes_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, - uint32_t num_prefixes, - const struct dsdb_schema_oid_prefix *prefixes) +WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, + const struct dsdb_schema *schema) { - struct ldb_message msg; + WERROR status; + int ldb_ret; + struct ldb_message *msg; struct ldb_dn *schema_dn; - struct ldb_message_element el; - struct prefixMapBlob pm; + struct prefixMapBlob pfm_blob; struct ldb_val ndr_blob; enum ndr_err_code ndr_err; - uint32_t i; - int ret; - - schema_dn = samdb_schema_dn(ldb); + TALLOC_CTX *temp_ctx; + struct drsuapi_DsReplicaOIDMapping_Ctr *ctr; + + schema_dn = ldb_get_schema_basedn(ldb); if (!schema_dn) { - DEBUG(0,("dsdb_write_prefixes_to_ldb: no schema dn present\n")); + DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: no schema dn present\n")); return WERR_FOOBAR; } - pm.version = PREFIX_MAP_VERSION_DSDB; - pm.ctr.dsdb.num_mappings = num_prefixes; - pm.ctr.dsdb.mappings = talloc_array(mem_ctx, - struct drsuapi_DsReplicaOIDMapping, - pm.ctr.dsdb.num_mappings); - if (!pm.ctr.dsdb.mappings) { - return WERR_NOMEM; - } + temp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(temp_ctx); - for (i=0; i < num_prefixes; i++) { - pm.ctr.dsdb.mappings[i].id_prefix = prefixes[i].id>>16; - pm.ctr.dsdb.mappings[i].oid.oid = talloc_strdup(pm.ctr.dsdb.mappings, prefixes[i].oid); + /* convert schema_prefixMap to prefixMap blob */ + status = dsdb_get_oid_mappings_drsuapi(schema, false, temp_ctx, &ctr); + if (!W_ERROR_IS_OK(status)) { + talloc_free(temp_ctx); + return status; } - ndr_err = ndr_push_struct_blob(&ndr_blob, ldb, - lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), - &pm, + pfm_blob.version = PREFIX_MAP_VERSION_DSDB; + pfm_blob.ctr.dsdb = *ctr; + + ndr_err = ndr_push_struct_blob(&ndr_blob, temp_ctx, + &pfm_blob, (ndr_push_flags_fn_t)ndr_push_prefixMapBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(temp_ctx); return WERR_FOOBAR; } - el.num_values = 1; - el.values = &ndr_blob; - el.flags = LDB_FLAG_MOD_REPLACE; - el.name = talloc_strdup(mem_ctx, "prefixMap"); - - msg.dn = ldb_dn_copy(mem_ctx, schema_dn); - msg.num_elements = 1; - msg.elements = ⪙ + /* write serialized prefixMap into LDB */ + msg = ldb_msg_new(temp_ctx); + if (!msg) { + talloc_free(temp_ctx); + return WERR_NOMEM; + } + + msg->dn = schema_dn; + ldb_ret = ldb_msg_add_value(msg, "prefixMap", &ndr_blob, NULL); + if (ldb_ret != 0) { + talloc_free(temp_ctx); + DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: ldb_msg_add_value failed\n")); + return WERR_NOMEM; + } - ret = ldb_modify( ldb, &msg ); - if (ret != 0) { - DEBUG(0,("dsdb_write_prefixes_to_ldb: ldb_modify failed\n")); + ldb_ret = dsdb_replace(ldb, msg, DSDB_FLAG_AS_SYSTEM); + + talloc_free(temp_ctx); + + if (ldb_ret != 0) { + DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: dsdb_replace failed\n")); return WERR_FOOBAR; } return WERR_OK; } -WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint32_t* num_prefixes, struct dsdb_schema_oid_prefix **prefixes) +WERROR dsdb_read_prefixes_from_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **_pfm) { - struct prefixMapBlob *blob; - enum ndr_err_code ndr_err; - uint32_t i; + WERROR werr; + int ldb_ret; const struct ldb_val *prefix_val; struct ldb_dn *schema_dn; - struct ldb_result *schema_res; - int ret; + struct ldb_result *schema_res = NULL; static const char *schema_attrs[] = { "prefixMap", NULL }; - schema_dn = samdb_schema_dn(ldb); + schema_dn = ldb_get_schema_basedn(ldb); if (!schema_dn) { DEBUG(0,("dsdb_read_prefixes_from_ldb: no schema dn present\n")); return WERR_FOOBAR; } - ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); - if (ret == LDB_ERR_NO_SUCH_OBJECT) { + ldb_ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); + if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) { DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefix map present\n")); talloc_free(schema_res); return WERR_FOOBAR; - } else if (ret != LDB_SUCCESS) { + } else if (ldb_ret != LDB_SUCCESS) { DEBUG(0,("dsdb_read_prefixes_from_ldb: failed to search the schema head\n")); talloc_free(schema_res); return WERR_FOOBAR; @@ -542,67 +440,107 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, return WERR_FOOBAR; } - blob = talloc(mem_ctx, struct prefixMapBlob); - W_ERROR_HAVE_NO_MEMORY(blob); + werr = _dsdb_prefixmap_from_ldb_val(prefix_val, + mem_ctx, + _pfm); + talloc_free(schema_res); + W_ERROR_NOT_OK_RETURN(werr); - ndr_err = ndr_pull_struct_blob(prefix_val, blob, - lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), - blob, - (ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("dsdb_read_prefixes_from_ldb: ndr_pull_struct_blob failed\n")); - talloc_free(blob); - talloc_free(schema_res); - return WERR_FOOBAR; + return WERR_OK; +} + +/* + this will be replaced with something that looks at the right part of + the schema once we know where unique indexing information is hidden + */ +static bool dsdb_schema_unique_attribute(const char *attr) +{ + const char *attrs[] = { "objectGUID", "objectSid" , NULL }; + unsigned int i; + for (i=0;attrs[i];i++) { + if (strcasecmp(attr, attrs[i]) == 0) { + return true; + } } + return false; +} - talloc_free(schema_res); - if (blob->version != PREFIX_MAP_VERSION_DSDB) { - DEBUG(0,("dsdb_read_prefixes_from_ldb: blob->version incorect\n")); - talloc_free(blob); - return WERR_FOOBAR; +/* + setup the ldb_schema_attribute field for a dsdb_attribute + */ +static int dsdb_schema_setup_ldb_schema_attribute(struct ldb_context *ldb, + struct dsdb_attribute *attr) +{ + const char *syntax = attr->syntax->ldb_syntax; + const struct ldb_schema_syntax *s; + struct ldb_schema_attribute *a; + + if (!syntax) { + syntax = attr->syntax->ldap_oid; } - - *num_prefixes = blob->ctr.dsdb.num_mappings; - *prefixes = talloc_array(mem_ctx, struct dsdb_schema_oid_prefix, *num_prefixes); - if(!(*prefixes)) { - talloc_free(blob); - return WERR_NOMEM; + + s = ldb_samba_syntax_by_lDAPDisplayName(ldb, attr->lDAPDisplayName); + if (s == NULL) { + s = ldb_samba_syntax_by_name(ldb, syntax); } - for (i=0; i < blob->ctr.dsdb.num_mappings; i++) { - char *oid; - (*prefixes)[i].id = blob->ctr.dsdb.mappings[i].id_prefix<<16; - oid = talloc_strdup(mem_ctx, blob->ctr.dsdb.mappings[i].oid.oid); - (*prefixes)[i].oid = talloc_asprintf_append(oid, "."); - (*prefixes)[i].oid_len = strlen(blob->ctr.dsdb.mappings[i].oid.oid); + if (s == NULL) { + s = ldb_standard_syntax_by_name(ldb, syntax); } - talloc_free(blob); - return WERR_OK; + if (s == NULL) { + return ldb_operr(ldb); + } + + attr->ldb_schema_attribute = a = talloc(attr, struct ldb_schema_attribute); + if (attr->ldb_schema_attribute == NULL) { + return ldb_oom(ldb); + } + + a->name = attr->lDAPDisplayName; + a->flags = 0; + a->syntax = s; + + if (dsdb_schema_unique_attribute(a->name)) { + a->flags |= LDB_ATTR_FLAG_UNIQUE_INDEX; + } + if (attr->isSingleValued) { + a->flags |= LDB_ATTR_FLAG_SINGLE_VALUE; + } + + + return LDB_SUCCESS; } -#define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \ - (p)->elem = samdb_result_string(msg, attr, NULL);\ - if (strict && (p)->elem == NULL) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - talloc_steal(mem_ctx, (p)->elem); \ -} while (0) -#define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \ - int get_string_list_counter; \ - struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \ - if (get_string_list_el == NULL) { \ - if (strict) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ +#define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \ + const struct ldb_val *get_string_val = ldb_msg_find_ldb_val(msg, attr); \ + if (get_string_val == NULL) { \ + if (strict) { \ + d_printf("%s: %s == NULL in %s\n", __location__, attr, ldb_dn_get_linearized(msg->dn)); \ return WERR_INVALID_PARAM; \ } else { \ (p)->elem = NULL; \ - break; \ + } \ + } else { \ + (p)->elem = talloc_strndup(mem_ctx, \ + (const char *)get_string_val->data, \ + get_string_val->length); \ + if (!(p)->elem) { \ + d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \ + return WERR_NOMEM; \ } \ } \ +} while (0) + +#define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem) do { \ + int get_string_list_counter; \ + struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \ + /* We may get empty attributes over the replication channel */ \ + if (get_string_list_el == NULL || get_string_list_el->num_values == 0) { \ + (p)->elem = NULL; \ + break; \ + } \ (p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \ for (get_string_list_counter=0; \ get_string_list_counter < get_string_list_el->num_values; \ @@ -621,7 +559,7 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, #define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \ const char *str; \ - str = samdb_result_string(msg, attr, NULL);\ + str = ldb_msg_find_attr_as_string(msg, attr, NULL);\ if (str == NULL) { \ if (strict) { \ d_printf("%s: %s == NULL\n", __location__, attr); \ @@ -640,11 +578,11 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, } while (0) #define GET_UINT32_LDB(msg, attr, p, elem) do { \ - (p)->elem = samdb_result_uint(msg, attr, 0);\ + (p)->elem = ldb_msg_find_attr_as_uint(msg, attr, 0);\ } while (0) -#define GET_UINT32_PTR_LDB(msg, attr, p, elem) do { \ - uint64_t _v = samdb_result_uint64(msg, attr, UINT64_MAX);\ +#define GET_UINT32_PTR_LDB(msg, attr, mem_ctx, p, elem) do { \ + uint64_t _v = ldb_msg_find_attr_as_uint64(msg, attr, UINT64_MAX);\ if (_v == UINT64_MAX) { \ (p)->elem = NULL; \ } else if (_v > UINT32_MAX) { \ @@ -676,21 +614,26 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, }\ } while (0) -WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema, - struct ldb_message *msg, - TALLOC_CTX *mem_ctx, - struct dsdb_attribute *attr) +WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, + struct dsdb_schema *schema, + struct ldb_message *msg) { WERROR status; + struct dsdb_attribute *attr = talloc_zero(schema, struct dsdb_attribute); + if (!attr) { + return WERR_NOMEM; + } - GET_STRING_LDB(msg, "cn", mem_ctx, attr, cn, false); - GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true); - GET_STRING_LDB(msg, "attributeID", mem_ctx, attr, attributeID_oid, true); - if (schema->num_prefixes == 0) { + GET_STRING_LDB(msg, "cn", attr, attr, cn, false); + GET_STRING_LDB(msg, "lDAPDisplayName", attr, attr, lDAPDisplayName, true); + GET_STRING_LDB(msg, "attributeID", attr, attr, attributeID_oid, true); + if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ - attr->attributeID_id = 0xFFFFFFFF; + attr->attributeID_id = DRSUAPI_ATTID_INVALID; } else { - status = dsdb_map_oid2int(schema, attr->attributeID_oid, &attr->attributeID_id); + status = dsdb_schema_pfm_make_attid(schema->prefixmap, + attr->attributeID_oid, + &attr->attributeID_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", __location__, attr->lDAPDisplayName, attr->attributeID_oid, @@ -698,22 +641,29 @@ WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema, return status; } } + /* fetch msDS-IntId to be used in resolving ATTRTYP values */ + GET_UINT32_LDB(msg, "msDS-IntId", attr, msDS_IntId); + GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID); GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID); GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID); + GET_GUID_LDB(msg, "objectGUID", attr, objectGUID); + GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags); GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags); GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false); GET_UINT32_LDB(msg, "linkID", attr, linkID); - GET_STRING_LDB(msg, "attributeSyntax", mem_ctx, attr, attributeSyntax_oid, true); - if (schema->num_prefixes == 0) { + GET_STRING_LDB(msg, "attributeSyntax", attr, attr, attributeSyntax_oid, true); + if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ - attr->attributeSyntax_id = 0xFFFFFFFF; + attr->attributeSyntax_id = DRSUAPI_ATTID_INVALID; } else { - status = dsdb_map_oid2int(schema, attr->attributeSyntax_oid, &attr->attributeSyntax_id); + status = dsdb_schema_pfm_attid_from_oid(schema->prefixmap, + attr->attributeSyntax_oid, + &attr->attributeSyntax_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n", __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid, @@ -722,47 +672,61 @@ WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema, } } GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax); - GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass); + GET_BLOB_LDB(msg, "oMObjectClass", attr, attr, oMObjectClass); GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true); - GET_UINT32_PTR_LDB(msg, "rangeLower", attr, rangeLower); - GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, rangeUpper); + GET_UINT32_PTR_LDB(msg, "rangeLower", attr, attr, rangeLower); + GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, attr, rangeUpper); GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false); GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx); - GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions); + GET_BLOB_LDB(msg, "msDs-Schema-Extensions", attr, attr, msDs_Schema_Extensions); GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false); - GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, attr, adminDisplayName, false); - GET_STRING_LDB(msg, "adminDescription", mem_ctx, attr, adminDescription, false); - GET_STRING_LDB(msg, "classDisplayName", mem_ctx, attr, classDisplayName, false); + GET_STRING_LDB(msg, "adminDisplayName", attr, attr, adminDisplayName, false); + GET_STRING_LDB(msg, "adminDescription", attr, attr, adminDescription, false); + GET_STRING_LDB(msg, "classDisplayName", attr, attr, classDisplayName, false); GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false); GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false); GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false); attr->syntax = dsdb_syntax_for_attribute(attr); if (!attr->syntax) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", + attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } + if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Unknown schema syntax for %s - ldb_syntax: %s, ldap_oid: %s\n", + attr->lDAPDisplayName, + attr->syntax->ldb_syntax, + attr->syntax->ldap_oid)); + return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; + } + + DLIST_ADD(schema->attributes, attr); return WERR_OK; } -WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema, - struct ldb_message *msg, - TALLOC_CTX *mem_ctx, - struct dsdb_class *obj) +WERROR dsdb_class_from_ldb(struct dsdb_schema *schema, + struct ldb_message *msg) { WERROR status; - - GET_STRING_LDB(msg, "cn", mem_ctx, obj, cn, false); - GET_STRING_LDB(msg, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true); - GET_STRING_LDB(msg, "governsID", mem_ctx, obj, governsID_oid, true); - if (schema->num_prefixes == 0) { + struct dsdb_class *obj = talloc_zero(schema, struct dsdb_class); + if (!obj) { + return WERR_NOMEM; + } + GET_STRING_LDB(msg, "cn", obj, obj, cn, false); + GET_STRING_LDB(msg, "lDAPDisplayName", obj, obj, lDAPDisplayName, true); + GET_STRING_LDB(msg, "governsID", obj, obj, governsID_oid, true); + if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ - obj->governsID_id = 0xFFFFFFFF; + obj->governsID_id = DRSUAPI_ATTID_INVALID; } else { - status = dsdb_map_oid2int(schema, obj->governsID_oid, &obj->governsID_id); + status = dsdb_schema_pfm_make_attid(schema->prefixmap, + obj->governsID_oid, + &obj->governsID_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n", __location__, obj->lDAPDisplayName, obj->governsID_oid, @@ -771,75 +735,116 @@ WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema, } } GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID); + GET_GUID_LDB(msg, "objectGUID", obj, objectGUID); GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory); - GET_STRING_LDB(msg, "rDNAttID", mem_ctx, obj, rDNAttID, false); - GET_STRING_LDB(msg, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true); + GET_STRING_LDB(msg, "rDNAttID", obj, obj, rDNAttID, false); + GET_STRING_LDB(msg, "defaultObjectCategory", obj, obj, defaultObjectCategory, true); - GET_STRING_LDB(msg, "subClassOf", mem_ctx, obj, subClassOf, true); + GET_STRING_LDB(msg, "subClassOf", obj, obj, subClassOf, true); - GET_STRING_LIST_LDB(msg, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass, false); - GET_STRING_LIST_LDB(msg, "auxiliaryClass", mem_ctx, obj, auxiliaryClass, false); + GET_STRING_LIST_LDB(msg, "systemAuxiliaryClass", obj, obj, systemAuxiliaryClass); + GET_STRING_LIST_LDB(msg, "auxiliaryClass", obj, obj, auxiliaryClass); - GET_STRING_LIST_LDB(msg, "systemMustContain", mem_ctx, obj, systemMustContain, false); - GET_STRING_LIST_LDB(msg, "systemMayContain", mem_ctx, obj, systemMayContain, false); - GET_STRING_LIST_LDB(msg, "mustContain", mem_ctx, obj, mustContain, false); - GET_STRING_LIST_LDB(msg, "mayContain", mem_ctx, obj, mayContain, false); + GET_STRING_LIST_LDB(msg, "systemMustContain", obj, obj, systemMustContain); + GET_STRING_LIST_LDB(msg, "systemMayContain", obj, obj, systemMayContain); + GET_STRING_LIST_LDB(msg, "mustContain", obj, obj, mustContain); + GET_STRING_LIST_LDB(msg, "mayContain", obj, obj, mayContain); - GET_STRING_LIST_LDB(msg, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false); - GET_STRING_LIST_LDB(msg, "possSuperiors", mem_ctx, obj, possSuperiors, false); - GET_STRING_LIST_LDB(msg, "possibleInferiors", mem_ctx, obj, possibleInferiors, false); + GET_STRING_LIST_LDB(msg, "systemPossSuperiors", obj, obj, systemPossSuperiors); + GET_STRING_LIST_LDB(msg, "possSuperiors", obj, obj, possSuperiors); - GET_STRING_LDB(msg, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false); + GET_STRING_LDB(msg, "defaultSecurityDescriptor", obj, obj, defaultSecurityDescriptor, false); GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx); - GET_BLOB_LDB(msg, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions); + GET_UINT32_LDB(msg, "systemFlags", obj, systemFlags); + GET_BLOB_LDB(msg, "msDs-Schema-Extensions", obj, obj, msDs_Schema_Extensions); GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false); - GET_STRING_LDB(msg, "adminDisplayName", mem_ctx, obj, adminDisplayName, false); - GET_STRING_LDB(msg, "adminDescription", mem_ctx, obj, adminDescription, false); - GET_STRING_LDB(msg, "classDisplayName", mem_ctx, obj, classDisplayName, false); + GET_STRING_LDB(msg, "adminDisplayName", obj, obj, adminDisplayName, false); + GET_STRING_LDB(msg, "adminDescription", obj, obj, adminDescription, false); + GET_STRING_LDB(msg, "classDisplayName", obj, obj, classDisplayName, false); GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false); GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false); GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false); + DLIST_ADD(schema->classes, obj); return WERR_OK; } #define dsdb_oom(error_string, mem_ctx) *error_string = talloc_asprintf(mem_ctx, "dsdb out of memory at %s:%d\n", __FILE__, __LINE__) +/* + Fill a DSDB schema from the ldb results provided. This is called + directly when a schema must be created with a pre-initialised prefixMap +*/ + +int dsdb_load_ldb_results_into_schema(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, + struct dsdb_schema *schema, + struct ldb_result *attrs_class_res, + char **error_string) +{ + unsigned int i; + + for (i=0; i < attrs_class_res->count; i++) { + WERROR status = dsdb_schema_set_el_from_ldb_msg(ldb, schema, attrs_class_res->msgs[i]); + if (!W_ERROR_IS_OK(status)) { + *error_string = talloc_asprintf(mem_ctx, + "dsdb_load_ldb_results_into_schema: failed to load attribute or class definition: %s:%s", + ldb_dn_get_linearized(attrs_class_res->msgs[i]->dn), + win_errstr(status)); + DEBUG(0,(__location__ ": %s\n", *error_string)); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + } + + return LDB_SUCCESS; +} + +/* + Create a DSDB schema from the ldb results provided. This is called + directly when the schema is provisioned from an on-disk LDIF file, or + from dsdb_schema_from_schema_dn in schema_fsmo +*/ + int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, - struct smb_iconv_convenience *iconv_convenience, struct ldb_result *schema_res, - struct ldb_result *attrs_res, struct ldb_result *objectclass_res, + struct ldb_result *attrs_class_res, struct dsdb_schema **schema_out, char **error_string) { WERROR status; - uint32_t i; const struct ldb_val *prefix_val; const struct ldb_val *info_val; struct ldb_val info_val_default; struct dsdb_schema *schema; + struct loadparm_context *lp_ctx = NULL; + int ret; - schema = dsdb_new_schema(mem_ctx, iconv_convenience); + schema = dsdb_new_schema(mem_ctx); if (!schema) { dsdb_oom(error_string, mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_operr(ldb); } + schema->base_dn = talloc_steal(schema, schema_res->msgs[0]->dn); + prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap"); if (!prefix_val) { *error_string = talloc_asprintf(mem_ctx, "schema_fsmo_init: no prefixMap attribute found"); + DEBUG(0,(__location__ ": %s\n", *error_string)); return LDB_ERR_CONSTRAINT_VIOLATION; } info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo"); if (!info_val) { - info_val_default = strhex_to_data_blob(mem_ctx, "FF0000000000000000000000000000000000000000"); - if (!info_val_default.data) { - dsdb_oom(error_string, mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default); + if (!W_ERROR_IS_OK(status)) { + *error_string = talloc_asprintf(mem_ctx, + "schema_fsmo_init: dsdb_schema_info_blob_new() failed - %s", + win_errstr(status)); + DEBUG(0,(__location__ ": %s\n", *error_string)); + return ldb_operr(ldb); } info_val = &info_val_default; } @@ -849,49 +854,13 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, *error_string = talloc_asprintf(mem_ctx, "schema_fsmo_init: failed to load oid mappings: %s", win_errstr(status)); + DEBUG(0,(__location__ ": %s\n", *error_string)); return LDB_ERR_CONSTRAINT_VIOLATION; } - for (i=0; i < attrs_res->count; i++) { - struct dsdb_attribute *sa; - - sa = talloc_zero(schema, struct dsdb_attribute); - if (!sa) { - dsdb_oom(error_string, mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - status = dsdb_attribute_from_ldb(schema, attrs_res->msgs[i], sa, sa); - if (!W_ERROR_IS_OK(status)) { - *error_string = talloc_asprintf(mem_ctx, - "schema_fsmo_init: failed to load attribute definition: %s:%s", - ldb_dn_get_linearized(attrs_res->msgs[i]->dn), - win_errstr(status)); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - DLIST_ADD_END(schema->attributes, sa, struct dsdb_attribute *); - } - - for (i=0; i < objectclass_res->count; i++) { - struct dsdb_class *sc; - - sc = talloc_zero(schema, struct dsdb_class); - if (!sc) { - dsdb_oom(error_string, mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - status = dsdb_class_from_ldb(schema, objectclass_res->msgs[i], sc, sc); - if (!W_ERROR_IS_OK(status)) { - *error_string = talloc_asprintf(mem_ctx, - "schema_fsmo_init: failed to load class definition: %s:%s", - ldb_dn_get_linearized(objectclass_res->msgs[i]->dn), - win_errstr(status)); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - DLIST_ADD_END(schema->classes, sc, struct dsdb_class *); + ret = dsdb_load_ldb_results_into_schema(mem_ctx, ldb, schema, attrs_class_res, error_string); + if (ret != LDB_SUCCESS) { + return ret; } schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(ldb, schema, schema_res->msgs[0], "fSMORoleOwner"); @@ -901,571 +870,21 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, schema->fsmo.we_are_master = false; } - DEBUG(5, ("schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no"))); - - *schema_out = schema; - return LDB_SUCCESS; -} - -/* This recursive load of the objectClasses presumes that they - * everything is in a strict subClassOf hirarchy. - * - * We load this in order so we produce certain outputs (such as the - * exported schema for openldap, and sorted objectClass attribute) 'in - * order' */ - -static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, - TALLOC_CTX *mem_ctx, - struct ldb_result *search_from, - struct ldb_result *res_list) -{ - int i; - int ret = 0; - for (i=0; i < search_from->count; i++) { - struct ldb_result *res; - const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i], - "lDAPDisplayname", NULL); - - ret = ldb_search(ldb, mem_ctx, &res, - schemadn, LDB_SCOPE_SUBTREE, NULL, - "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", - name, name); - if (ret != LDB_SUCCESS) { - return ret; - } - - res_list->msgs = talloc_realloc(res_list, res_list->msgs, - struct ldb_message *, res_list->count + 2); - if (!res_list->msgs) { - return LDB_ERR_OPERATIONS_ERROR; - } - res_list->msgs[res_list->count] = talloc_move(res_list, - &search_from->msgs[i]); - res_list->count++; - res_list->msgs[res_list->count] = NULL; - - if (res->count > 0) { - ret = fetch_oc_recursive(ldb, schemadn, mem_ctx, res, res_list); - } - if (ret != LDB_SUCCESS) { - return ret; - } - } - return ret; -} - -static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, - TALLOC_CTX *mem_ctx, - struct ldb_result **objectclasses_res, - char **error_string) -{ - TALLOC_CTX *local_ctx = talloc_new(mem_ctx); - struct ldb_result *top_res, *ret_res; - int ret; - if (!local_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Download 'top' */ - ret = ldb_search(ldb, local_ctx, &top_res, - schemadn, LDB_SCOPE_SUBTREE, NULL, - "(&(objectClass=classSchema)(lDAPDisplayName=top))"); - if (ret != LDB_SUCCESS) { - *error_string = talloc_asprintf(mem_ctx, - "dsdb_schema: failed to search for top classSchema object: %s", - ldb_errstring(ldb)); - return ret; - } - - if (top_res->count != 1) { - *error_string = talloc_asprintf(mem_ctx, - "dsdb_schema: failed to find top classSchema object"); - return LDB_ERR_NO_SUCH_OBJECT; - } - - ret_res = talloc_zero(local_ctx, struct ldb_result); - if (!ret_res) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = fetch_oc_recursive(ldb, schemadn, local_ctx, top_res, ret_res); - - if (ret != LDB_SUCCESS) { - return ret; - } - - *objectclasses_res = talloc_move(mem_ctx, &ret_res); - return ret; -} - -int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, - struct smb_iconv_convenience *iconv_convenience, - struct ldb_dn *schema_dn, - struct dsdb_schema **schema, - char **error_string_out) -{ - TALLOC_CTX *tmp_ctx; - char *error_string; - int ret; - - struct ldb_result *schema_res; - struct ldb_result *a_res; - struct ldb_result *c_res; - static const char *schema_attrs[] = { - "prefixMap", - "schemaInfo", - "fSMORoleOwner", - NULL - }; - - tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) { - dsdb_oom(error_string_out, mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* - * setup the prefix mappings and schema info - */ - ret = ldb_search(ldb, tmp_ctx, &schema_res, - schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL); - if (ret == LDB_ERR_NO_SUCH_OBJECT) { - talloc_free(tmp_ctx); - return ret; - } else if (ret != LDB_SUCCESS) { - *error_string_out = talloc_asprintf(mem_ctx, - "dsdb_schema: failed to search the schema head: %s", - ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; - } - if (schema_res->count != 1) { - *error_string_out = talloc_asprintf(mem_ctx, - "dsdb_schema: [%u] schema heads found on a base search", - schema_res->count); - talloc_free(tmp_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } - - /* - * load the attribute definitions - */ - ret = ldb_search(ldb, tmp_ctx, &a_res, - schema_dn, LDB_SCOPE_ONELEVEL, NULL, - "(objectClass=attributeSchema)"); - if (ret != LDB_SUCCESS) { - *error_string_out = talloc_asprintf(mem_ctx, - "dsdb_schema: failed to search attributeSchema objects: %s", - ldb_errstring(ldb)); - talloc_free(tmp_ctx); - return ret; - } - - /* - * load the objectClass definitions - */ - ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res, &error_string); - if (ret != LDB_SUCCESS) { - *error_string_out = talloc_asprintf(mem_ctx, - "Failed to fetch objectClass schema elements: %s", error_string); - talloc_free(tmp_ctx); - return ret; + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + if (lp_ctx) { + bool allowed = lpcfg_parm_bool(lp_ctx, NULL, + "dsdb", "schema update allowed", + false); + schema->fsmo.update_allowed = allowed; + } else { + schema->fsmo.update_allowed = false; } - ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb, - lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), - schema_res, a_res, c_res, schema, &error_string); - if (ret != LDB_SUCCESS) { - *error_string_out = talloc_asprintf(mem_ctx, - "dsdb_schema load failed: %s", - error_string); - talloc_free(tmp_ctx); - return ret; - } - talloc_steal(mem_ctx, *schema); - talloc_free(tmp_ctx); + DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n", + (schema->fsmo.we_are_master?"yes":"no"), + (schema->fsmo.update_allowed?"yes":"no"))); + *schema_out = schema; return LDB_SUCCESS; -} - - -static const struct { - const char *name; - const char *oid; -} name_mappings[] = { - { "cn", "2.5.4.3" }, - { "name", "1.2.840.113556.1.4.1" }, - { "lDAPDisplayName", "1.2.840.113556.1.2.460" }, - { "attributeID", "1.2.840.113556.1.2.30" }, - { "schemaIDGUID", "1.2.840.113556.1.4.148" }, - { "mAPIID", "1.2.840.113556.1.2.49" }, - { "attributeSecurityGUID", "1.2.840.113556.1.4.149" }, - { "searchFlags", "1.2.840.113556.1.2.334" }, - { "systemFlags", "1.2.840.113556.1.4.375" }, - { "isMemberOfPartialAttributeSet", "1.2.840.113556.1.4.639" }, - { "linkID", "1.2.840.113556.1.2.50" }, - { "attributeSyntax", "1.2.840.113556.1.2.32" }, - { "oMSyntax", "1.2.840.113556.1.2.231" }, - { "oMObjectClass", "1.2.840.113556.1.2.218" }, - { "isSingleValued", "1.2.840.113556.1.2.33" }, - { "rangeLower", "1.2.840.113556.1.2.34" }, - { "rangeUpper", "1.2.840.113556.1.2.35" }, - { "extendedCharsAllowed", "1.2.840.113556.1.2.380" }, - { "schemaFlagsEx", "1.2.840.113556.1.4.120" }, - { "msDs-Schema-Extensions", "1.2.840.113556.1.4.1440" }, - { "showInAdvancedViewOnly", "1.2.840.113556.1.2.169" }, - { "adminDisplayName", "1.2.840.113556.1.2.194" }, - { "adminDescription", "1.2.840.113556.1.2.226" }, - { "classDisplayName", "1.2.840.113556.1.4.610" }, - { "isEphemeral", "1.2.840.113556.1.4.1212" }, - { "isDefunct", "1.2.840.113556.1.4.661" }, - { "systemOnly", "1.2.840.113556.1.4.170" }, - { "governsID", "1.2.840.113556.1.2.22" }, - { "objectClassCategory", "1.2.840.113556.1.2.370" }, - { "rDNAttID", "1.2.840.113556.1.2.26" }, - { "defaultObjectCategory", "1.2.840.113556.1.4.783" }, - { "subClassOf", "1.2.840.113556.1.2.21" }, - { "systemAuxiliaryClass", "1.2.840.113556.1.4.198" }, - { "systemPossSuperiors", "1.2.840.113556.1.4.195" }, - { "systemMustContain", "1.2.840.113556.1.4.197" }, - { "systemMayContain", "1.2.840.113556.1.4.196" }, - { "auxiliaryClass", "1.2.840.113556.1.2.351" }, - { "possSuperiors", "1.2.840.113556.1.2.8" }, - { "mustContain", "1.2.840.113556.1.2.24" }, - { "mayContain", "1.2.840.113556.1.2.25" }, - { "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" }, - { "defaultHidingValue", "1.2.840.113556.1.4.518" }, -}; - -static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema, - struct drsuapi_DsReplicaObject *obj, - const char *name, - uint32_t *idx) -{ - WERROR status; - uint32_t i, id; - const char *oid = NULL; - - for(i=0; i < ARRAY_SIZE(name_mappings); i++) { - if (strcmp(name_mappings[i].name, name) != 0) continue; - - oid = name_mappings[i].oid; - break; - } - - if (!oid) { - return NULL; - } - - status = dsdb_map_oid2int(schema, oid, &id); - if (!W_ERROR_IS_OK(status)) { - return NULL; - } - - for (i=0; i < obj->attribute_ctr.num_attributes; i++) { - if (obj->attribute_ctr.attributes[i].attid != id) continue; - - if (idx) *idx = i; - return &obj->attribute_ctr.attributes[i]; - } - - return NULL; } - -#define GET_STRING_DS(s, r, attr, mem_ctx, p, elem, strict) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (strict && !_a) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && _a->value_ctr.num_values != 1) { \ - d_printf("%s: %s num_values == %u\n", __location__, attr, \ - _a->value_ctr.num_values); \ - return WERR_INVALID_PARAM; \ - } \ - if (_a && _a->value_ctr.num_values >= 1) { \ - size_t _ret; \ - if (!convert_string_talloc_convenience(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \ - _a->value_ctr.values[0].blob->data, \ - _a->value_ctr.values[0].blob->length, \ - (void **)discard_const(&(p)->elem), &_ret, false)) { \ - DEBUG(0,("%s: invalid data!\n", attr)); \ - dump_data(0, \ - _a->value_ctr.values[0].blob->data, \ - _a->value_ctr.values[0].blob->length); \ - return WERR_FOOBAR; \ - } \ - } else { \ - (p)->elem = NULL; \ - } \ -} while (0) - -#define GET_STRING_LIST_DS(s, r, attr, mem_ctx, p, elem, strict) do { \ - int get_string_list_counter; \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (strict && !_a) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - (p)->elem = _a ? talloc_array(mem_ctx, const char *, _a->value_ctr.num_values + 1) : NULL; \ - for (get_string_list_counter=0; \ - _a && get_string_list_counter < _a->value_ctr.num_values; \ - get_string_list_counter++) { \ - size_t _ret; \ - if (!convert_string_talloc_convenience(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \ - _a->value_ctr.values[get_string_list_counter].blob->data, \ - _a->value_ctr.values[get_string_list_counter].blob->length, \ - (void **)discard_const(&(p)->elem[get_string_list_counter]), &_ret, false)) { \ - DEBUG(0,("%s: invalid data!\n", attr)); \ - dump_data(0, \ - _a->value_ctr.values[get_string_list_counter].blob->data, \ - _a->value_ctr.values[get_string_list_counter].blob->length); \ - return WERR_FOOBAR; \ - } \ - (p)->elem[get_string_list_counter+1] = NULL; \ - } \ - talloc_steal(mem_ctx, (p)->elem); \ -} while (0) - -#define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (strict && !_a) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && _a->value_ctr.num_values != 1) { \ - d_printf("%s: %s num_values == %u\n", __location__, attr, \ - _a->value_ctr.num_values); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && !_a->value_ctr.values[0].blob) { \ - d_printf("%s: %s data == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob) { \ - struct drsuapi_DsReplicaObjectIdentifier3 _id3; \ - enum ndr_err_code _ndr_err; \ - _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \ - mem_ctx, s->iconv_convenience, &_id3,\ - (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);\ - if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \ - NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \ - return ntstatus_to_werror(_nt_status); \ - } \ - (p)->elem = _id3.dn; \ - } else { \ - (p)->elem = NULL; \ - } \ -} while (0) - -#define GET_BOOL_DS(s, r, attr, p, elem, strict) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (strict && !_a) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && _a->value_ctr.num_values != 1) { \ - d_printf("%s: %s num_values == %u\n", __location__, attr, \ - (unsigned int)_a->value_ctr.num_values); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && !_a->value_ctr.values[0].blob) { \ - d_printf("%s: %s data == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - if (strict && _a->value_ctr.values[0].blob->length != 4) { \ - d_printf("%s: %s length == %u\n", __location__, attr, \ - (unsigned int)_a->value_ctr.values[0].blob->length); \ - return WERR_INVALID_PARAM; \ - } \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob \ - && _a->value_ctr.values[0].blob->length == 4) { \ - (p)->elem = (IVAL(_a->value_ctr.values[0].blob->data,0)?true:false);\ - } else { \ - (p)->elem = false; \ - } \ -} while (0) - -#define GET_UINT32_DS(s, r, attr, p, elem) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob \ - && _a->value_ctr.values[0].blob->length == 4) { \ - (p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\ - } else { \ - (p)->elem = 0; \ - } \ -} while (0) - -#define GET_UINT32_PTR_DS(s, r, attr, p, elem) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob \ - && _a->value_ctr.values[0].blob->length == 4) { \ - (p)->elem = talloc(mem_ctx, uint32_t); \ - if (!(p)->elem) { \ - d_printf("%s: talloc failed for %s\n", __location__, attr); \ - return WERR_NOMEM; \ - } \ - *(p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\ - } else { \ - (p)->elem = NULL; \ - } \ -} while (0) - -#define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob \ - && _a->value_ctr.values[0].blob->length == 16) { \ - enum ndr_err_code _ndr_err; \ - _ndr_err = ndr_pull_struct_blob_all(_a->value_ctr.values[0].blob, \ - mem_ctx, s->iconv_convenience, &(p)->elem, \ - (ndr_pull_flags_fn_t)ndr_pull_GUID); \ - if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \ - NTSTATUS _nt_status = ndr_map_error2ntstatus(_ndr_err); \ - return ntstatus_to_werror(_nt_status); \ - } \ - } else { \ - ZERO_STRUCT((p)->elem);\ - } \ -} while (0) - -#define GET_BLOB_DS(s, r, attr, mem_ctx, p, elem) do { \ - struct drsuapi_DsReplicaAttribute *_a; \ - _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ - if (_a && _a->value_ctr.num_values >= 1 \ - && _a->value_ctr.values[0].blob) { \ - (p)->elem = *_a->value_ctr.values[0].blob;\ - talloc_steal(mem_ctx, (p)->elem.data); \ - } else { \ - ZERO_STRUCT((p)->elem);\ - }\ -} while (0) - -WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema, - struct drsuapi_DsReplicaObject *r, - TALLOC_CTX *mem_ctx, - struct dsdb_attribute *attr) -{ - WERROR status; - - GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true); - GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true); - GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id); - status = dsdb_map_int2oid(schema, attr->attributeID_id, mem_ctx, &attr->attributeID_oid); - if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("%s: '%s': unable to map attributeID 0x%08X: %s\n", - __location__, attr->lDAPDisplayName, attr->attributeID_id, - win_errstr(status))); - return status; - } - GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID); - GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID); - - GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID); - - GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags); - GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags); - GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false); - GET_UINT32_DS(schema, r, "linkID", attr, linkID); - - GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id); - status = dsdb_map_int2oid(schema, attr->attributeSyntax_id, mem_ctx, &attr->attributeSyntax_oid); - if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("%s: '%s': unable to map attributeSyntax 0x%08X: %s\n", - __location__, attr->lDAPDisplayName, attr->attributeSyntax_id, - win_errstr(status))); - return status; - } - GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax); - GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass); - - GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true); - GET_UINT32_PTR_DS(schema, r, "rangeLower", attr, rangeLower); - GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper); - GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false); - - GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx); - GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions); - - GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false); - GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, attr, adminDisplayName, false); - GET_STRING_DS(schema, r, "adminDescription", mem_ctx, attr, adminDescription, false); - GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, attr, classDisplayName, false); - GET_BOOL_DS(schema, r, "isEphemeral", attr, isEphemeral, false); - GET_BOOL_DS(schema, r, "isDefunct", attr, isDefunct, false); - GET_BOOL_DS(schema, r, "systemOnly", attr, systemOnly, false); - - attr->syntax = dsdb_syntax_for_attribute(attr); - if (!attr->syntax) { - return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; - } - - return WERR_OK; -} - -WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema, - struct drsuapi_DsReplicaObject *r, - TALLOC_CTX *mem_ctx, - struct dsdb_class *obj) -{ - WERROR status; - - GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true); - GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true); - GET_UINT32_DS(schema, r, "governsID", obj, governsID_id); - status = dsdb_map_int2oid(schema, obj->governsID_id, mem_ctx, &obj->governsID_oid); - if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("%s: '%s': unable to map governsID 0x%08X: %s\n", - __location__, obj->lDAPDisplayName, obj->governsID_id, - win_errstr(status))); - return status; - } - GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, obj, schemaIDGUID); - - GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory); - GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false); - GET_DN_DS(schema, r, "defaultObjectCategory", mem_ctx, obj, defaultObjectCategory, true); - - GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true); - - - GET_STRING_LIST_DS(schema, r, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass, false); - GET_STRING_LIST_DS(schema, r, "auxiliaryClass", mem_ctx, obj, auxiliaryClass, false); - - GET_STRING_LIST_DS(schema, r, "systemMustContain", mem_ctx, obj, systemMustContain, false); - GET_STRING_LIST_DS(schema, r, "systemMayContain", mem_ctx, obj, systemMayContain, false); - GET_STRING_LIST_DS(schema, r, "mustContain", mem_ctx, obj, mustContain, false); - GET_STRING_LIST_DS(schema, r, "mayContain", mem_ctx, obj, mayContain, false); - - GET_STRING_LIST_DS(schema, r, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false); - GET_STRING_LIST_DS(schema, r, "possSuperiors", mem_ctx, obj, possSuperiors, false); - GET_STRING_LIST_DS(schema, r, "possibleInferiors", mem_ctx, obj, possibleInferiors, false); - - GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false); - - GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx); - GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions); - - GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false); - GET_STRING_DS(schema, r, "adminDisplayName", mem_ctx, obj, adminDisplayName, false); - GET_STRING_DS(schema, r, "adminDescription", mem_ctx, obj, adminDescription, false); - GET_STRING_DS(schema, r, "classDisplayName", mem_ctx, obj, classDisplayName, false); - GET_BOOL_DS(schema, r, "defaultHidingValue", obj, defaultHidingValue, false); - GET_BOOL_DS(schema, r, "isDefunct", obj, isDefunct, false); - GET_BOOL_DS(schema, r, "systemOnly", obj, systemOnly, false); - - return WERR_OK; -} -