2 Unix SMB/CIFS mplementation.
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "lib/util/dlinklist.h"
25 #include "dsdb/samdb/samdb.h"
26 #include "lib/ldb/include/ldb_module.h"
27 #include "param/param.h"
28 #include "librpc/ndr/libndr.h"
29 #include "librpc/gen_ndr/ndr_misc.h"
30 #include "lib/util/tsort.h"
33 override the name to attribute handler function
35 const struct ldb_schema_attribute *dsdb_attribute_handler_override(struct ldb_context *ldb,
39 struct dsdb_schema *schema = talloc_get_type_abort(private_data, struct dsdb_schema);
40 const struct dsdb_attribute *a = dsdb_attribute_by_lDAPDisplayName(schema, name);
42 /* this will fall back to ldb internal handling */
45 return a->ldb_schema_attribute;
48 static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schema *schema, bool write_attributes)
50 int ret = LDB_SUCCESS;
51 struct ldb_result *res;
52 struct ldb_result *res_idx;
53 struct dsdb_attribute *attr;
54 struct ldb_message *mod_msg;
56 struct ldb_message *msg;
57 struct ldb_message *msg_idx;
59 /* setup our own attribute name to schema handler */
60 ldb_schema_attribute_set_override_handler(ldb, dsdb_attribute_handler_override, schema);
62 if (!write_attributes) {
66 mem_ctx = talloc_new(ldb);
68 return LDB_ERR_OPERATIONS_ERROR;
71 msg = ldb_msg_new(mem_ctx);
76 msg_idx = ldb_msg_new(mem_ctx);
81 msg->dn = ldb_dn_new(msg, ldb, "@ATTRIBUTES");
86 msg_idx->dn = ldb_dn_new(msg, ldb, "@INDEXLIST");
92 ret = ldb_msg_add_string(msg_idx, "@IDXONE", "1");
93 if (ret != LDB_SUCCESS) {
97 for (attr = schema->attributes; attr; attr = attr->next) {
98 const char *syntax = attr->syntax->ldb_syntax;
101 syntax = attr->syntax->ldap_oid;
104 /* Write out a rough approximation of the schema as an @ATTRIBUTES value, for bootstrapping */
105 if (strcmp(syntax, LDB_SYNTAX_INTEGER) == 0) {
106 ret = ldb_msg_add_string(msg, attr->lDAPDisplayName, "INTEGER");
107 } else if (strcmp(syntax, LDB_SYNTAX_DIRECTORY_STRING) == 0) {
108 ret = ldb_msg_add_string(msg, attr->lDAPDisplayName, "CASE_INSENSITIVE");
110 if (ret != LDB_SUCCESS) {
114 if (attr->searchFlags & SEARCH_FLAG_ATTINDEX) {
115 ret = ldb_msg_add_string(msg_idx, "@IDXATTR", attr->lDAPDisplayName);
116 if (ret != LDB_SUCCESS) {
122 if (ret != LDB_SUCCESS) {
123 talloc_free(mem_ctx);
127 /* Try to avoid churning the attributes too much - we only want to do this if they have changed */
128 ret = ldb_search(ldb, mem_ctx, &res, msg->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg->dn));
129 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
130 ret = ldb_add(ldb, msg);
131 } else if (ret != LDB_SUCCESS) {
132 } else if (res->count != 1) {
133 ret = ldb_add(ldb, msg);
136 /* Annoyingly added to our search results */
137 ldb_msg_remove_attr(res->msgs[0], "distinguishedName");
139 mod_msg = ldb_msg_diff(ldb, res->msgs[0], msg);
140 if (mod_msg->num_elements > 0) {
141 ret = dsdb_replace(ldb, mod_msg, 0);
145 if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
146 /* We might be on a read-only DB or LDAP */
149 if (ret != LDB_SUCCESS) {
150 talloc_free(mem_ctx);
154 /* Now write out the indexs, as found in the schema (if they have changed) */
156 ret = ldb_search(ldb, mem_ctx, &res_idx, msg_idx->dn, LDB_SCOPE_BASE, NULL, "dn=%s", ldb_dn_get_linearized(msg_idx->dn));
157 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
158 ret = ldb_add(ldb, msg_idx);
159 } else if (ret != LDB_SUCCESS) {
160 } else if (res_idx->count != 1) {
161 ret = ldb_add(ldb, msg_idx);
164 /* Annoyingly added to our search results */
165 ldb_msg_remove_attr(res_idx->msgs[0], "distinguishedName");
167 mod_msg = ldb_msg_diff(ldb, res_idx->msgs[0], msg_idx);
168 if (mod_msg->num_elements > 0) {
169 ret = dsdb_replace(ldb, mod_msg, 0);
172 if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
173 /* We might be on a read-only DB */
176 talloc_free(mem_ctx);
180 talloc_free(mem_ctx);
181 return LDB_ERR_OPERATIONS_ERROR;
184 static int uint32_cmp(uint32_t c1, uint32_t c2)
186 if (c1 == c2) return 0;
187 return c1 > c2 ? 1 : -1;
190 static int dsdb_compare_class_by_lDAPDisplayName(struct dsdb_class **c1, struct dsdb_class **c2)
192 return strcasecmp((*c1)->lDAPDisplayName, (*c2)->lDAPDisplayName);
194 static int dsdb_compare_class_by_governsID_id(struct dsdb_class **c1, struct dsdb_class **c2)
196 return uint32_cmp((*c1)->governsID_id, (*c2)->governsID_id);
198 static int dsdb_compare_class_by_governsID_oid(struct dsdb_class **c1, struct dsdb_class **c2)
200 return strcasecmp((*c1)->governsID_oid, (*c2)->governsID_oid);
202 static int dsdb_compare_class_by_cn(struct dsdb_class **c1, struct dsdb_class **c2)
204 return strcasecmp((*c1)->cn, (*c2)->cn);
207 static int dsdb_compare_attribute_by_lDAPDisplayName(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
209 return strcasecmp((*a1)->lDAPDisplayName, (*a2)->lDAPDisplayName);
211 static int dsdb_compare_attribute_by_attributeID_id(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
213 return uint32_cmp((*a1)->attributeID_id, (*a2)->attributeID_id);
215 static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
217 return strcasecmp((*a1)->attributeID_oid, (*a2)->attributeID_oid);
219 static int dsdb_compare_attribute_by_linkID(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
221 return uint32_cmp((*a1)->linkID, (*a2)->linkID);
225 create the sorted accessor arrays for the schema
227 static int dsdb_setup_sorted_accessors(struct ldb_context *ldb,
228 struct dsdb_schema *schema)
230 struct dsdb_class *cur;
231 struct dsdb_attribute *a;
234 talloc_free(schema->classes_by_lDAPDisplayName);
235 talloc_free(schema->classes_by_governsID_id);
236 talloc_free(schema->classes_by_governsID_oid);
237 talloc_free(schema->classes_by_cn);
239 /* count the classes */
240 for (i=0, cur=schema->classes; cur; i++, cur=cur->next) /* noop */ ;
241 schema->num_classes = i;
243 /* setup classes_by_* */
244 schema->classes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_class *, i);
245 schema->classes_by_governsID_id = talloc_array(schema, struct dsdb_class *, i);
246 schema->classes_by_governsID_oid = talloc_array(schema, struct dsdb_class *, i);
247 schema->classes_by_cn = talloc_array(schema, struct dsdb_class *, i);
248 if (schema->classes_by_lDAPDisplayName == NULL ||
249 schema->classes_by_governsID_id == NULL ||
250 schema->classes_by_governsID_oid == NULL ||
251 schema->classes_by_cn == NULL) {
255 for (i=0, cur=schema->classes; cur; i++, cur=cur->next) {
256 schema->classes_by_lDAPDisplayName[i] = cur;
257 schema->classes_by_governsID_id[i] = cur;
258 schema->classes_by_governsID_oid[i] = cur;
259 schema->classes_by_cn[i] = cur;
262 /* sort the arrays */
263 TYPESAFE_QSORT(schema->classes_by_lDAPDisplayName, schema->num_classes, dsdb_compare_class_by_lDAPDisplayName);
264 TYPESAFE_QSORT(schema->classes_by_governsID_id, schema->num_classes, dsdb_compare_class_by_governsID_id);
265 TYPESAFE_QSORT(schema->classes_by_governsID_oid, schema->num_classes, dsdb_compare_class_by_governsID_oid);
266 TYPESAFE_QSORT(schema->classes_by_cn, schema->num_classes, dsdb_compare_class_by_cn);
268 /* now build the attribute accessor arrays */
269 talloc_free(schema->attributes_by_lDAPDisplayName);
270 talloc_free(schema->attributes_by_attributeID_id);
271 talloc_free(schema->attributes_by_attributeID_oid);
272 talloc_free(schema->attributes_by_linkID);
274 /* count the attributes */
275 for (i=0, a=schema->attributes; a; i++, a=a->next) /* noop */ ;
276 schema->num_attributes = i;
278 /* setup attributes_by_* */
279 schema->attributes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_attribute *, i);
280 schema->attributes_by_attributeID_id = talloc_array(schema, struct dsdb_attribute *, i);
281 schema->attributes_by_attributeID_oid = talloc_array(schema, struct dsdb_attribute *, i);
282 schema->attributes_by_linkID = talloc_array(schema, struct dsdb_attribute *, i);
283 if (schema->attributes_by_lDAPDisplayName == NULL ||
284 schema->attributes_by_attributeID_id == NULL ||
285 schema->attributes_by_attributeID_oid == NULL ||
286 schema->attributes_by_linkID == NULL) {
290 for (i=0, a=schema->attributes; a; i++, a=a->next) {
291 schema->attributes_by_lDAPDisplayName[i] = a;
292 schema->attributes_by_attributeID_id[i] = a;
293 schema->attributes_by_attributeID_oid[i] = a;
294 schema->attributes_by_linkID[i] = a;
297 /* sort the arrays */
298 TYPESAFE_QSORT(schema->attributes_by_lDAPDisplayName, schema->num_attributes, dsdb_compare_attribute_by_lDAPDisplayName);
299 TYPESAFE_QSORT(schema->attributes_by_attributeID_id, schema->num_attributes, dsdb_compare_attribute_by_attributeID_id);
300 TYPESAFE_QSORT(schema->attributes_by_attributeID_oid, schema->num_attributes, dsdb_compare_attribute_by_attributeID_oid);
301 TYPESAFE_QSORT(schema->attributes_by_linkID, schema->num_attributes, dsdb_compare_attribute_by_linkID);
306 schema->classes_by_lDAPDisplayName = NULL;
307 schema->classes_by_governsID_id = NULL;
308 schema->classes_by_governsID_oid = NULL;
309 schema->classes_by_cn = NULL;
310 schema->attributes_by_lDAPDisplayName = NULL;
311 schema->attributes_by_attributeID_id = NULL;
312 schema->attributes_by_attributeID_oid = NULL;
313 schema->attributes_by_linkID = NULL;
315 return LDB_ERR_OPERATIONS_ERROR;
318 int dsdb_setup_schema_inversion(struct ldb_context *ldb, struct dsdb_schema *schema)
320 /* Walk the list of schema classes */
322 /* For each subClassOf, add us to subclasses of the parent */
324 /* collect these subclasses into a recursive list of total subclasses, preserving order */
326 /* For each subclass under 'top', write the index from it's
327 * order as an integer in the dsdb_class (for sorting
328 * objectClass lists efficiently) */
330 /* Walk the list of scheam classes */
332 /* Create a 'total possible superiors' on each class */
337 * Attach the schema to an opaque pointer on the ldb, so ldb modules
341 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
345 ret = dsdb_setup_sorted_accessors(ldb, schema);
346 if (ret != LDB_SUCCESS) {
350 ret = schema_fill_constructed(schema);
351 if (ret != LDB_SUCCESS) {
355 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
356 if (ret != LDB_SUCCESS) {
360 /* Set the new attributes based on the new schema */
361 ret = dsdb_schema_set_attributes(ldb, schema, true);
362 if (ret != LDB_SUCCESS) {
366 talloc_steal(ldb, schema);
372 * Global variable to hold one copy of the schema, used to avoid memory bloat
374 static struct dsdb_schema *global_schema;
377 * Make this ldb use a specified schema, already fully calculated and belonging to another ldb
379 int dsdb_reference_schema(struct ldb_context *ldb, struct dsdb_schema *schema,
380 bool write_attributes)
383 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
384 if (ret != LDB_SUCCESS) {
388 /* Set the new attributes based on the new schema */
389 ret = dsdb_schema_set_attributes(ldb, schema, write_attributes);
390 if (ret != LDB_SUCCESS) {
394 /* Keep a reference to this schema, just incase the original copy is replaced */
395 if (talloc_reference(ldb, schema) == NULL) {
396 return LDB_ERR_OPERATIONS_ERROR;
403 * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
405 int dsdb_set_global_schema(struct ldb_context *ldb)
407 if (!global_schema) {
411 return dsdb_reference_schema(ldb, global_schema, false /* Don't write attributes, it's expensive */);
415 * Find the schema object for this ldb
417 * If reference_ctx is not NULL, then talloc_reference onto that context
420 struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb, TALLOC_CTX *reference_ctx)
423 struct dsdb_schema *schema;
425 /* see if we have a cached copy */
426 p = ldb_get_opaque(ldb, "dsdb_schema");
431 schema = talloc_get_type(p, struct dsdb_schema);
436 if (!reference_ctx) {
439 return talloc_reference(reference_ctx, schema);
444 * Make the schema found on this ldb the 'global' schema
447 void dsdb_make_schema_global(struct ldb_context *ldb)
449 struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
455 talloc_unlink(talloc_autofree_context(), global_schema);
458 /* we want the schema to be around permanently */
459 talloc_reparent(talloc_parent(schema), talloc_autofree_context(), schema);
461 global_schema = schema;
463 dsdb_set_global_schema(ldb);
466 /* When loading the schema from LDIF files, we don't get the extended DNs.
468 We need to set these up, so that from the moment we start the provision, the defaultObjectCategory links are set up correctly.
470 int dsdb_schema_fill_extended_dn(struct ldb_context *ldb, struct dsdb_schema *schema)
472 struct dsdb_class *cur;
473 const struct dsdb_class *target_class;
474 for (cur = schema->classes; cur; cur = cur->next) {
475 const struct ldb_val *rdn;
478 struct ldb_dn *dn = ldb_dn_new(NULL, ldb, cur->defaultObjectCategory);
481 return LDB_ERR_INVALID_DN_SYNTAX;
483 rdn = ldb_dn_get_component_val(dn, 0);
486 return LDB_ERR_INVALID_DN_SYNTAX;
488 target_class = dsdb_class_by_cn_ldb_val(schema, rdn);
491 return LDB_ERR_CONSTRAINT_VIOLATION;
494 status = GUID_to_ndr_blob(&target_class->objectGUID, dn, &guid);
495 if (!NT_STATUS_IS_OK(status)) {
497 return LDB_ERR_OPERATIONS_ERROR;
499 ldb_dn_set_extended_component(dn, "GUID", &guid);
501 cur->defaultObjectCategory = ldb_dn_get_extended_linearized(cur, dn, 1);
508 * Add an element to the schema (attribute or class) from an LDB message
510 WERROR dsdb_schema_set_el_from_ldb_msg(struct ldb_context *ldb, struct dsdb_schema *schema,
511 struct ldb_message *msg)
513 static struct ldb_parse_tree *attr_tree, *class_tree;
515 attr_tree = ldb_parse_tree(talloc_autofree_context(), "(objectClass=attributeSchema)");
522 class_tree = ldb_parse_tree(talloc_autofree_context(), "(objectClass=classSchema)");
528 if (ldb_match_msg(ldb, msg, attr_tree, NULL, LDB_SCOPE_BASE)) {
529 return dsdb_attribute_from_ldb(ldb, schema, msg);
530 } else if (ldb_match_msg(ldb, msg, class_tree, NULL, LDB_SCOPE_BASE)) {
531 return dsdb_class_from_ldb(schema, msg);
534 /* Don't fail on things not classes or attributes */
539 * Rather than read a schema from the LDB itself, read it from an ldif
540 * file. This allows schema to be loaded and used while adding the
541 * schema itself to the directory.
544 WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, const char *pf, const char *df)
546 struct ldb_ldif *ldif;
547 struct ldb_message *msg;
551 struct dsdb_schema *schema;
552 const struct ldb_val *prefix_val;
553 const struct ldb_val *info_val;
554 struct ldb_val info_val_default;
557 mem_ctx = talloc_new(ldb);
562 schema = dsdb_new_schema(mem_ctx, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")));
564 schema->fsmo.we_are_master = true;
565 schema->fsmo.master_dn = ldb_dn_new_fmt(schema, ldb, "@PROVISION_SCHEMA_MASTER");
566 if (!schema->fsmo.master_dn) {
571 * load the prefixMap attribute from pf
573 ldif = ldb_ldif_read_string(ldb, &pf);
575 status = WERR_INVALID_PARAM;
578 talloc_steal(mem_ctx, ldif);
580 msg = ldb_msg_canonicalize(ldb, ldif->msg);
584 talloc_steal(mem_ctx, msg);
587 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
589 status = WERR_INVALID_PARAM;
593 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
595 info_val_default = strhex_to_data_blob(mem_ctx, "FF0000000000000000000000000000000000000000");
596 if (!info_val_default.data) {
599 info_val = &info_val_default;
602 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
603 if (!W_ERROR_IS_OK(status)) {
608 * load the attribute and class definitions outof df
610 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
611 talloc_steal(mem_ctx, ldif);
613 msg = ldb_msg_canonicalize(ldb, ldif->msg);
618 status = dsdb_schema_set_el_from_ldb_msg(ldb, schema, msg);
620 if (!W_ERROR_IS_OK(status)) {
625 ret = dsdb_set_schema(ldb, schema);
626 if (ret != LDB_SUCCESS) {
627 status = WERR_FOOBAR;
631 ret = dsdb_schema_fill_extended_dn(ldb, schema);
632 if (ret != LDB_SUCCESS) {
633 status = WERR_FOOBAR;
643 talloc_free(mem_ctx);
git.samba.org / samba.git / blob