search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-dsdb: ensure we setup the dn_format field in schema attributes
[Samba.git] / source4 / dsdb / schema / schema_set.c
blob1c1e45ef78844bada9469f4181b5e9c7c606841e
1 /*
2 Unix SMB/CIFS implementation.
3 DSDB schema header
4
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
7 Copyright (C) Matthieu Patou <mat@matws.net> 2011
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "lib/util/dlinklist.h"
26 #include "dsdb/samdb/samdb.h"
27 #include <ldb_module.h>
28 #include "param/param.h"
29 #include "librpc/ndr/libndr.h"
30 #include "librpc/gen_ndr/ndr_misc.h"
31 #include "lib/util/tsort.h"
32
33 /*
34 override the name to attribute handler function
35 */
36 const struct ldb_schema_attribute *dsdb_attribute_handler_override(struct ldb_context *ldb,
37 void *private_data,
38 const char *name)
39 {
40 struct dsdb_schema *schema = talloc_get_type_abort(private_data, struct dsdb_schema);
41 const struct dsdb_attribute *a = dsdb_attribute_by_lDAPDisplayName(schema, name);
42 if (a == NULL) {
43 /* this will fall back to ldb internal handling */
44 return NULL;
45 }
46 return a->ldb_schema_attribute;
47 }
48
49 static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schema *schema, bool write_attributes)
50 {
51 int ret = LDB_SUCCESS;
52 struct ldb_result *res;
53 struct ldb_result *res_idx;
54 struct dsdb_attribute *attr;
55 struct ldb_message *mod_msg;
56 TALLOC_CTX *mem_ctx;
57 struct ldb_message *msg;
58 struct ldb_message *msg_idx;
59
60 /* setup our own attribute name to schema handler */
61 ldb_schema_attribute_set_override_handler(ldb, dsdb_attribute_handler_override, schema);
62
63 if (!write_attributes) {
64 return ret;
65 }
66
67 mem_ctx = talloc_new(ldb);
68 if (!mem_ctx) {
69 return ldb_oom(ldb);
70 }
71
72 msg = ldb_msg_new(mem_ctx);
73 if (!msg) {
74 ldb_oom(ldb);
75 goto op_error;
76 }
77 msg_idx = ldb_msg_new(mem_ctx);
78 if (!msg_idx) {
79 ldb_oom(ldb);
80 goto op_error;
81 }
82 msg->dn = ldb_dn_new(msg, ldb, "@ATTRIBUTES");
83 if (!msg->dn) {
84 ldb_oom(ldb);
85 goto op_error;
86 }
87 msg_idx->dn = ldb_dn_new(msg_idx, ldb, "@INDEXLIST");
88 if (!msg_idx->dn) {
89 ldb_oom(ldb);
90 goto op_error;
91 }
92
93 ret = ldb_msg_add_string(msg_idx, "@IDXONE", "1");
94 if (ret != LDB_SUCCESS) {
95 goto op_error;
96 }
97
98 for (attr = schema->attributes; attr; attr = attr->next) {
99 const char *syntax = attr->syntax->ldb_syntax;
100
101 if (!syntax) {
102 syntax = attr->syntax->ldap_oid;
103 }
104
105 /*
106 * Write out a rough approximation of the schema
107 * as an @ATTRIBUTES value, for bootstrapping
108 */
109 if (strcmp(syntax, LDB_SYNTAX_INTEGER) == 0) {
110 ret = ldb_msg_add_string(msg, attr->lDAPDisplayName, "INTEGER");
111 } else if (strcmp(syntax, LDB_SYNTAX_DIRECTORY_STRING) == 0) {
112 ret = ldb_msg_add_string(msg, attr->lDAPDisplayName, "CASE_INSENSITIVE");
113 }
114 if (ret != LDB_SUCCESS) {
115 break;
116 }
117
118 if (attr->searchFlags & SEARCH_FLAG_ATTINDEX) {
119 ret = ldb_msg_add_string(msg_idx, "@IDXATTR", attr->lDAPDisplayName);
120 if (ret != LDB_SUCCESS) {
121 break;
122 }
123 }
124 }
125
126 if (ret != LDB_SUCCESS) {
127 talloc_free(mem_ctx);
128 return ret;
129 }
130
131 /*
132 * Try to avoid churning the attributes too much,
133 * we only want to do this if they have changed
134 */
135 ret = ldb_search(ldb, mem_ctx, &res, msg->dn, LDB_SCOPE_BASE, NULL,
136 NULL);
137 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
138 ret = ldb_add(ldb, msg);
139 } else if (ret != LDB_SUCCESS) {
140 } else if (res->count != 1) {
141 ret = ldb_add(ldb, msg);
142 } else {
143 ret = LDB_SUCCESS;
144 /* Annoyingly added to our search results */
145 ldb_msg_remove_attr(res->msgs[0], "distinguishedName");
146
147 ret = ldb_msg_difference(ldb, mem_ctx,
148 res->msgs[0], msg, &mod_msg);
149 if (ret != LDB_SUCCESS) {
150 goto op_error;
151 }
152 if (mod_msg->num_elements > 0) {
153 ret = dsdb_replace(ldb, mod_msg, 0);
154 }
155 talloc_free(mod_msg);
156 }
157
158 if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
159 /* We might be on a read-only DB or LDAP */
160 ret = LDB_SUCCESS;
161 }
162 if (ret != LDB_SUCCESS) {
163 talloc_free(mem_ctx);
164 return ret;
165 }
166
167 /* Now write out the indexes, as found in the schema (if they have changed) */
168
169 ret = ldb_search(ldb, mem_ctx, &res_idx, msg_idx->dn, LDB_SCOPE_BASE,
170 NULL, NULL);
171 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
172 ret = ldb_add(ldb, msg_idx);
173 } else if (ret != LDB_SUCCESS) {
174 } else if (res_idx->count != 1) {
175 ret = ldb_add(ldb, msg_idx);
176 } else {
177 ret = LDB_SUCCESS;
178 /* Annoyingly added to our search results */
179 ldb_msg_remove_attr(res_idx->msgs[0], "distinguishedName");
180
181 ret = ldb_msg_difference(ldb, mem_ctx,
182 res_idx->msgs[0], msg_idx, &mod_msg);
183 if (ret != LDB_SUCCESS) {
184 goto op_error;
185 }
186 if (mod_msg->num_elements > 0) {
187 ret = dsdb_replace(ldb, mod_msg, 0);
188 }
189 talloc_free(mod_msg);
190 }
191 if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
192 /* We might be on a read-only DB */
193 ret = LDB_SUCCESS;
194 }
195 talloc_free(mem_ctx);
196 return ret;
197
198 op_error:
199 talloc_free(mem_ctx);
200 return ldb_operr(ldb);
201 }
202
203
204 /*
205 create extra attribute shortcuts
206 */
207 static void dsdb_setup_attribute_shortcuts(struct ldb_context *ldb, struct dsdb_schema *schema)
208 {
209 struct dsdb_attribute *attribute;
210
211 /* setup fast access to one_way_link and DN format */
212 for (attribute=schema->attributes; attribute; attribute=attribute->next) {
213 attribute->dn_format = dsdb_dn_oid_to_format(attribute->syntax->ldap_oid);
214
215 if (attribute->dn_format == DSDB_INVALID_DN) {
216 attribute->one_way_link = false;
217 continue;
218 }
219
220 /* these are not considered to be one way links for
221 the purpose of DN link fixups */
222 if (ldb_attr_cmp("distinguishedName", attribute->lDAPDisplayName) == 0 ||
223 ldb_attr_cmp("objectCategory", attribute->lDAPDisplayName) == 0) {
224 attribute->one_way_link = false;
225 continue;
226 }
227
228 if (attribute->linkID == 0) {
229 attribute->one_way_link = true;
230 continue;
231 }
232 /* handle attributes with a linkID but no backlink */
233 if (dsdb_attribute_by_linkID(schema, attribute->linkID) == NULL) {
234 attribute->one_way_link = true;
235 continue;
236 }
237 attribute->one_way_link = false;
238 }
239 }
240
241 static int uint32_cmp(uint32_t c1, uint32_t c2)
242 {
243 if (c1 == c2) return 0;
244 return c1 > c2 ? 1 : -1;
245 }
246
247 static int dsdb_compare_class_by_lDAPDisplayName(struct dsdb_class **c1, struct dsdb_class **c2)
248 {
249 return strcasecmp((*c1)->lDAPDisplayName, (*c2)->lDAPDisplayName);
250 }
251 static int dsdb_compare_class_by_governsID_id(struct dsdb_class **c1, struct dsdb_class **c2)
252 {
253 return uint32_cmp((*c1)->governsID_id, (*c2)->governsID_id);
254 }
255 static int dsdb_compare_class_by_governsID_oid(struct dsdb_class **c1, struct dsdb_class **c2)
256 {
257 return strcasecmp((*c1)->governsID_oid, (*c2)->governsID_oid);
258 }
259 static int dsdb_compare_class_by_cn(struct dsdb_class **c1, struct dsdb_class **c2)
260 {
261 return strcasecmp((*c1)->cn, (*c2)->cn);
262 }
263
264 static int dsdb_compare_attribute_by_lDAPDisplayName(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
265 {
266 return strcasecmp((*a1)->lDAPDisplayName, (*a2)->lDAPDisplayName);
267 }
268 static int dsdb_compare_attribute_by_attributeID_id(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
269 {
270 return uint32_cmp((*a1)->attributeID_id, (*a2)->attributeID_id);
271 }
272 static int dsdb_compare_attribute_by_msDS_IntId(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
273 {
274 return uint32_cmp((*a1)->msDS_IntId, (*a2)->msDS_IntId);
275 }
276 static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
277 {
278 return strcasecmp((*a1)->attributeID_oid, (*a2)->attributeID_oid);
279 }
280 static int dsdb_compare_attribute_by_linkID(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
281 {
282 return uint32_cmp((*a1)->linkID, (*a2)->linkID);
283 }
284
285 /**
286 * Clean up Classes and Attributes accessor arrays
287 */
288 static void dsdb_sorted_accessors_free(struct dsdb_schema *schema)
289 {
290 /* free classes accessors */
291 TALLOC_FREE(schema->classes_by_lDAPDisplayName);
292 TALLOC_FREE(schema->classes_by_governsID_id);
293 TALLOC_FREE(schema->classes_by_governsID_oid);
294 TALLOC_FREE(schema->classes_by_cn);
295 /* free attribute accessors */
296 TALLOC_FREE(schema->attributes_by_lDAPDisplayName);
297 TALLOC_FREE(schema->attributes_by_attributeID_id);
298 TALLOC_FREE(schema->attributes_by_msDS_IntId);
299 TALLOC_FREE(schema->attributes_by_attributeID_oid);
300 TALLOC_FREE(schema->attributes_by_linkID);
301 }
302
303 /*
304 create the sorted accessor arrays for the schema
305 */
306 int dsdb_setup_sorted_accessors(struct ldb_context *ldb,
307 struct dsdb_schema *schema)
308 {
309 struct dsdb_class *cur;
310 struct dsdb_attribute *a;
311 unsigned int i;
312 unsigned int num_int_id;
313
314 /* free all caches */
315 dsdb_sorted_accessors_free(schema);
316
317 /* count the classes */
318 for (i=0, cur=schema->classes; cur; i++, cur=cur->next) /* noop */ ;
319 schema->num_classes = i;
320
321 /* setup classes_by_* */
322 schema->classes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_class *, i);
323 schema->classes_by_governsID_id = talloc_array(schema, struct dsdb_class *, i);
324 schema->classes_by_governsID_oid = talloc_array(schema, struct dsdb_class *, i);
325 schema->classes_by_cn = talloc_array(schema, struct dsdb_class *, i);
326 if (schema->classes_by_lDAPDisplayName == NULL ||
327 schema->classes_by_governsID_id == NULL ||
328 schema->classes_by_governsID_oid == NULL ||
329 schema->classes_by_cn == NULL) {
330 goto failed;
331 }
332
333 for (i=0, cur=schema->classes; cur; i++, cur=cur->next) {
334 schema->classes_by_lDAPDisplayName[i] = cur;
335 schema->classes_by_governsID_id[i] = cur;
336 schema->classes_by_governsID_oid[i] = cur;
337 schema->classes_by_cn[i] = cur;
338 }
339
340 /* sort the arrays */
341 TYPESAFE_QSORT(schema->classes_by_lDAPDisplayName, schema->num_classes, dsdb_compare_class_by_lDAPDisplayName);
342 TYPESAFE_QSORT(schema->classes_by_governsID_id, schema->num_classes, dsdb_compare_class_by_governsID_id);
343 TYPESAFE_QSORT(schema->classes_by_governsID_oid, schema->num_classes, dsdb_compare_class_by_governsID_oid);
344 TYPESAFE_QSORT(schema->classes_by_cn, schema->num_classes, dsdb_compare_class_by_cn);
345
346 /* now build the attribute accessor arrays */
347
348 /* count the attributes
349 * and attributes with msDS-IntId set */
350 num_int_id = 0;
351 for (i=0, a=schema->attributes; a; i++, a=a->next) {
352 if (a->msDS_IntId != 0) {
353 num_int_id++;
354 }
355 }
356 schema->num_attributes = i;
357 schema->num_int_id_attr = num_int_id;
358
359 /* setup attributes_by_* */
360 schema->attributes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_attribute *, i);
361 schema->attributes_by_attributeID_id = talloc_array(schema, struct dsdb_attribute *, i);
362 schema->attributes_by_msDS_IntId = talloc_array(schema,
363 struct dsdb_attribute *, num_int_id);
364 schema->attributes_by_attributeID_oid = talloc_array(schema, struct dsdb_attribute *, i);
365 schema->attributes_by_linkID = talloc_array(schema, struct dsdb_attribute *, i);
366 if (schema->attributes_by_lDAPDisplayName == NULL ||
367 schema->attributes_by_attributeID_id == NULL ||
368 schema->attributes_by_msDS_IntId == NULL ||
369 schema->attributes_by_attributeID_oid == NULL ||
370 schema->attributes_by_linkID == NULL) {
371 goto failed;
372 }
373
374 num_int_id = 0;
375 for (i=0, a=schema->attributes; a; i++, a=a->next) {
376 schema->attributes_by_lDAPDisplayName[i] = a;
377 schema->attributes_by_attributeID_id[i] = a;
378 schema->attributes_by_attributeID_oid[i] = a;
379 schema->attributes_by_linkID[i] = a;
380 /* append attr-by-msDS-IntId values */
381 if (a->msDS_IntId != 0) {
382 schema->attributes_by_msDS_IntId[num_int_id] = a;
383 num_int_id++;
384 }
385 }
386 SMB_ASSERT(num_int_id == schema->num_int_id_attr);
387
388 /* sort the arrays */
389 TYPESAFE_QSORT(schema->attributes_by_lDAPDisplayName, schema->num_attributes, dsdb_compare_attribute_by_lDAPDisplayName);
390 TYPESAFE_QSORT(schema->attributes_by_attributeID_id, schema->num_attributes, dsdb_compare_attribute_by_attributeID_id);
391 TYPESAFE_QSORT(schema->attributes_by_msDS_IntId, schema->num_int_id_attr, dsdb_compare_attribute_by_msDS_IntId);
392 TYPESAFE_QSORT(schema->attributes_by_attributeID_oid, schema->num_attributes, dsdb_compare_attribute_by_attributeID_oid);
393 TYPESAFE_QSORT(schema->attributes_by_linkID, schema->num_attributes, dsdb_compare_attribute_by_linkID);
394
395 dsdb_setup_attribute_shortcuts(ldb, schema);
396
397 return LDB_SUCCESS;
398
399 failed:
400 dsdb_sorted_accessors_free(schema);
401 return ldb_oom(ldb);
402 }
403
404 int dsdb_setup_schema_inversion(struct ldb_context *ldb, struct dsdb_schema *schema)
405 {
406 /* Walk the list of schema classes */
407
408 /* For each subClassOf, add us to subclasses of the parent */
409
410 /* collect these subclasses into a recursive list of total subclasses, preserving order */
411
412 /* For each subclass under 'top', write the index from it's
413 * order as an integer in the dsdb_class (for sorting
414 * objectClass lists efficiently) */
415
416 /* Walk the list of schema classes */
417
418 /* Create a 'total possible superiors' on each class */
419 return LDB_SUCCESS;
420 }
421
422 /**
423 * Attach the schema to an opaque pointer on the ldb,
424 * so ldb modules can find it
425 */
426 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
427 {
428 struct dsdb_schema *old_schema;
429 int ret;
430
431 ret = dsdb_setup_sorted_accessors(ldb, schema);
432 if (ret != LDB_SUCCESS) {
433 return ret;
434 }
435
436 ret = schema_fill_constructed(schema);
437 if (ret != LDB_SUCCESS) {
438 return ret;
439 }
440
441 old_schema = ldb_get_opaque(ldb, "dsdb_schema");
442
443 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
444 if (ret != LDB_SUCCESS) {
445 return ret;
446 }
447
448 /* Remove the reference to the schema we just overwrote - if there was
449 * none, NULL is harmless here */
450 if (old_schema != schema) {
451 talloc_unlink(ldb, old_schema);
452 talloc_steal(ldb, schema);
453 }
454
455 ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", NULL);
456 if (ret != LDB_SUCCESS) {
457 return ret;
458 }
459
460 /* Set the new attributes based on the new schema */
461 ret = dsdb_schema_set_attributes(ldb, schema, true);
462 if (ret != LDB_SUCCESS) {
463 return ret;
464 }
465
466 return LDB_SUCCESS;
467 }
468
469 /**
470 * Global variable to hold one copy of the schema, used to avoid memory bloat
471 */
472 static struct dsdb_schema *global_schema;
473
474 /**
475 * Make this ldb use a specified schema, already fully calculated and belonging to another ldb
476 */
477 int dsdb_reference_schema(struct ldb_context *ldb, struct dsdb_schema *schema,
478 bool write_attributes)
479 {
480 int ret;
481 struct dsdb_schema *old_schema;
482 old_schema = ldb_get_opaque(ldb, "dsdb_schema");
483 ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
484 if (ret != LDB_SUCCESS) {
485 return ret;
486 }
487
488 /* Remove the reference to the schema we just overwrote - if there was
489 * none, NULL is harmless here */
490 talloc_unlink(ldb, old_schema);
491
492 if (talloc_reference(ldb, schema) == NULL) {
493 return ldb_oom(ldb);
494 }
495
496 /* Make this ldb use local schema preferably */
497 ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", NULL);
498 if (ret != LDB_SUCCESS) {
499 return ret;
500 }
501
502 ret = dsdb_schema_set_attributes(ldb, schema, write_attributes);
503 if (ret != LDB_SUCCESS) {
504 return ret;
505 }
506
507 return LDB_SUCCESS;
508 }
509
510 /**
511 * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
512 */
513 int dsdb_set_global_schema(struct ldb_context *ldb)
514 {
515 int ret;
516 void *use_global_schema = (void *)1;
517 if (!global_schema) {
518 return LDB_SUCCESS;
519 }
520 ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", use_global_schema);
521 if (ret != LDB_SUCCESS) {
522 return ret;
523 }
524
525 /* Set the new attributes based on the new schema */
526 ret = dsdb_schema_set_attributes(ldb, global_schema, false /* Don't write attributes, it's expensive */);
527 if (ret == LDB_SUCCESS) {
528 /* Keep a reference to this schema, just in case the original copy is replaced */
529 if (talloc_reference(ldb, global_schema) == NULL) {
530 return ldb_oom(ldb);
531 }
532 }
533
534 return ret;
535 }
536
537 bool dsdb_uses_global_schema(struct ldb_context *ldb)
538 {
539 return (ldb_get_opaque(ldb, "dsdb_use_global_schema") != NULL);
540 }
541
542 /**
543 * Find the schema object for this ldb
544 *
545 * If reference_ctx is not NULL, then talloc_reference onto that context
546 */
547
548 struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb, TALLOC_CTX *reference_ctx)
549 {
550 const void *p;
551 struct dsdb_schema *schema_out;
552 struct dsdb_schema *schema_in;
553 bool use_global_schema;
554 TALLOC_CTX *tmp_ctx = talloc_new(reference_ctx);
555 if (!tmp_ctx) {
556 return NULL;
557 }
558
559 /* see if we have a cached copy */
560 use_global_schema = dsdb_uses_global_schema(ldb);
561 if (use_global_schema) {
562 schema_in = global_schema;
563 } else {
564 p = ldb_get_opaque(ldb, "dsdb_schema");
565
566 schema_in = talloc_get_type(p, struct dsdb_schema);
567 if (!schema_in) {
568 talloc_free(tmp_ctx);
569 return NULL;
570 }
571 }
572
573 if (schema_in->refresh_fn && !schema_in->refresh_in_progress) {
574 if (!talloc_reference(tmp_ctx, schema_in)) {
575 /*
576 * ensure that the schema_in->refresh_in_progress
577 * remains valid for the right amount of time
578 */
579 talloc_free(tmp_ctx);
580 return NULL;
581 }
582 schema_in->refresh_in_progress = true;
583 /* This may change schema, if it needs to reload it from disk */
584 schema_out = schema_in->refresh_fn(schema_in->loaded_from_module,
585 schema_in,
586 use_global_schema);
587 schema_in->refresh_in_progress = false;
588 } else {
589 schema_out = schema_in;
590 }
591
592 /* This removes the extra reference above */
593 talloc_free(tmp_ctx);
594 if (!reference_ctx) {
595 return schema_out;
596 } else {
597 return talloc_reference(reference_ctx, schema_out);
598 }
599 }
600
601 /**
602 * Make the schema found on this ldb the 'global' schema
603 */
604
605 void dsdb_make_schema_global(struct ldb_context *ldb, struct dsdb_schema *schema)
606 {
607 if (!schema) {
608 return;
609 }
610
611 if (global_schema) {
612 talloc_unlink(talloc_autofree_context(), global_schema);
613 }
614
615 /* we want the schema to be around permanently */
616 talloc_reparent(ldb, talloc_autofree_context(), schema);
617 global_schema = schema;
618
619 /* This calls the talloc_reference() of the global schema back onto the ldb */
620 dsdb_set_global_schema(ldb);
621 }
622
623 /**
624 * When loading the schema from LDIF files, we don't get the extended DNs.
625 *
626 * We need to set these up, so that from the moment we start the provision,
627 * the defaultObjectCategory links are set up correctly.
628 */
629 int dsdb_schema_fill_extended_dn(struct ldb_context *ldb, struct dsdb_schema *schema)
630 {
631 struct dsdb_class *cur;
632 const struct dsdb_class *target_class;
633 for (cur = schema->classes; cur; cur = cur->next) {
634 const struct ldb_val *rdn;
635 struct ldb_val guid;
636 NTSTATUS status;
637 struct ldb_dn *dn = ldb_dn_new(NULL, ldb, cur->defaultObjectCategory);
638
639 if (!dn) {
640 return LDB_ERR_INVALID_DN_SYNTAX;
641 }
642 rdn = ldb_dn_get_component_val(dn, 0);
643 if (!rdn) {
644 talloc_free(dn);
645 return LDB_ERR_INVALID_DN_SYNTAX;
646 }
647 target_class = dsdb_class_by_cn_ldb_val(schema, rdn);
648 if (!target_class) {
649 talloc_free(dn);
650 return LDB_ERR_CONSTRAINT_VIOLATION;
651 }
652
653 status = GUID_to_ndr_blob(&target_class->objectGUID, dn, &guid);
654 if (!NT_STATUS_IS_OK(status)) {
655 talloc_free(dn);
656 return ldb_operr(ldb);
657 }
658 ldb_dn_set_extended_component(dn, "GUID", &guid);
659
660 cur->defaultObjectCategory = ldb_dn_get_extended_linearized(cur, dn, 1);
661 talloc_free(dn);
662 }
663 return LDB_SUCCESS;
664 }
665
666 /**
667 * Add an element to the schema (attribute or class) from an LDB message
668 */
669 WERROR dsdb_schema_set_el_from_ldb_msg(struct ldb_context *ldb, struct dsdb_schema *schema,
670 struct ldb_message *msg)
671 {
672 if (samdb_find_attribute(ldb, msg,
673 "objectclass", "attributeSchema") != NULL) {
674 return dsdb_attribute_from_ldb(ldb, schema, msg);
675 } else if (samdb_find_attribute(ldb, msg,
676 "objectclass", "classSchema") != NULL) {
677 return dsdb_class_from_ldb(schema, msg);
678 }
679
680 /* Don't fail on things not classes or attributes */
681 return WERR_OK;
682 }
683
684 /**
685 * Rather than read a schema from the LDB itself, read it from an ldif
686 * file. This allows schema to be loaded and used while adding the
687 * schema itself to the directory.
688 */
689
690 WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, const char *pf, const char *df)
691 {
692 struct ldb_ldif *ldif;
693 struct ldb_message *msg;
694 TALLOC_CTX *mem_ctx;
695 WERROR status;
696 int ret;
697 struct dsdb_schema *schema;
698 const struct ldb_val *prefix_val;
699 const struct ldb_val *info_val;
700 struct ldb_val info_val_default;
701
702
703 mem_ctx = talloc_new(ldb);
704 if (!mem_ctx) {
705 goto nomem;
706 }
707
708 schema = dsdb_new_schema(mem_ctx);
709
710 schema->fsmo.we_are_master = true;
711 schema->fsmo.master_dn = ldb_dn_new_fmt(schema, ldb, "@PROVISION_SCHEMA_MASTER");
712 if (!schema->fsmo.master_dn) {
713 goto nomem;
714 }
715
716 /*
717 * load the prefixMap attribute from pf
718 */
719 ldif = ldb_ldif_read_string(ldb, &pf);
720 if (!ldif) {
721 status = WERR_INVALID_PARAM;
722 goto failed;
723 }
724 talloc_steal(mem_ctx, ldif);
725
726 ret = ldb_msg_normalize(ldb, mem_ctx, ldif->msg, &msg);
727 if (ret != LDB_SUCCESS) {
728 goto nomem;
729 }
730 talloc_free(ldif);
731
732 prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
733 if (!prefix_val) {
734 status = WERR_INVALID_PARAM;
735 goto failed;
736 }
737
738 info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
739 if (!info_val) {
740 status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default);
741 W_ERROR_NOT_OK_GOTO(status, failed);
742 info_val = &info_val_default;
743 }
744
745 status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
746 if (!W_ERROR_IS_OK(status)) {
747 DEBUG(0,("ERROR: dsdb_load_oid_mappings_ldb() failed with %s\n", win_errstr(status)));
748 goto failed;
749 }
750
751 /* load the attribute and class definitions out of df */
752 while ((ldif = ldb_ldif_read_string(ldb, &df))) {
753 talloc_steal(mem_ctx, ldif);
754
755 ret = ldb_msg_normalize(ldb, ldif, ldif->msg, &msg);
756 if (ret != LDB_SUCCESS) {
757 goto nomem;
758 }
759
760 status = dsdb_schema_set_el_from_ldb_msg(ldb, schema, msg);
761 talloc_free(ldif);
762 if (!W_ERROR_IS_OK(status)) {
763 goto failed;
764 }
765 }
766
767 ret = dsdb_set_schema(ldb, schema);
768 if (ret != LDB_SUCCESS) {
769 status = WERR_FOOBAR;
770 goto failed;
771 }
772
773 ret = dsdb_schema_fill_extended_dn(ldb, schema);
774 if (ret != LDB_SUCCESS) {
775 status = WERR_FOOBAR;
776 goto failed;
777 }
778
779 goto done;
780
781 nomem:
782 status = WERR_NOMEM;
783 failed:
784 done:
785 talloc_free(mem_ctx);
786 return status;
787 }
Samba GIT mirror