Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba

7 files changed, 335 insertions, 202 deletions

diff --git a/source4/dsdb/schema/prefixmap.h b/source4/dsdb/schema/prefixmap.h
new file mode 100644
index 0000000000..7b28c88749
--- /dev/null
+++ b/source4/dsdb/schema/prefixmap.h
@@ -0,0 +1,45 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRS::prefixMap data structures
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _DSDB_PREFIXMAP_H
+#define _DSDB_PREFIXMAP_H
+
+/**
+ * oid-prefix in prefixmap
+ */
+struct dsdb_schema_prefixmap_oid {
+	uint32_t id;
+	DATA_BLOB *bin_oid; /* partial binary-oid prefix */
+};
+
+/**
+ * DSDB prefixMap internal presentation
+ */
+struct dsdb_schema_prefixmap {
+	uint32_t length;
+	struct dsdb_schema_prefixmap_oid *prefixes;
+};
+
+
+#include "dsdb/schema/proto.h"
+
+
+#endif /* _DSDB_PREFIXMAP_H */
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index 4e7e503931..ddd9b375f6 100644
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -119,6 +119,7 @@ struct dsdb_class {
 	const char **mustContain;
 	const char **mayContain;
 	const char **possibleInferiors;
+	const char **systemPossibleInferiors;
 
 	const char *defaultSecurityDescriptor;
 
diff --git a/source4/dsdb/schema/schema_inferiors.c b/source4/dsdb/schema/schema_inferiors.c
index b02d557c58..ecac74a954 100644
--- a/source4/dsdb/schema/schema_inferiors.c
+++ b/source4/dsdb/schema/schema_inferiors.c
@@ -149,19 +149,22 @@ void schema_subclasses_order_recurse(struct dsdb_schema *schema, struct dsdb_cla
 	return;
 }
 
-static void schema_create_subclasses(struct dsdb_schema *schema)
+static int schema_create_subclasses(struct dsdb_schema *schema)
 {
-	struct dsdb_class *schema_class;
+	struct dsdb_class *schema_class, *top;
 
 	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
 		struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, schema_class->subClassOf);
 		if (schema_class2 == NULL) {
 			DEBUG(0,("ERROR: no subClassOf for '%s'\n", schema_class->lDAPDisplayName));
-			continue;
+			return LDB_ERR_OPERATIONS_ERROR;
 		}
 		if (schema_class2 && schema_class != schema_class2) {
 			if (schema_class2->subclasses_direct == NULL) {
 				schema_class2->subclasses_direct = str_list_make_empty(schema_class2);
+				if (!schema_class2->subclasses_direct) {
+					return LDB_ERR_OPERATIONS_ERROR;
+				}
 			}
 			schema_class2->subclasses_direct = str_list_add_const(schema_class2->subclasses_direct, 
 									schema_class->lDAPDisplayName);
@@ -175,7 +178,14 @@ static void schema_create_subclasses(struct dsdb_schema *schema)
 		schema_class->subClass_order = 0;
 	}
 
-	schema_subclasses_order_recurse(schema, dsdb_class_by_lDAPDisplayName(schema, "top"), 1);
+	top = dsdb_class_by_lDAPDisplayName(schema, "top");
+	if (!top) {
+		DEBUG(0,("ERROR: no 'top' class in loaded schema\n"));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	schema_subclasses_order_recurse(schema, top, 1);
+	return LDB_SUCCESS;
 }
 
 static void schema_fill_possible_inferiors(struct dsdb_schema *schema, struct dsdb_class *schema_class)
@@ -198,6 +208,25 @@ static void schema_fill_possible_inferiors(struct dsdb_schema *schema, struct ds
 	schema_class->possibleInferiors = str_list_unique(schema_class->possibleInferiors);
 }
 
+static void schema_fill_system_possible_inferiors(struct dsdb_schema *schema, struct dsdb_class *schema_class)
+{
+	struct dsdb_class *c2;
+
+	for (c2=schema->classes; c2; c2=c2->next) {
+		char **superiors = schema_posssuperiors(schema, c2);
+		if (c2->objectClassCategory != 2
+		    && c2->objectClassCategory != 3
+		    && str_list_check(superiors, schema_class->lDAPDisplayName)) {
+			if (schema_class->systemPossibleInferiors == NULL) {
+				schema_class->systemPossibleInferiors = str_list_make_empty(schema_class);
+			}
+			schema_class->systemPossibleInferiors = str_list_add_const(schema_class->systemPossibleInferiors,
+										   c2->lDAPDisplayName);
+		}
+	}
+	schema_class->systemPossibleInferiors = str_list_unique(schema_class->systemPossibleInferiors);
+}
+
 /*
   fill in a string class name from a governs_ID
  */
@@ -275,16 +304,21 @@ static void schema_fill_from_ids(struct dsdb_schema *schema)
 	}
 }
 
-void schema_fill_constructed(struct dsdb_schema *schema) 
+int schema_fill_constructed(struct dsdb_schema *schema) 
 {
+	int ret;
 	struct dsdb_class *schema_class;
 
 	schema_fill_from_ids(schema);
 
-	schema_create_subclasses(schema);
+	ret = schema_create_subclasses(schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
 
 	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
 		schema_fill_possible_inferiors(schema, schema_class);
+		schema_fill_system_possible_inferiors(schema, schema_class);
 	}
 
 	/* free up our internal cache elements */
@@ -298,4 +332,5 @@ void schema_fill_constructed(struct dsdb_schema *schema)
 		schema_class->subclasses = NULL;
 		schema_class->posssuperiors = NULL;
 	}
+	return LDB_SUCCESS;
 }
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index b876ab09fc..f8b7d5dd44 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -29,6 +29,9 @@
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "param/param.h"
 #include "lib/ldb/include/ldb_module.h"
+#include "../lib/util/asn1.h"
+
+static WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint32_t* num_prefixes, struct dsdb_schema_oid_prefix **prefixes);
 
 struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience)
 {
@@ -50,11 +53,11 @@ WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct d
 	W_ERROR_HAVE_NO_MEMORY(schema->prefixes);
 
 	for (i=0, j=0; i < ctr->num_mappings; i++) {
-		if (ctr->mappings[i].oid.oid == NULL) {
+		if (ctr->mappings[i].oid.binary_oid == NULL) {
 			return WERR_INVALID_PARAM;
 		}
 
-		if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
+		if (ctr->mappings[i].oid.binary_oid[0] == 0xFF) {
 			if (ctr->mappings[i].id_prefix != 0) {
 				return WERR_INVALID_PARAM;
 			}
@@ -64,21 +67,33 @@ WERROR dsdb_load_oid_mappings_drsuapi(struct dsdb_schema *schema, const struct d
 				return WERR_INVALID_PARAM;
 			}
 
-			if (ctr->mappings[i].oid.__ndr_size != 21) {
+			if (ctr->mappings[i].oid.length != 21) {
 				return WERR_INVALID_PARAM;
 			}
 
-			schema->schema_info = talloc_strdup(schema, ctr->mappings[i].oid.oid);
+			schema->schema_info = hex_encode_talloc(schema,
+								ctr->mappings[i].oid.binary_oid,
+								ctr->mappings[i].oid.length);
 			W_ERROR_HAVE_NO_MEMORY(schema->schema_info);
 		} else {
+			DATA_BLOB oid_blob;
+			const char *partial_oid = NULL;
+
 			/* the last array member should contain the magic value not a oid */
 			if (i == (ctr->num_mappings - 1)) {
 				return WERR_INVALID_PARAM;
 			}
 
+			oid_blob = data_blob_const(ctr->mappings[i].oid.binary_oid,
+						   ctr->mappings[i].oid.length);
+			if (!ber_read_partial_OID_String(schema->prefixes, oid_blob, &partial_oid)) {
+				DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X",
+					  ctr->mappings[i].id_prefix));
+				return WERR_INVALID_PARAM;
+			}
+
 			schema->prefixes[j].id	= ctr->mappings[i].id_prefix<<16;
-			schema->prefixes[j].oid	= talloc_asprintf(schema->prefixes, "%s.",
-								  ctr->mappings[i].oid.oid);
+			schema->prefixes[j].oid	= partial_oid;
 			W_ERROR_HAVE_NO_MEMORY(schema->prefixes[j].oid);
 			schema->prefixes[j].oid_len = strlen(schema->prefixes[j].oid);
 			j++;
@@ -96,7 +111,7 @@ WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
 	WERROR status;
 	enum ndr_err_code ndr_err;
 	struct prefixMapBlob pfm;
-	char *schema_info;
+	DATA_BLOB schema_info_blob;
 
 	TALLOC_CTX *mem_ctx = talloc_new(schema);
 	W_ERROR_HAVE_NO_MEMORY(mem_ctx);
@@ -125,12 +140,12 @@ WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
 					       pfm.ctr.dsdb.num_mappings);
 	W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
 
-	schema_info = data_blob_hex_string(pfm.ctr.dsdb.mappings, schemaInfo);
-	W_ERROR_HAVE_NO_MEMORY(schema_info);
+	schema_info_blob = data_blob_dup_talloc(pfm.ctr.dsdb.mappings, schemaInfo);
+	W_ERROR_HAVE_NO_MEMORY(schema_info_blob.data);
 
 	pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].id_prefix		= 0;	
-	pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.__ndr_size	= schemaInfo->length;
-	pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.oid		= schema_info;
+	pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.length		= schemaInfo->length;
+	pfm.ctr.dsdb.mappings[pfm.ctr.dsdb.num_mappings - 1].oid.binary_oid	= schema_info_blob.data;
 
 	/* call the drsuapi version */
 	status = dsdb_load_oid_mappings_drsuapi(schema, &pfm.ctr.dsdb);
@@ -146,6 +161,7 @@ WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
 				     TALLOC_CTX *mem_ctx,
 				     struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
 {
+	DATA_BLOB oid_blob;
 	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
 	uint32_t i;
 
@@ -158,18 +174,23 @@ WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
 	W_ERROR_HAVE_NO_MEMORY(ctr->mappings);
 
 	for (i=0; i < schema->num_prefixes; i++) {
+		if (!ber_write_partial_OID_String(ctr->mappings, &oid_blob, schema->prefixes[i].oid)) {
+			DEBUG(0, ("write_partial_OID failed for %s", schema->prefixes[i].oid));
+			return WERR_INTERNAL_ERROR;
+		}
+
 		ctr->mappings[i].id_prefix	= schema->prefixes[i].id>>16;
-		ctr->mappings[i].oid.oid	= talloc_strndup(ctr->mappings,
-								 schema->prefixes[i].oid,
-								 schema->prefixes[i].oid_len - 1);
-		W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
+		ctr->mappings[i].oid.length	= oid_blob.length;
+		ctr->mappings[i].oid.binary_oid	= oid_blob.data;
 	}
 
 	if (include_schema_info) {
+		oid_blob = strhex_to_data_blob(ctr->mappings, schema->schema_info);
+		W_ERROR_HAVE_NO_MEMORY(oid_blob.data);
+
 		ctr->mappings[i].id_prefix	= 0;
-		ctr->mappings[i].oid.oid	= talloc_strdup(ctr->mappings,
-								schema->schema_info);
-		W_ERROR_HAVE_NO_MEMORY(ctr->mappings[i].oid.oid);
+		ctr->mappings[i].oid.length	= oid_blob.length;
+		ctr->mappings[i].oid.binary_oid	= oid_blob.data;
 	}
 
 	*_ctr = ctr;
@@ -209,13 +230,14 @@ WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
 WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
 {
 	uint32_t i,j;
+	DATA_BLOB oid_blob;
 
 	for (i=0; i < ctr->num_mappings; i++) {
-		if (ctr->mappings[i].oid.oid == NULL) {
+		if (ctr->mappings[i].oid.binary_oid == NULL) {
 			return WERR_INVALID_PARAM;
 		}
 
-		if (strncasecmp(ctr->mappings[i].oid.oid, "ff", 2) == 0) {
+		if (ctr->mappings[i].oid.binary_oid[0] == 0xFF) {
 			if (ctr->mappings[i].id_prefix != 0) {
 				return WERR_INVALID_PARAM;
 			}
@@ -225,13 +247,19 @@ WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const
 				return WERR_INVALID_PARAM;
 			}
 
-			if (ctr->mappings[i].oid.__ndr_size != 21) {
+			if (ctr->mappings[i].oid.length != 21) {
 				return WERR_INVALID_PARAM;
 			}
 
-			if (strcasecmp(schema->schema_info, ctr->mappings[i].oid.oid) != 0) {
+			oid_blob = strhex_to_data_blob(NULL, schema->schema_info);
+			W_ERROR_HAVE_NO_MEMORY(oid_blob.data);
+
+			if (memcmp(oid_blob.data, ctr->mappings[i].oid.binary_oid, 21) != 0) {
+				data_blob_free(&oid_blob);
 				return WERR_DS_DRA_SCHEMA_MISMATCH;
 			}
+
+			data_blob_free(&oid_blob);
 		} else {
 			/* the last array member should contain the magic value not a oid */
 			if (i == (ctr->num_mappings - 1)) {
@@ -239,21 +267,26 @@ WERROR dsdb_verify_oid_mappings_drsuapi(const struct dsdb_schema *schema, const
 			}
 
 			for (j=0; j < schema->num_prefixes; j++) {
-				size_t oid_len;
 				if (schema->prefixes[j].id != (ctr->mappings[i].id_prefix<<16)) {
 					continue;
 				}
 
-				oid_len = strlen(ctr->mappings[i].oid.oid);
+				if (!ber_write_partial_OID_String(NULL, &oid_blob, schema->prefixes[j].oid)) {
+					return WERR_INTERNAL_ERROR;
+				}
 
-				if (oid_len != (schema->prefixes[j].oid_len - 1)) {
+				if (oid_blob.length != ctr->mappings[j].oid.length) {
+					data_blob_free(&oid_blob);
 					return WERR_DS_DRA_SCHEMA_MISMATCH;
 				}
 
-				if (strncmp(ctr->mappings[i].oid.oid, schema->prefixes[j].oid, oid_len) != 0) {
-					return WERR_DS_DRA_SCHEMA_MISMATCH;				
+				if (memcmp(ctr->mappings[i].oid.binary_oid, oid_blob.data, oid_blob.length) != 0) {
+					data_blob_free(&oid_blob);
+					return WERR_DS_DRA_SCHEMA_MISMATCH;
 				}
 
+				data_blob_free(&oid_blob);
+
 				break;
 			}
 
@@ -282,7 +315,7 @@ WERROR dsdb_map_int2oid(const struct dsdb_schema *schema, uint32_t in, TALLOC_CT
 			continue;
 		}
 
-		val = talloc_asprintf(mem_ctx, "%s%u",
+		val = talloc_asprintf(mem_ctx, "%s.%u",
 				      schema->prefixes[i].oid,
 				      in & 0xFFFF);
 		W_ERROR_HAVE_NO_MEMORY(val);
@@ -389,8 +422,6 @@ WERROR dsdb_prefix_map_update(TALLOC_CTX *mem_ctx, uint32_t *num_prefixes, struc
 		DEBUG(0,("dsdb_prefix_map_update: size of the remaining string invalid\n"));
 		return WERR_FOOBAR;
 	}
-	/* Add one because we need to copy the dot */
-	size += 1;
 
 	/* Create a spot in the prefixMap for one more prefix*/
 	(*prefixes) = talloc_realloc(mem_ctx, *prefixes, struct dsdb_schema_oid_prefix, new_num_prefixes);
@@ -410,37 +441,33 @@ WERROR dsdb_prefix_map_update(TALLOC_CTX *mem_ctx, uint32_t *num_prefixes, struc
 WERROR dsdb_find_prefix_for_oid(uint32_t num_prefixes, const struct dsdb_schema_oid_prefix *prefixes, const char *in, uint32_t *out)
 {
 	uint32_t i;
+	char *oid_prefix;
+	char *pstr;
+	char *end_str;
+	unsigned val;
 
-	for (i=0; i < num_prefixes; i++) {
-		const char *val_str;
-		char *end_str;
-		unsigned val;
+	/* make oid prefix, i.e. oid w/o last subidentifier */
+	pstr = strrchr(in, '.');
+	if (!pstr)	return WERR_INVALID_PARAM;
+	if (pstr < in)	return WERR_INVALID_PARAM;
+	if ((pstr - in) < 4) return WERR_INVALID_PARAM;
 
-		if (strncmp(prefixes[i].oid, in, prefixes[i].oid_len) != 0) {
-			continue;
-		}
+	oid_prefix = talloc_strndup(0, in, pstr - in);
 
-		val_str = in + prefixes[i].oid_len;
-		end_str = NULL;
-		errno = 0;
-
-		if (val_str[0] == '\0') {
-			return WERR_INVALID_PARAM;
+	for (i=0; i < num_prefixes; i++) {
+		if (strcmp(prefixes[i].oid, oid_prefix) == 0) {
+			break;
 		}
+	}
 
-		/* two '.' chars are invalid */
-		if (val_str[0] == '.') {
-			return WERR_INVALID_PARAM;
-		}
+	talloc_free(oid_prefix);
 
-		val = strtoul(val_str, &end_str, 10);
-		if (end_str[0] == '.' && end_str[1] != '\0') {
-			/*
-			 * if it's a '.' and not the last char
-			 * then maybe an other mapping apply
-			 */
-			continue;
-		} else if (end_str[0] != '\0') {
+	if (i < num_prefixes) {
+		/* move next to '.' char */
+		pstr++;
+
+		val = strtoul(pstr, &end_str, 10);
+		if (end_str[0] != '\0') {
 			return WERR_INVALID_PARAM;
 		} else if (val > 0xFFFF) {
 			return WERR_INVALID_PARAM;
@@ -487,8 +514,16 @@ WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_co
 	}
 
 	for (i=0; i < schema->num_prefixes; i++) {
-		pm.ctr.dsdb.mappings[i].id_prefix = schema->prefixes[i].id>>16;
-		pm.ctr.dsdb.mappings[i].oid.oid = talloc_strdup(pm.ctr.dsdb.mappings, schema->prefixes[i].oid);
+		DATA_BLOB oid_blob;
+
+		if (!ber_write_partial_OID_String(pm.ctr.dsdb.mappings, &oid_blob, schema->prefixes[i].oid)) {
+			DEBUG(0, ("write_partial_OID failed for %s", schema->prefixes[i].oid));
+			return WERR_INTERNAL_ERROR;
+		}
+
+		pm.ctr.dsdb.mappings[i].id_prefix 	= schema->prefixes[i].id>>16;
+		pm.ctr.dsdb.mappings[i].oid.length 	= oid_blob.length;
+		pm.ctr.dsdb.mappings[i].oid.binary_oid 	= oid_blob.data;
 	}
 
 	ndr_err = ndr_push_struct_blob(&ndr_blob, msg,
@@ -519,14 +554,14 @@ WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_co
 	return WERR_OK;
 }
 
-WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint32_t* num_prefixes, struct dsdb_schema_oid_prefix **prefixes)
+static WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint32_t* num_prefixes, struct dsdb_schema_oid_prefix **prefixes)
 {
 	struct prefixMapBlob *blob;
 	enum ndr_err_code ndr_err;
 	uint32_t i;
 	const struct ldb_val *prefix_val;
 	struct ldb_dn *schema_dn;
-	struct ldb_result *schema_res;
+	struct ldb_result *schema_res = NULL;
 	int ret;    
 	static const char *schema_attrs[] = {
 		"prefixMap",
@@ -586,10 +621,21 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 		return WERR_NOMEM;
 	}
 	for (i=0; i < blob->ctr.dsdb.num_mappings; i++) {
-		char *oid;
+		DATA_BLOB oid_blob;
+		const char *partial_oid;
+
+		oid_blob = data_blob_const(blob->ctr.dsdb.mappings[i].oid.binary_oid,
+					   blob->ctr.dsdb.mappings[i].oid.length);
+
+		if (!ber_read_partial_OID_String(mem_ctx, oid_blob, &partial_oid)) {
+			DEBUG(0, ("ber_read_partial_OID failed on prefixMap item with id: 0x%X",
+					blob->ctr.dsdb.mappings[i].id_prefix));
+			talloc_free(blob);
+			return WERR_INVALID_PARAM;
+		}
+
 		(*prefixes)[i].id = blob->ctr.dsdb.mappings[i].id_prefix<<16;
-		oid = talloc_strdup(mem_ctx, blob->ctr.dsdb.mappings[i].oid.oid);
-		(*prefixes)[i].oid = talloc_asprintf_append(oid, "."); 
+		(*prefixes)[i].oid = partial_oid;
 		(*prefixes)[i].oid_len = strlen((*prefixes)[i].oid);
 	}
 
@@ -906,7 +952,7 @@ WERROR dsdb_class_from_ldb(const struct dsdb_schema *schema,
 /* 
  Create a DSDB schema from the ldb results provided.  This is called
  directly when the schema is provisioned from an on-disk LDIF file, or
- from dsdb_schema_from_schema_dn below
+ from dsdb_schema_from_schema_dn in schema_fsmo
 */
 
 int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
@@ -1013,115 +1059,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 	return LDB_SUCCESS;
 }
 
-/*
-  Given an LDB, and the DN, return a populated schema
-*/
-
-int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
-			       struct smb_iconv_convenience *iconv_convenience, 
-			       struct ldb_dn *schema_dn,
-			       struct dsdb_schema **schema,
-			       char **error_string_out) 
-{
-	TALLOC_CTX *tmp_ctx;
-	char *error_string;
-	int ret;
-
-	struct ldb_result *schema_res;
-	struct ldb_result *a_res;
-	struct ldb_result *c_res;
-	static const char *schema_attrs[] = {
-		"prefixMap",
-		"schemaInfo",
-		"fSMORoleOwner",
-		NULL
-	};
-	unsigned flags;
-
-	tmp_ctx = talloc_new(mem_ctx);
-	if (!tmp_ctx) {
-		dsdb_oom(error_string_out, mem_ctx);
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
-	/* we don't want to trace the schema load */
-	flags = ldb_get_flags(ldb);
-	ldb_set_flags(ldb, flags & ~LDB_FLG_ENABLE_TRACING);
-
-	/*
-	 * setup the prefix mappings and schema info
-	 */
-	ret = ldb_search(ldb, tmp_ctx, &schema_res,
-			 schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL);
-	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
-		goto failed;
-	} else if (ret != LDB_SUCCESS) {
-		*error_string_out = talloc_asprintf(mem_ctx, 
-				       "dsdb_schema: failed to search the schema head: %s",
-				       ldb_errstring(ldb));
-		goto failed;
-	}
-	if (schema_res->count != 1) {
-		*error_string_out = talloc_asprintf(mem_ctx, 
-			      "dsdb_schema: [%u] schema heads found on a base search",
-			      schema_res->count);
-		goto failed;
-	}
-
-	/*
-	 * load the attribute definitions
-	 */
-	ret = ldb_search(ldb, tmp_ctx, &a_res,
-			 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
-			 "(objectClass=attributeSchema)");
-	if (ret != LDB_SUCCESS) {
-		*error_string_out = talloc_asprintf(mem_ctx, 
-				       "dsdb_schema: failed to search attributeSchema objects: %s",
-				       ldb_errstring(ldb));
-		goto failed;
-	}
-
-	/*
-	 * load the objectClass definitions
-	 */
-	ret = ldb_search(ldb, tmp_ctx, &c_res,
-			 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
-			 "(objectClass=classSchema)");
-	if (ret != LDB_SUCCESS) {
-		*error_string_out = talloc_asprintf(mem_ctx, 
-				       "dsdb_schema: failed to search attributeSchema objects: %s",
-				       ldb_errstring(ldb));
-		goto failed;
-	}
-
-	ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb,
-					   lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
-					   schema_res, a_res, c_res, schema, &error_string);
-	if (ret != LDB_SUCCESS) {
-		*error_string_out = talloc_asprintf(mem_ctx, 
-						    "dsdb_schema load failed: %s",
-						    error_string);
-		goto failed;
-	}
-	talloc_steal(mem_ctx, *schema);
-	talloc_free(tmp_ctx);
-
-	if (flags & LDB_FLG_ENABLE_TRACING) {
-		flags = ldb_get_flags(ldb);
-		ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING);
-	}
-
-	return LDB_SUCCESS;
-
-failed:
-	if (flags & LDB_FLG_ENABLE_TRACING) {
-		flags = ldb_get_flags(ldb);
-		ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING);
-	}
-	talloc_free(tmp_ctx);
-	return ret;
-}	
-
 
 static const struct {
 	const char *name;
diff --git a/source4/dsdb/schema/schema_prefixmap.c b/source4/dsdb/schema/schema_prefixmap.c
new file mode 100644
index 0000000000..d24c5add00
--- /dev/null
+++ b/source4/dsdb/schema/schema_prefixmap.c
@@ -0,0 +1,22 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRS::prefixMap implementation
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 6f09f63596..9f22b32334 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -346,7 +346,10 @@ int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
 		return ret;
 	}
 
-	schema_fill_constructed(schema);
+	ret = schema_fill_constructed(schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
 
 	ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
 	if (ret != LDB_SUCCESS) {
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index c564471d4b..cbbd4a8636 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1204,6 +1204,8 @@ static WERROR dsdb_syntax_DN_ldb_to_drsuapi(struct ldb_context *ldb,
 	return WERR_OK;
 }
 
+
+
 static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(struct ldb_context *ldb, 
 						   const struct dsdb_schema *schema,
 						   const struct dsdb_attribute *attr,
@@ -1212,6 +1214,7 @@ static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(struct ldb_context *ldb,
 						   struct ldb_message_element *out)
 {
 	uint32_t i;
+	int ret;
 
 	out->flags	= 0;
 	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
@@ -1222,39 +1225,81 @@ static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(struct ldb_context *ldb,
 	W_ERROR_HAVE_NO_MEMORY(out->values);
 
 	for (i=0; i < out->num_values; i++) {
-		struct drsuapi_DsReplicaObjectIdentifier3Binary id3b;
-		char *binary;
-		char *str;
+		struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
 		enum ndr_err_code ndr_err;
+		DATA_BLOB guid_blob;
+		struct ldb_dn *dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		if (!tmp_ctx) {
+			W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+		}
 
 		if (in->value_ctr.values[i].blob == NULL) {
+			talloc_free(tmp_ctx);
 			return WERR_FOOBAR;
 		}
 
 		if (in->value_ctr.values[i].blob->length == 0) {
+			talloc_free(tmp_ctx);
 			return WERR_FOOBAR;
 		}
 
-		ndr_err = ndr_pull_struct_blob_all(in->value_ctr.values[i].blob,
-						   out->values, schema->iconv_convenience, &id3b,
-						   (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
+		
+		/* windows sometimes sends an extra two pad bytes here */
+		ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
+					       tmp_ctx, schema->iconv_convenience, &id3,
+					       (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
 			return ntstatus_to_werror(status);
 		}
 
-		/* TODO: handle id3.guid and id3.sid */
-		binary = data_blob_hex_string(out->values, &id3b.binary);
-		W_ERROR_HAVE_NO_MEMORY(binary);
+		dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
+		if (!dn) {
+			talloc_free(tmp_ctx);
+			/* If this fails, it must be out of memory, as it does not do much parsing */
+			W_ERROR_HAVE_NO_MEMORY(dn);
+		}
 
-		str = talloc_asprintf(out->values, "B:%u:%s:%s",
-				      (unsigned int)(id3b.binary.length * 2), /* because of 2 hex chars per byte */
-				      binary,
-				      id3b.dn);
-		W_ERROR_HAVE_NO_MEMORY(str);
+		ndr_err = ndr_push_struct_blob(&guid_blob, tmp_ctx, schema->iconv_convenience, &id3.guid,
+					       (ndr_push_flags_fn_t)ndr_push_GUID);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
 
-		/* TODO: handle id3.guid and id3.sid */
-		out->values[i] = data_blob_string_const(str);
+		ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+
+		talloc_free(guid_blob.data);
+
+		if (id3.__ndr_size_sid) {
+			DATA_BLOB sid_blob;
+			ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, schema->iconv_convenience, &id3.sid,
+						       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+
+			ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return WERR_FOOBAR;
+			}
+		}
+
+		/* set binary stuff */
+		ldb_dn_set_binary(dn, &id3.binary);
+
+		out->values[i] = data_blob_string_const(ldb_dn_get_extended_linearized(out->values, dn, 1));
+		talloc_free(tmp_ctx);
 	}
 
 	return WERR_OK;
@@ -1285,27 +1330,72 @@ static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(struct ldb_context *ldb,
 	W_ERROR_HAVE_NO_MEMORY(blobs);
 
 	for (i=0; i < in->num_values; i++) {
-		struct drsuapi_DsReplicaObjectIdentifier3Binary id3b;
+		struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
 		enum ndr_err_code ndr_err;
+		const DATA_BLOB *guid_blob, *sid_blob;
+		struct ldb_dn *dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
 
 		out->value_ctr.values[i].blob	= &blobs[i];
 
-		/* TODO: handle id3b.guid and id3b.sid, id3.binary */
-		ZERO_STRUCT(id3b);
-		id3b.dn		= (const char *)in->values[i].data;
-		id3b.binary	= data_blob(NULL, 0);
+		dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &in->values[i]);
+
+		W_ERROR_HAVE_NO_MEMORY(dn);
+
+		guid_blob = ldb_dn_get_extended_component(dn, "GUID");
 
-		ndr_err = ndr_push_struct_blob(&blobs[i], blobs, schema->iconv_convenience, &id3b,
-					       (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
+		ZERO_STRUCT(id3);
+
+		if (guid_blob) {
+			ndr_err = ndr_pull_struct_blob_all(guid_blob, 
+							   tmp_ctx, schema->iconv_convenience, &id3.guid,
+							   (ndr_pull_flags_fn_t)ndr_pull_GUID);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+		}
+
+		sid_blob = ldb_dn_get_extended_component(dn, "SID");
+		if (sid_blob) {
+			
+			ndr_err = ndr_pull_struct_blob_all(sid_blob, 
+							   tmp_ctx, schema->iconv_convenience, &id3.sid,
+							   (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+		}
+
+		id3.dn = ldb_dn_get_linearized(dn);
+		if (strncmp(id3.dn, "B:", 2) == 0) {
+			id3.dn = strchr(id3.dn, ':');
+			id3.dn = strchr(id3.dn+1, ':');
+			id3.dn = strchr(id3.dn+1, ':');
+			id3.dn++;
+		}
+
+		/* get binary stuff */
+		ldb_dn_get_binary(dn, &id3.binary);
+
+		ndr_err = ndr_push_struct_blob(&blobs[i], blobs, schema->iconv_convenience, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
 			return ntstatus_to_werror(status);
 		}
+		talloc_free(tmp_ctx);
 	}
 
 	return WERR_OK;
 }
 
+
+
 static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(struct ldb_context *ldb, 
 							      const struct dsdb_schema *schema,
 							      const struct dsdb_attribute *attr,