From ec74ffa8f08d85c55ec7fc592101a21340b9a97d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 20 Dec 2009 10:26:21 +1100 Subject: s4-schema: a unsigned comparison bug in the schema code --- source4/dsdb/schema/schema_query.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c index f563f01272..df17787f38 100644 --- a/source4/dsdb/schema/schema_query.c +++ b/source4/dsdb/schema/schema_query.c @@ -31,7 +31,8 @@ static const char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, static int uint32_cmp(uint32_t c1, uint32_t c2) { - return c1 - c2; + if (c1 == c2) return 0; + return c1 > c2 ? 1 : -1; } static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str) -- cgit From 4e8ad284f5813413fdec8426f11e24570d22549b Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Fri, 18 Dec 2009 04:08:52 +0200 Subject: s4-schema: Set ATTID in schema cache from "msDS-IntId" According to http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx some Attributes OIDs may not use prefixMap. Setting ATTID in Schema Cache here should work, although this code snippet should be moved in separate function. Signed-off-by: Andrew Tridgell --- source4/dsdb/schema/schema_init.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 4af36838cd..b8cbedcb7d 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -558,14 +558,19 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, /* set an invalid value */ attr->attributeID_id = 0xFFFFFFFF; } else { - status = dsdb_schema_pfm_make_attid(schema->prefixmap, - attr->attributeID_oid, - &attr->attributeID_id); - if (!W_ERROR_IS_OK(status)) { - DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", - __location__, attr->lDAPDisplayName, attr->attributeID_oid, - win_errstr(status))); - return status; + /* check if msDS-IntId element is set */ + attr->attributeID_id = samdb_result_uint(msg, "msDS-IntId", 0xFFFFFFFF); + if (attr->attributeID_id == 0xFFFFFFFF) { + /* msDS-IntId is not set, make */ + status = dsdb_schema_pfm_make_attid(schema->prefixmap, + attr->attributeID_oid, + &attr->attributeID_id); + if (!W_ERROR_IS_OK(status)) { + DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", + __location__, attr->lDAPDisplayName, attr->attributeID_oid, + win_errstr(status))); + return status; + } } } GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID); -- cgit From 9f6c81874f6e63f30432814e4f443a69c4e04429 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Fri, 18 Dec 2009 18:15:49 +0200 Subject: s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM control Signed-off-by: Andrew Tridgell --- source4/dsdb/schema/schema_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index b8cbedcb7d..ccdf97cf2d 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -310,7 +310,7 @@ WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_co return WERR_NOMEM; } - ldb_ret = samdb_replace( ldb, msg, msg ); + ldb_ret = samdb_replace_as_system(ldb, temp_ctx, msg); talloc_free(temp_ctx); -- cgit From ad35153ef40ade858302dab2877353682604265b Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Sat, 19 Dec 2009 01:49:31 +0200 Subject: s4-drs: Implement constraints on ATTID values in prefixMap Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP Signed-off-by: Andrew Tridgell --- source4/dsdb/schema/prefixmap.h | 11 +++++++++++ source4/dsdb/schema/schema_prefixmap.c | 24 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/prefixmap.h b/source4/dsdb/schema/prefixmap.h index 816ddcfbb3..74acecb4ff 100644 --- a/source4/dsdb/schema/prefixmap.h +++ b/source4/dsdb/schema/prefixmap.h @@ -22,6 +22,17 @@ #ifndef _DSDB_PREFIXMAP_H #define _DSDB_PREFIXMAP_H +/** + * ATTRTYP ranges + * Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP + */ +enum dsdb_attid_type { + dsdb_attid_type_pfm = 1, /* attid in [0x00000000..0x7FFFFFFF] */ + dsdb_attid_type_intid = 2, /* attid in [0x80000000..0xBFFFFFFF] */ + dsdb_attid_type_reserved = 3, /* attid in [0xC0000000..0xFFFEFFFF] */ + dsdb_attid_type_internal = 4, /* attid in [0xFFFF0000..0xFFFFFFFF] */ +}; + /** * oid-prefix in prefixmap */ diff --git a/source4/dsdb/schema/schema_prefixmap.c b/source4/dsdb/schema/schema_prefixmap.c index 969b357a39..89d33779e4 100644 --- a/source4/dsdb/schema/schema_prefixmap.c +++ b/source4/dsdb/schema/schema_prefixmap.c @@ -26,6 +26,25 @@ #include "../lib/util/asn1.h" +/** + * Determine range type for supplied ATTID + */ +enum dsdb_attid_type dsdb_pfm_get_attid_type(uint32_t attid) +{ + if (attid <= 0x7FFFFFFF) { + return dsdb_attid_type_pfm; + } + else if (attid <= 0xBFFFFFFF) { + return dsdb_attid_type_intid; + } + else if (attid <= 0xFFFEFFFF) { + return dsdb_attid_type_reserved; + } + else { + return dsdb_attid_type_internal; + } +} + /** * Allocates schema_prefixMap object in supplied memory context */ @@ -303,6 +322,11 @@ WERROR dsdb_schema_pfm_oid_from_attid(struct dsdb_schema_prefixmap *pfm, uint32_ struct dsdb_schema_prefixmap_oid *pfm_entry; WERROR werr = WERR_OK; + /* sanity check for attid requested */ + if (dsdb_pfm_get_attid_type(attid) != dsdb_attid_type_pfm) { + return WERR_INVALID_PARAMETER; + } + /* crack attid value */ hi_word = attid >> 16; lo_word = attid & 0xFFFF; -- cgit From 0c362597c0f933b3612bb17328c0a13b73d72e43 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Dec 2009 23:36:23 +1100 Subject: s4-schema: fixed the sorting of schema attributes another case of unsigned int subtracting breaking sorts. This one surfaced now as attributeID_id now can be larger than 2^31 --- source4/dsdb/schema/schema_set.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index e65e372623..f59fc32696 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -180,13 +180,19 @@ op_error: return LDB_ERR_OPERATIONS_ERROR; } +static int uint32_cmp(uint32_t c1, uint32_t c2) +{ + if (c1 == c2) return 0; + return c1 > c2 ? 1 : -1; +} + static int dsdb_compare_class_by_lDAPDisplayName(struct dsdb_class **c1, struct dsdb_class **c2) { return strcasecmp((*c1)->lDAPDisplayName, (*c2)->lDAPDisplayName); } static int dsdb_compare_class_by_governsID_id(struct dsdb_class **c1, struct dsdb_class **c2) { - return (*c1)->governsID_id - (*c2)->governsID_id; + return uint32_cmp((*c1)->governsID_id, (*c2)->governsID_id); } static int dsdb_compare_class_by_governsID_oid(struct dsdb_class **c1, struct dsdb_class **c2) { @@ -203,7 +209,7 @@ static int dsdb_compare_attribute_by_lDAPDisplayName(struct dsdb_attribute **a1, } static int dsdb_compare_attribute_by_attributeID_id(struct dsdb_attribute **a1, struct dsdb_attribute **a2) { - return (*a1)->attributeID_id - (*a2)->attributeID_id; + return uint32_cmp((*a1)->attributeID_id, (*a2)->attributeID_id); } static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute **a1, struct dsdb_attribute **a2) { @@ -211,7 +217,7 @@ static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute **a1, } static int dsdb_compare_attribute_by_linkID(struct dsdb_attribute **a1, struct dsdb_attribute **a2) { - return (*a1)->linkID - (*a2)->linkID; + return uint32_cmp((*a1)->linkID, (*a2)->linkID); } /* -- cgit From b1db66a501e3b5e5df66e722ad849a821c667d5b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 18 Dec 2009 20:51:37 +1100 Subject: s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid() Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/schema/schema_syntax.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index 1989db0699..e958605707 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -1183,7 +1183,7 @@ static WERROR dsdb_syntax_DN_ldb_to_drsuapi(struct ldb_context *ldb, ZERO_STRUCT(id3); - status = dsdb_get_extended_dn_guid(dn, &id3.guid); + status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID"); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { talloc_free(tmp_ctx); @@ -1367,7 +1367,7 @@ static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(struct ldb_context *ldb, ZERO_STRUCT(id3); - status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid); + status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID"); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { talloc_free(tmp_ctx); -- cgit From d4853fed00a9f5e6e5eee5dc1ce0eab3cd9bda37 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Dec 2009 20:59:57 +1100 Subject: sd-schema: order DRS classes on the wire in reverse order windows sends objectclasses in DRS in the opposite order to what LDAP uses --- source4/dsdb/schema/schema_syntax.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index e958605707..0873779811 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -735,7 +735,10 @@ static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(struct ldb_context *ldb, blobs[i] = data_blob_talloc(blobs, NULL, 4); W_ERROR_HAVE_NO_MEMORY(blobs[i].data); - obj_class = dsdb_class_by_lDAPDisplayName(schema, (const char *)in->values[i].data); + /* in DRS windows puts the classes in the opposite + order to the order used in ldap */ + obj_class = dsdb_class_by_lDAPDisplayName(schema, + (const char *)in->values[(in->num_values-1)-i].data); if (!obj_class) { return WERR_FOOBAR; } -- cgit From 9f02898080f5a19930d9adfcce3cf4139e3952e9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 21 Dec 2009 21:01:33 +1100 Subject: s4-schema: don't fill in the extended DN with a zero GUID sometimes windows sends us a zero GUID in a DRS DN. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/schema/schema_syntax.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index 0873779811..843b65d59d 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -1077,20 +1077,21 @@ WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context W_ERROR_HAVE_NO_MEMORY(dn); } - status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); - return ntstatus_to_werror(status); - } + if (!GUID_all_zero(&id3.guid)) { + status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return ntstatus_to_werror(status); + } - ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return WERR_FOOBAR; + ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return WERR_FOOBAR; + } + talloc_free(guid_blob.data); } - talloc_free(guid_blob.data); - if (id3.__ndr_size_sid) { DATA_BLOB sid_blob; ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, iconv_convenience, &id3.sid, -- cgit From c3061794ef4d03d5b26d4a221a93722b3ed08197 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Dec 2009 11:37:17 +1100 Subject: s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time() --- source4/dsdb/schema/schema_syntax.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/schema') diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index 843b65d59d..de52b9c628 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -488,13 +488,17 @@ static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(struct ldb_context *ldb, for (i=0; i < in->num_values; i++) { NTTIME v; time_t t; + int ret; out->value_ctr.values[i].blob = &blobs[i]; blobs[i] = data_blob_talloc(blobs, NULL, 8); W_ERROR_HAVE_NO_MEMORY(blobs[i].data); - t = ldb_string_to_time((const char *)in->values[i].data); + ret = ldb_val_to_time(&in->values[i], &t); + if (ret != LDB_SUCCESS) { + return WERR_DS_INVALID_ATTRIBUTE_SYNTAX; + } unix_to_nt_time(&v, t); v /= 10000000; -- cgit