/* 
   ldb database library
   Copyright (C) Andrew Bartlett 2006
     ** NOTE! The following LGPL license applies to the ldb
     ** library. This does NOT imply that all of Samba is released
     ** under the LGPL
   
   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 3 of the License, or (at your option) any later version.
   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.
   You should have received a copy of the GNU Lesser General Public
   License along with this library; if not, see .
*/
/*
 *  Name: ldb
 *
 *  Component: ad2oLschema
 *
 *  Description: utility to convert an AD schema into the format required by OpenLDAP
 *
 *  Author: Andrew Tridgell
 */
#include "includes.h"
#include "ldb/include/includes.h"
#include "system/locale.h"
#include "ldb/tools/cmdline.h"
#include "ldb/tools/convert.h"
struct schema_conv {
	int count;
	int skipped;
	int failures;
};
enum convert_target {
	TARGET_OPENLDAP,
	TARGET_FEDORA_DS
};
	
static void usage(void)
{
	printf("Usage: ad2oLschema \n");
	printf("\nConvert AD-like LDIF to OpenLDAP schema format\n\n");
	printf("Options:\n");
	printf("  -I inputfile     inputfile of mapped OIDs and skipped attributes/ObjectClasses");
	printf("  -H url           LDB or LDAP server to read schmea from\n");
	printf("  -O outputfile    outputfile otherwise STDOUT\n");
	printf("  -o options       pass options like modules to activate\n");
	printf("              e.g: -o modules:timestamps\n");
	printf("\n");
	printf("Converts records from an AD-like LDIF schema into an openLdap formatted schema\n\n");
	exit(1);
}
static int fetch_attrs_schema(struct ldb_context *ldb, struct ldb_dn *schemadn,
			      TALLOC_CTX *mem_ctx, 
			      struct ldb_result **attrs_res)
{
	TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
	int ret;
	const char *attrs[] = {
		"lDAPDisplayName",
		"isSingleValued",
		"attributeID",
		"attributeSyntax",
		"description",		
		NULL
	};
	if (!local_ctx) {
		return LDB_ERR_OPERATIONS_ERROR;
	}
	
	/* Downlaod schema */
	ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, 
			 "objectClass=attributeSchema", 
			 attrs, attrs_res);
	if (ret != LDB_SUCCESS) {
		printf("Search failed: %s\n", ldb_errstring(ldb));
		return LDB_ERR_OPERATIONS_ERROR;
	}
	
	return ret;
}
static const char *oc_attrs[] = {
	"lDAPDisplayName",
	"mayContain",
	"mustContain",
	"systemMayContain",
	"systemMustContain",
	"objectClassCategory",
	"governsID",
	"description",
	"subClassOf",
	NULL
};
static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, 
			      TALLOC_CTX *mem_ctx, 
			      struct ldb_result *search_from,
			      struct ldb_result *res_list)
{
	int i;
	int ret = 0;
	for (i=0; i < search_from->count; i++) {
		struct ldb_result *res;
		const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i], 
							       "lDAPDisplayname", NULL);
		char *filter = talloc_asprintf(mem_ctx, "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", 
					       name, name);
		ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, 
				 filter,
				 oc_attrs, &res);
		talloc_free(filter);
		if (ret != LDB_SUCCESS) {
			printf("Search failed: %s\n", ldb_errstring(ldb));
			return ret;
		}
		
		talloc_steal(mem_ctx, res);
		res_list->msgs = talloc_realloc(res_list, res_list->msgs, 
						struct ldb_message *, res_list->count + 2);
		if (!res_list->msgs) {
			return LDB_ERR_OPERATIONS_ERROR;
		}
		res_list->msgs[res_list->count] = talloc_move(res_list, 
							      &search_from->msgs[i]);
		res_list->count++;
		res_list->msgs[res_list->count] = NULL;
		if (res->count > 0) {
			ret = fetch_oc_recursive(ldb, schemadn, mem_ctx, res, res_list); 
		}
		if (ret != LDB_SUCCESS) {
			return ret;
		}
	}
	return ret;
}
static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, 
				    TALLOC_CTX *mem_ctx, 
				    struct ldb_result **objectclasses_res)
{
	TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
	struct ldb_result *top_res, *ret_res;
	int ret;
	if (!local_ctx) {
		return LDB_ERR_OPERATIONS_ERROR;
	}
	
	/* Downlaod 'top' */
	ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, 
			 "(&(objectClass=classSchema)(lDAPDisplayName=top))", 
			 oc_attrs, &top_res);
	if (ret != LDB_SUCCESS) {
		printf("Search failed: %s\n", ldb_errstring(ldb));
		return LDB_ERR_OPERATIONS_ERROR;
	}
	talloc_steal(local_ctx, top_res);
	if (top_res->count != 1) {
		return LDB_ERR_OPERATIONS_ERROR;
	}
	ret_res = talloc_zero(local_ctx, struct ldb_result);
	if (!ret_res) {
		return LDB_ERR_OPERATIONS_ERROR;
	}
	ret = fetch_oc_recursive(ldb, schemadn, local_ctx, top_res, ret_res); 
	if (ret != LDB_SUCCESS) {
		printf("Search failed: %s\n", ldb_errstring(ldb));
		return LDB_ERR_OPERATIONS_ERROR;
	}
	*objectclasses_res = talloc_move(mem_ctx, &ret_res);
	return ret;
}
static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) 
{
	const char *rootdse_attrs[] = {"schemaNamingContext", NULL};
	struct ldb_dn *schemadn;
	struct ldb_dn *basedn = ldb_dn_explode(mem_ctx, "");
	struct ldb_result *rootdse_res;
	int ldb_ret;
	if (!basedn) {
		return NULL;
	}
	
	/* Search for rootdse */
	ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res);
	if (ldb_ret != LDB_SUCCESS) {
		printf("Search failed: %s\n", ldb_errstring(ldb));
		return NULL;
	}
	
	talloc_steal(mem_ctx, rootdse_res);
	if (rootdse_res->count != 1) {
		printf("Failed to find rootDSE");
		return NULL;
	}
	
	/* Locate schema */
	schemadn = ldb_msg_find_attr_as_dn(mem_ctx, rootdse_res->msgs[0], "schemaNamingContext");
	if (!schemadn) {
		return NULL;
	}
	talloc_free(rootdse_res);
	return schemadn;
}
#define IF_NULL_FAIL_RET(x) do {     \
		if (!x) {		\
			ret.failures++; \
			return ret;	\
		}			\
	} while (0) 
static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_target target, FILE *in, FILE *out) 
{
	/* Read list of attributes to skip, OIDs to map */
	TALLOC_CTX *mem_ctx = talloc_new(ldb);
	char *line;
	const char **attrs_skip = NULL;
	int num_skip = 0;
	struct oid_map {
		char *old_oid;
		char *new_oid;
	} *oid_map = NULL;
	int num_maps = 0;
	struct ldb_result *attrs_res, *objectclasses_res;
	struct ldb_dn *schemadn;
	struct schema_conv ret;
	int ldb_ret, i;
	ret.count = 0;
	ret.skipped = 0;
	ret.failures = 0;
	while ((line = afdgets(fileno(in), mem_ctx, 0))) {
		/* Blank Line */
		if (line[0] == '\0') {
			continue;
		}
		/* Comment */
		if (line[0] == '#') {
			continue;
		}
		if (isdigit(line[0])) {
			char *p = strchr(line, ':');
			IF_NULL_FAIL_RET(p);
			if (!p) {
				ret.failures = 1;
				return ret;
			}
			p[0] = '\0';
			p++;
			oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_maps + 2);
			trim_string(line, " ", " ");
			oid_map[num_maps].old_oid = talloc_move(oid_map, &line);
			trim_string(p, " ", " ");
			oid_map[num_maps].new_oid = p;
			num_maps++;
			oid_map[num_maps].old_oid = NULL;
		} else {
			attrs_skip = talloc_realloc(mem_ctx, attrs_skip, const char *, num_skip + 2);
			trim_string(line, " ", " ");
			attrs_skip[num_skip] = talloc_move(attrs_skip, &line);
			num_skip++;
			attrs_skip[num_skip] = NULL;
		}
	}
	schemadn = find_schema_dn(ldb, mem_ctx);
	if (!schemadn) {
		printf("Failed to find schema DN: %s\n", ldb_errstring(ldb));
		ret.failures = 1;
		return ret;
	}
	
	ldb_ret = fetch_attrs_schema(ldb, schemadn, mem_ctx, &attrs_res);
	if (ldb_ret != LDB_SUCCESS) {
		printf("Failed to fetch attribute schema: %s\n", ldb_errstring(ldb));
		ret.failures = 1;
		return ret;
	}
	
	switch (target) {
	case TARGET_OPENLDAP:
		break;
	case TARGET_FEDORA_DS:
		fprintf(out, "dn: cn=schema\n");
		break;
	}
	for (i=0; i < attrs_res->count; i++) {
		struct ldb_message *msg = attrs_res->msgs[i];
		const char *name = ldb_msg_find_attr_as_string(msg, "lDAPDisplayName", NULL);
		const char *description = ldb_msg_find_attr_as_string(msg, "description", NULL);
		const char *oid = ldb_msg_find_attr_as_string(msg, "attributeID", NULL);
		const char *syntax = ldb_msg_find_attr_as_string(msg, "attributeSyntax", NULL);
		BOOL single_value = ldb_msg_find_attr_as_bool(msg, "isSingleValued", False);
		const struct syntax_map *map = find_syntax_map_by_ad_oid(syntax);
		char *schema_entry = NULL;
		int j;
		/* We have been asked to skip some attributes/objectClasses */
		if (attrs_skip && str_list_check_ci(attrs_skip, name)) {
			ret.skipped++;
			continue;
		}
		/* We might have been asked to remap this oid, due to a conflict */
		for (j=0; oid && oid_map[j].old_oid; j++) {
			if (strcmp(oid, oid_map[j].old_oid) == 0) {
				oid =  oid_map[j].new_oid;
				break;
			}
		}
		
		switch (target) {
		case TARGET_OPENLDAP:
			schema_entry = talloc_asprintf(mem_ctx, 
						       "attributetype (\n"
						       "  %s\n", oid);
			break;
		case TARGET_FEDORA_DS:
			schema_entry = talloc_asprintf(mem_ctx, 
						       "attributeTypes: (\n"
						       "  %s\n", oid);
			break;
		}
		IF_NULL_FAIL_RET(schema_entry);
		schema_entry = talloc_asprintf_append(schema_entry, 
						      "  NAME '%s'\n", name);
		IF_NULL_FAIL_RET(schema_entry);
		if (description) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  DESC %s\n", description);
			IF_NULL_FAIL_RET(schema_entry);
		}
		if (map) {
			const char *syntax_oid;
			if (map->equality) {
				schema_entry = talloc_asprintf_append(schema_entry, 
								      "  EQUALITY %s\n", map->equality);
				IF_NULL_FAIL_RET(schema_entry);
			}
			if (map->substring) {
				schema_entry = talloc_asprintf_append(schema_entry, 
								      "  SUBSTR %s\n", map->substring);
				IF_NULL_FAIL_RET(schema_entry);
			}
			syntax_oid = map->Standard_OID;
			/* We might have been asked to remap this oid,
			 * due to a conflict, or lack of
			 * implementation */
			for (j=0; syntax_oid && oid_map[j].old_oid; j++) {
				if (strcmp(syntax_oid, oid_map[j].old_oid) == 0) {
					syntax_oid =  oid_map[j].new_oid;
					break;
				}
			}
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  SYNTAX %s\n", syntax_oid);
			IF_NULL_FAIL_RET(schema_entry);
		}
		if (single_value) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  SINGLE-VALUE\n");
			IF_NULL_FAIL_RET(schema_entry);
		}
		
		schema_entry = talloc_asprintf_append(schema_entry, 
						      "  )");
		switch (target) {
		case TARGET_OPENLDAP:
			fprintf(out, "%s\n\n", schema_entry);
			break;
		case TARGET_FEDORA_DS:
			fprintf(out, "%s\n", schema_entry);
			break;
		}
		ret.count++;
	}
	ldb_ret = fetch_objectclass_schema(ldb, schemadn, mem_ctx, &objectclasses_res);
	if (ldb_ret != LDB_SUCCESS) {
		printf("Failed to fetch objectClass schema elements: %s\n", ldb_errstring(ldb));
		ret.failures = 1;
		return ret;
	}
	
	for (i=0; i < objectclasses_res->count; i++) {
		struct ldb_message *msg = objectclasses_res->msgs[i];
		const char *name = ldb_msg_find_attr_as_string(msg, "lDAPDisplayName", NULL);
		const char *description = ldb_msg_find_attr_as_string(msg, "description", NULL);
		const char *oid = ldb_msg_find_attr_as_string(msg, "governsID", NULL);
		const char *subClassOf = ldb_msg_find_attr_as_string(msg, "subClassOf", NULL);
		int objectClassCategory = ldb_msg_find_attr_as_int(msg, "objectClassCategory", 0);
		struct ldb_message_element *must = ldb_msg_find_element(msg, "mustContain");
		struct ldb_message_element *sys_must = ldb_msg_find_element(msg, "systemMustContain");
		struct ldb_message_element *may = ldb_msg_find_element(msg, "mayContain");
		struct ldb_message_element *sys_may = ldb_msg_find_element(msg, "systemMayContain");
		char *schema_entry = NULL;
		int j;
		/* We have been asked to skip some attributes/objectClasses */
		if (attrs_skip && str_list_check_ci(attrs_skip, name)) {
			ret.skipped++;
			continue;
		}
		/* We might have been asked to remap this oid, due to a conflict */
		for (j=0; oid_map[j].old_oid; j++) {
			if (strcmp(oid, oid_map[j].old_oid) == 0) {
				oid =  oid_map[j].new_oid;
				break;
			}
		}
		
		switch (target) {
		case TARGET_OPENLDAP:
			schema_entry = talloc_asprintf(mem_ctx, 
						       "objectclass (\n"
						       "  %s\n", oid);
			break;
		case TARGET_FEDORA_DS:
			schema_entry = talloc_asprintf(mem_ctx, 
						       "objectClasses: (\n"
						       "  %s\n", oid);
			break;
		}
		IF_NULL_FAIL_RET(schema_entry);
		if (!schema_entry) {
			ret.failures++;
			break;
		}
		schema_entry = talloc_asprintf_append(schema_entry, 
						      "  NAME '%s'\n", name);
		IF_NULL_FAIL_RET(schema_entry);
		if (!schema_entry) return ret;
		if (description) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  DESC %s\n", description);
			IF_NULL_FAIL_RET(schema_entry);
		}
		if (subClassOf) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  SUP %s\n", subClassOf);
			IF_NULL_FAIL_RET(schema_entry);
		}
		
		switch (objectClassCategory) {
		case 1:
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  STRUCTURAL\n");
			IF_NULL_FAIL_RET(schema_entry);
			break;
		case 2:
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  ABSTRACT\n");
			IF_NULL_FAIL_RET(schema_entry);
			break;
		case 3:
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  AUXILIARY\n");
			IF_NULL_FAIL_RET(schema_entry);
			break;
		}
#define APPEND_ATTRS(attributes) \
		do {						\
			int k;						\
			for (k=0; attributes && k < attributes->num_values; k++) { \
				schema_entry = talloc_asprintf_append(schema_entry, \
								      " %s", \
								      (const char *)attributes->values[k].data); \
				IF_NULL_FAIL_RET(schema_entry);		\
				if (k != (attributes->num_values - 1)) { \
					schema_entry = talloc_asprintf_append(schema_entry, \
									      " $"); \
					IF_NULL_FAIL_RET(schema_entry);	\
					if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \
						schema_entry = talloc_asprintf_append(schema_entry, \
										      "\n  "); \
						IF_NULL_FAIL_RET(schema_entry);	\
					}				\
				}					\
			}						\
		} while (0)
		if (must || sys_must) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  MUST (");
			IF_NULL_FAIL_RET(schema_entry);
			APPEND_ATTRS(must);
			if (must && sys_must) {
				schema_entry = talloc_asprintf_append(schema_entry, \
								      " $"); \
			}
			APPEND_ATTRS(sys_must);
			
			schema_entry = talloc_asprintf_append(schema_entry, 
							      " )\n");
			IF_NULL_FAIL_RET(schema_entry);
		}
		if (may || sys_may) {
			schema_entry = talloc_asprintf_append(schema_entry, 
							      "  MAY (");
			IF_NULL_FAIL_RET(schema_entry);
			APPEND_ATTRS(may);
			if (may && sys_may) {
				schema_entry = talloc_asprintf_append(schema_entry, \
								      " $"); \
			}
			APPEND_ATTRS(sys_may);
			
			schema_entry = talloc_asprintf_append(schema_entry, 
							      " )\n");
			IF_NULL_FAIL_RET(schema_entry);
		}
		schema_entry = talloc_asprintf_append(schema_entry, 
						      "  )");
		switch (target) {
		case TARGET_OPENLDAP:
			fprintf(out, "%s\n\n", schema_entry);
			break;
		case TARGET_FEDORA_DS:
			fprintf(out, "%s\n", schema_entry);
			break;
		}
		ret.count++;
	}
	return ret;
}
 int main(int argc, const char **argv)
{
	TALLOC_CTX *ctx;
	struct ldb_cmdline *options;
	FILE *in = stdin;
	FILE *out = stdout;
	struct ldb_context *ldb;
	struct schema_conv ret;
	const char *target_str;
	enum convert_target target;
	ldb_global_init();
	ctx = talloc_new(NULL);
	ldb = ldb_init(ctx);
	options = ldb_cmdline_process(ldb, argc, argv, usage);
	if (options->input) {
		in = fopen(options->input, "r");
		if (!in) {
			perror(options->input);
			exit(1);
		}
	}
	if (options->output) {
		out = fopen(options->output, "w");
		if (!out) {
			perror(options->output);
			exit(1);
		}
	}
	target_str = lp_parm_string(-1, "convert", "target");
	if (!target_str || strcasecmp(target_str, "openldap") == 0) {
		target = TARGET_OPENLDAP;
	} else if (strcasecmp(target_str, "fedora-ds") == 0) {
		target = TARGET_FEDORA_DS;
	} else {
		printf("Unsupported target: %s\n", target_str);
		exit(1);
	}
	ret = process_convert(ldb, target, in, out);
	fclose(in);
	fclose(out);
	printf("Converted %d records (skipped %d) with %d failures\n", ret.count, ret.skipped, ret.failures);
	return 0;
}