#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
  work out the minimal schema for a set of objectclasses 
*/

libinclude("base.js");

var ldb = ldb_init();

var options = GetOptions(ARGV, 
			 "POPT_AUTOHELP",
			 "POPT_COMMON_SAMBA",
			 "POPT_COMMON_CREDENTIALS",
			 "verbose",
			 "classes",
			 "attributes",
			 "subschema",
			 "subschema-auto");
if (options == undefined) {
   println("Failed to parse options");
   return -1;
}
verbose = options["verbose"];
dump_all = "yes";
dump_classes = options["classes"];
dump_attributes = options["attributes"];
dump_subschema = options["subschema"];
dump_subschema_auto = options["subschema-auto"];

if (dump_classes != undefined) {
	dump_all = undefined;
}
if (dump_attributes != undefined) {
	dump_all = undefined;
}
if (dump_subschema != undefined) {
	dump_all = undefined;
}
if (dump_subschema_auto != undefined) {
	dump_all = undefined;
	dump_subschema = "yes";
}
if (dump_all != undefined) {
	dump_classes = "yes";
	dump_attributes = "yes";
	dump_subschema = "yes";
	dump_subschema_auto = "yes";
}

if (options.ARGV.length != 2) {
   println("Usage: minschema.js <URL> <classfile>");
   return -1;
}

var url = options.ARGV[0];
var classfile = options.ARGV[1];

/* use command line creds if available */
ldb.credentials = options.get_credentials();

var ok = ldb.connect(url);
assert(ok);

objectclasses = new Object();
attributes = new Object();
rootDse = new Object();

objectclasses_expanded = new Object();

/* the attributes we need for objectclasses */
class_attrs = new Array("objectClass",
			"subClassOf",
			"governsID",
			"possSuperiors",
                        "possibleInferiors",
			"mayContain",
			"mustContain",
			"auxiliaryClass",
			"rDNAttID",
			"showInAdvancedViewOnly",
			"adminDisplayName",
			"adminDescription",
			"objectClassCategory",
			"lDAPDisplayName",
			"schemaIDGUID",
			"systemOnly",
			"systemPossSuperiors",
			"systemMayContain",
			"systemMustContain",
			"systemAuxiliaryClass",
			"defaultSecurityDescriptor",
			"systemFlags",
			"defaultHidingValue",
			"objectCategory",
			"defaultObjectCategory",

			/* this attributes are not used by w2k3 */
			"schemaFlagsEx",
			"msDs-IntId",
			"msDs-Schema-Extensions",
			"classDisplayName",
			"isDefunct");


attrib_attrs = new Array("objectClass",
			 "attributeID",
			 "attributeSyntax",
			 "isSingleValued",
			 "rangeLower",
			 "rangeUpper",
			 "mAPIID",
			 "linkID",
			 "showInAdvancedViewOnly",
			 "adminDisplayName",
			 "oMObjectClass",
			 "adminDescription",
			 "oMSyntax",
			 "searchFlags",
			 "extendedCharsAllowed",
			 "lDAPDisplayName",
			 "schemaIDGUID",
			 "attributeSecurityGUID",
			 "systemOnly",
			 "systemFlags",
			 "isMemberOfPartialAttributeSet",
			 "objectCategory",

			 /* this attributes are not used by w2k3 */
			 "schemaFlagsEx",
			 "msDs-IntId",
			 "msDs-Schema-Extensions",
			 "classDisplayName",
			 "isEphemeral",
			 "isDefunct");

/*
  notes:

  objectClassCategory 
      1: structural
      2: abstract
      3: auxiliary
*/


/*
  print only if verbose is set
*/
function dprintf() {
	if (verbose != undefined) {
		print(vsprintf(arguments));
	}
}

function get_object_cn(ldb, name) {
	var attrs = new Array("cn");

	var res = ldb.search(sprintf("(ldapDisplayName=%s)", name), rootDse.schemaNamingContext, ldb.SCOPE_SUBTREE, attrs);
	assert(res != undefined);
	assert(res.msgs.length == 1);

        var cn = res.msgs[0]["cn"];
	assert(cn != undefined);
	if (typeof(cn) == "string") {
		return cn;
	}
	return cn[0];
}
/*
  create an objectclass object
*/
function obj_objectClass(ldb, name) {
	var o = new Object();
	o.name = name;
	o.cn = get_object_cn(ldb, name);
	return o;
}

/*
  create an attribute object
*/
function obj_attribute(ldb, name) {
	var o = new Object();
	o.name = name;
	o.cn = get_object_cn(ldb, name);
	return o;
}


syntaxmap = new Object();

syntaxmap['2.5.5.1']  = '1.3.6.1.4.1.1466.115.121.1.12';
syntaxmap['2.5.5.2']  = '1.3.6.1.4.1.1466.115.121.1.38';
syntaxmap['2.5.5.3']  = '1.2.840.113556.1.4.1362';
syntaxmap['2.5.5.4']  = '1.2.840.113556.1.4.905';
syntaxmap['2.5.5.5']  = '1.3.6.1.4.1.1466.115.121.1.26';
syntaxmap['2.5.5.6']  = '1.3.6.1.4.1.1466.115.121.1.36';
syntaxmap['2.5.5.7']  = '1.2.840.113556.1.4.903';
syntaxmap['2.5.5.8']  = '1.3.6.1.4.1.1466.115.121.1.7';
syntaxmap['2.5.5.9']  = '1.3.6.1.4.1.1466.115.121.1.27';
syntaxmap['2.5.5.10'] = '1.3.6.1.4.1.1466.115.121.1.40';
syntaxmap['2.5.5.11'] = '1.3.6.1.4.1.1466.115.121.1.24';
syntaxmap['2.5.5.12'] = '1.3.6.1.4.1.1466.115.121.1.15';
syntaxmap['2.5.5.13'] = '1.3.6.1.4.1.1466.115.121.1.43';
syntaxmap['2.5.5.14'] = '1.2.840.113556.1.4.904';
syntaxmap['2.5.5.15'] = '1.2.840.113556.1.4.907';
syntaxmap['2.5.5.16'] = '1.2.840.113556.1.4.906';
syntaxmap['2.5.5.17'] = '1.3.6.1.4.1.1466.115.121.1.40';

/*
  map some attribute syntaxes from some apparently MS specific
  syntaxes to the standard syntaxes
*/
function map_attribute_syntax(s) {
	if (syntaxmap[s] != undefined) {
		return syntaxmap[s];
	}
	return s;
}


/*
  fix a string DN to use ${SCHEMADN}
*/
function fix_dn(dn) {
	var s = strstr(dn, rootDse.schemaNamingContext);
	if (s == NULL) {
		return dn;
	}
	return substr(dn, 0, strlen(dn) - strlen(s)) + "${SCHEMADN}";
}

/*
  dump an object as ldif
*/
function write_ldif_one(o, attrs) {
	var i;
	printf("dn: CN=%s,${SCHEMADN}\n", o.cn);
	for (i=0;i<attrs.length;i++) {
		var a = attrs[i];
		if (o[a] == undefined) {
			continue;
		}
		/* special case for oMObjectClass, which is a binary object */
		if (a == "oMObjectClass") {
			printf("%s:: %s\n", a, o[a]);
			continue;
		}
		var v = o[a];
		if (typeof(v) == "string") {
			v = new Array(v);
		}
		var j;
		for (j=0;j<v.length;j++) {
			printf("%s: %s\n", a, fix_dn(v[j]));
		}
	}
	printf("\n");
}

/*
  dump an array of objects as ldif
*/
function write_ldif(o, attrs) {
	var i;
	for (i in o) {
		write_ldif_one(o[i], attrs);
	}
}


/*
  create a testDN based an an example DN
  the idea is to ensure we obey any structural rules
*/
function create_testdn(exampleDN) {
	var a = split(",", exampleDN);
	a[0] = "CN=TestDN";
	return join(",", a);
}

/*
  find the properties of an objectclass
 */
function find_objectclass_properties(ldb, o) {
	var res = ldb.search(
		sprintf("(ldapDisplayName=%s)", o.name),
		rootDse.schemaNamingContext, ldb.SCOPE_SUBTREE, class_attrs);
	assert(res != undefined);
	assert(res.msgs.length == 1);
	var msg = res.msgs[0];
	var a;
	for (a in msg) {
		o[a] = msg[a];
	}
}

/*
  find the properties of an attribute
 */
function find_attribute_properties(ldb, o) {
	var res = ldb.search(
		sprintf("(ldapDisplayName=%s)", o.name),
		rootDse.schemaNamingContext, ldb.SCOPE_SUBTREE, attrib_attrs);
	assert(res != undefined);
	assert(res.msgs.length == 1);
	var msg = res.msgs[0];
	var a;
	for (a in msg) {
		/* special case for oMObjectClass, which is a binary object */
		if (a == "oMObjectClass") {
			o[a] = ldb.encode(msg[a]);
			continue;
		}
		o[a] = msg[a];
	}
}

/*
  find the auto-created properties of an objectclass. Only works for classes
  that can be created using just a DN and the objectclass
 */
function find_objectclass_auto(ldb, o) {
	if (o["exampleDN"] == undefined) {
		return;
	}
	var testdn = create_testdn(o.exampleDN);
	var ok;

	dprintf("testdn is '%s'\n", testdn);

	var ldif = "dn: " + testdn;
	ldif = ldif + "\nobjectClass: " + o.name;
	ok = ldb.add(ldif);
	if (ok.error != 0) {
		dprintf("error adding %s: %s\n", o.name, ok.errstr);
		dprintf("%s\n", ldif);
		return;
	}

	var res = ldb.search("", testdn, ldb.SCOPE_BASE);
	ok = ldb.del(testdn);
	assert(ok.error == 0);

	var a;
	for (a in res.msgs[0]) {
		attributes[a].autocreate = true;
	}
}


/*
  look at auxiliary information from a class to intuit the existance of more
  classes needed for a minimal schema
*/
function expand_objectclass(ldb, o) {
	var attrs = new Array("auxiliaryClass", "systemAuxiliaryClass",
			      "possSuperiors", "systemPossSuperiors",
			      "subClassOf");
	var res = ldb.search(
		sprintf("(&(objectClass=classSchema)(ldapDisplayName=%s))", o.name),
		rootDse.schemaNamingContext, ldb.SCOPE_SUBTREE, attrs);
	var a;
	dprintf("Expanding class %s\n", o.name);
	assert(res != undefined);
	assert(res.msgs.length == 1);
	var msg = res.msgs[0];
	for (a=0;a<attrs.length;a++) {
		var aname = attrs[a];
		if (msg[aname] == undefined) {
			continue;
		}
		var list = msg[aname];
		if (typeof(list) == "string") {
			list = new Array(msg[aname]);
		}
		var i;
		for (i=0;i<list.length;i++) {
			var name = list[i];
			if (objectclasses[name] == undefined) {
				dprintf("Found new objectclass '%s'\n", name);
				objectclasses[name] = obj_objectClass(ldb, name);
			}
		}
	}
}


/*
  add the must and may attributes from an objectclass to the full list
  of attributes
*/
function add_objectclass_attributes(ldb, class) {
	var attrs = new Array("mustContain", "systemMustContain", 
			      "mayContain", "systemMayContain");
	var i;
	for (i=0;i<attrs.length;i++) {
		var aname = attrs[i];
		if (class[aname] == undefined) {
			continue;
		}
		var alist = class[aname];
		if (typeof(alist) == "string") {
			alist = new Array(alist);
		}
		var j;
		var len = alist.length;
		for (j=0;j<len;j++) {
			var a = alist[j];
			if (attributes[a] == undefined) {
				attributes[a] = obj_attribute(ldb, a);
			}
		}
	}
}


/*
  process an individual record, working out what attributes it has
*/
function walk_dn(ldb, dn) {
	/* get a list of all possible attributes for this object */
	var attrs = new Array("allowedAttributes");
	var res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, attrs);
	if (res.error != 0) {
		dprintf("Unable to fetch allowedAttributes for '%s' - %s\n", 
		       dn, res.errstr);
		return;
	}
	var allattrs = res.msgs[0].allowedAttributes;
	res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, allattrs);
	if (res.error != 0) {
		dprintf("Unable to fetch all attributes for '%s' - %s\n", 
		       dn, res.errstr);
		return;
	}
	var a;
	var msg = res.msgs[0];
	for (a in msg) {
		if (attributes[a] == undefined) {
			attributes[a] = obj_attribute(ldb, a);
		}
	}
}

/*
  walk a naming context, looking for all records
*/
function walk_naming_context(ldb, namingContext) {
	var attrs = new Array("objectClass");
	var res = ldb.search("objectClass=*", namingContext, ldb.SCOPE_DEFAULT, attrs);
	if (res.error != 0) {
		dprintf("Unable to fetch objectClasses for '%s' - %s\n", 
		       namingContext, res.errstr);
		return;
	}
	var r;
	for (r=0;r<res.msgs.length;r++) {
		var msg = res.msgs[r].objectClass;
		var c;
		for (c=0;c<msg.length;c++) {
			var objectClass = msg[c];
			if (objectclasses[objectClass] == undefined) {
				objectclasses[objectClass] = obj_objectClass(ldb, objectClass);
				objectclasses[objectClass].exampleDN = res.msgs[r].dn;
			}
		}
		walk_dn(ldb, res.msgs[r].dn);
	}
}

/*
  trim the may attributes for an objectClass
*/
function trim_objectclass_attributes(ldb, class) {
	var i,j,n;

	/* trim possibleInferiors,
	 * include only the classes we extracted */
	var possinf = class["possibleInferiors"];
	if (possinf != undefined) {
		var newpossinf = new Array();
		if (typeof(possinf) == "string") {
			possinf = new Array(possinf);
		}
		n = 0;
		for (j = 0;j < possinf.length; j++) {
			var x = possinf[j];
			if (objectclasses[x] != undefined) {
				newpossinf[n] = x;
				n++;
			}
		}
		class["possibleInferiors"] = newpossinf;
	}

	/* trim systemMayContain,
	 * remove duplicates */
	var sysmay = class["systemMayContain"];
	if (sysmay != undefined) {
		var newsysmay = new Array();
		if (typeof(sysmay) == "string") {
			sysmay = new Array(sysmay);
		}
		for (j = 0;j < sysmay.length; j++) {
			var x = sysmay[j];
			var dup = false;
			if (newsysmay[0] == undefined) {
				newsysmay[0] = x;
			} else {
				for (n = 0; n < newsysmay.length; n++) {
					if (newsysmay[n] == x) {
						dup = true;
					}
				}
				if (dup == false) {
					newsysmay[n] = x;
				}
			}
		}
		class["systemMayContain"] = newsysmay;
	}

	/* trim mayContain,
	 * remove duplicates */
	var may = class["mayContain"];
	if (may != undefined) {
		var newmay = new Array();
		if (typeof(may) == "string") {
			may = new Array(may);
		}
		for (j = 0;j < may.length; j++) {
			var x = may[j];
			var dup = false;
			if (newmay[0] == undefined) {
				newmay[0] = x;
			} else {
				for (n = 0; n < newmay.length; n++) {
					if (newmay[n] == x) {
						dup = true;
					}
				}
				if (dup == false) {
					newmay[n] = x;
				}
			}
		}
		class["mayContain"] = newmay;
	}
}

/*
  load the basic attributes of an objectClass
*/
function build_objectclass(ldb, name) {
	var attrs = new Array("name");
	var res = ldb.search(
		sprintf("(&(objectClass=classSchema)(ldapDisplayName=%s))", name),
		rootDse.schemaNamingContext, ldb.SCOPE_SUBTREE, attrs);
	if (res.error != 0) {
		dprintf("unknown class '%s'\n", name);
		return undefined;
	}
	if (res.msgs.length == 0) {
		dprintf("unknown class '%s'\n", name);
		return undefined;
	}
	return obj_objectClass(ldb, name);
}

/*
  append 2 lists
*/
function list_append(a1, a2) {
	var i;
	if (a1 == undefined) {
		return a2;
	}
	if (a2 == undefined) {
		return a1;
	}
	for (i=0;i<a2.length;i++) {
		a1[a1.length] = a2[i];
	}
	return a1;
}

/*
  form a coalesced attribute list
*/
function attribute_list(class, attr1, attr2) {
	var a1 = class[attr1];
	var a2 = class[attr2];
	if (typeof(a1) == "string") {
		a1 = new Array(a1);
	}
	if (typeof(a2) == "string") {
		a2 = new Array(a2);
	}
	return list_append(a1, a2);
}

/*
  write out a list in aggregate form
*/
function aggregate_list(name, list) {
	if (list == undefined) {
		return;
	}
	var i;
	printf("%s ( ", name);
	for (i=0;i<list.length;i++) {
		printf("%s ", list[i]);
		if (i < (list.length - 1)) {
			printf("$ ");
		}
	}
	printf(") ");
}

/*
  write the aggregate record for an objectclass
*/
function write_aggregate_objectclass(class) {
	printf("objectClasses: ( %s NAME '%s' ", class.governsID, class.name);
	if (class['subClassOf'] != undefined) {
		printf("SUP %s ", class['subClassOf']);
	}
	if (class.objectClassCategory == 1) {
		printf("STRUCTURAL ");
	} else if (class.objectClassCategory == 2) {
		printf("ABSTRACT ");
	} else if (class.objectClassCategory == 3) {
		printf("AUXILIARY ");
	}

	var list;

	list = attribute_list(class, "systemMustContain", "mustContain");
	aggregate_list("MUST", list);

	list = attribute_list(class, "systemMayContain", "mayContain");
	aggregate_list("MAY", list);

	printf(")\n");
}


/*
  write the aggregate record for an ditcontentrule
*/
function write_aggregate_ditcontentrule(class) {
	var list = attribute_list(class, "auxiliaryClass", "systemAuxiliaryClass");
	var i;
	if (list == undefined) {
		return;
	}

	printf("dITContentRules: ( %s NAME '%s' ", class.governsID, class.name);

	aggregate_list("AUX", list);

	var may_list = undefined;
	var must_list = undefined;

	for (i=0;i<list.length;i++) {
		var c = list[i];
		var list2;
		list2 = attribute_list(objectclasses[c], 
				       "mayContain", "systemMayContain");
		may_list = list_append(may_list, list2);
		list2 = attribute_list(objectclasses[c], 
				       "mustContain", "systemMustContain");
		must_list = list_append(must_list, list2);
	}

	aggregate_list("MUST", must_list);
	aggregate_list("MAY", may_list);

	printf(")\n");
}

/*
  write the aggregate record for an attribute
*/
function write_aggregate_attribute(attrib) {
	printf("attributeTypes: ( %s NAME '%s' SYNTAX '%s' ", 
	       attrib.attributeID, attrib.name, 
	       map_attribute_syntax(attrib.attributeSyntax));
	if (attrib['isSingleValued'] == "TRUE") {
		printf("SINGLE-VALUE ");
	}
	if (attrib['systemOnly'] == "TRUE") {
		printf("NO-USER-MODIFICATION ");
	}

	printf(")\n");
}


/*
  write the aggregate record
*/
function write_aggregate() {
	printf("dn: CN=Aggregate,${SCHEMADN}\n");
	print("objectClass: top
objectClass: subSchema
objectCategory: CN=SubSchema,${SCHEMADN}
");
	if (dump_subschema_auto == undefined) {
		return;	
	}

	for (i in objectclasses) {
		write_aggregate_objectclass(objectclasses[i]);
	}
	for (i in attributes) {
		write_aggregate_attribute(attributes[i]);
	}
	for (i in objectclasses) {
		write_aggregate_ditcontentrule(objectclasses[i]);
	}
}

/*
  load a list from a file
*/
function load_list(file) {
	var sys = sys_init();
	var s = sys.file_load(file);
	var a = split("\n", s);
	return a;
}

/* get the rootDSE */
var res = ldb.search("", "", ldb.SCOPE_BASE);
rootDse = res.msgs[0];

/* load the list of classes we are interested in */
var classes = load_list(classfile);
var i;
for (i=0;i<classes.length;i++) {
	var classname = classes[i];
	var class = build_objectclass(ldb, classname);
	if (class != undefined) {
		objectclasses[classname] = class;
	}
}


/*
  expand the objectclass list as needed
*/
var num_classes = 0;
var expanded = 0;
/* calculate the actual number of classes */
for (i in objectclasses) {
	num_classes++;
}
/* so EJS do not have while nor the break statement
   cannot find any other way than doing more loops
   than necessary to recursively expand all classes
 */
var inf;
for (inf = 0;inf < 500; inf++) {
	if (expanded < num_classes) {
		for (i in objectclasses) {
			var n = objectclasses[i];
			if (objectclasses_expanded[i] != "DONE") {
				expand_objectclass(ldb, objectclasses[i]);
				objectclasses_expanded[i] = "DONE";
				expanded++;
			}
		}
		/* recalculate the actual number of classes */
		num_classes = 0;
		for (i in objectclasses) {
			num_classes++;
		}
	}
}

/*
  find objectclass properties
*/
for (i in objectclasses) {
	find_objectclass_properties(ldb, objectclasses[i]);
}

/*
  form the full list of attributes
*/
for (i in objectclasses) {
	add_objectclass_attributes(ldb, objectclasses[i]);
}

/* and attribute properties */
for (i in attributes) {
	find_attribute_properties(ldb, attributes[i]);
}

/*
  trim the 'may' attribute lists to those really needed
*/
for (i in objectclasses) {
	trim_objectclass_attributes(ldb, objectclasses[i]);
}

/*
  dump an ldif form of the attributes and objectclasses
*/
if (dump_attributes != undefined) {
	write_ldif(attributes, attrib_attrs);
}
if (dump_classes != undefined) {
	write_ldif(objectclasses, class_attrs);
}
if (dump_subschema != undefined) {
	write_aggregate();
}

if (verbose == undefined) {
	exit(0);
}

/*
  dump list of objectclasses
*/
printf("objectClasses:\n")
for (i in objectclasses) {
	printf("\t%s\n", i);
}
printf("attributes:\n")
for (i in attributes) {
	printf("\t%s\n", i);
}

printf("autocreated attributes:\n");
for (i in attributes) {
	if (attributes[i].autocreate == true) {
		printf("\t%s\n", i);
	}
}

return 0;