to test the behaviour of objectCategory=user searches.
It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).
Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.
Andrew Bartlett
#include "librpc/ndr/libndr.h"
struct entryUUID_private {
- struct ldb_result *objectclass_res;
struct ldb_dn **base_dns;
};
return out;
}
+/* Ensure we always convert objectCategory into a DN */
static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
- int i;
- struct map_private *map_private;
- struct entryUUID_private *entryUUID_private;
- struct ldb_result *list;
+ struct ldb_val out = data_blob(NULL, 0);
+ const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid");
- if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) {
- return *val;
+ if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) {
+ return data_blob(NULL, 0);
}
- map_private = talloc_get_type(module->private_data, struct map_private);
- entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private);
- list = entryUUID_private->objectclass_res;
-
- for (i=0; list && (i < list->count); i++) {
- if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) {
- char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn);
- return data_blob_string_const(dn);
- }
- }
- return *val;
+ return out;
}
static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
NULL
};
-static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
-{
- const char *rootdse_attrs[] = {"schemaNamingContext", NULL};
- struct ldb_dn *schema_dn;
- struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL);
- struct ldb_result *rootdse_res;
- int ldb_ret;
- if (!basedn) {
- return NULL;
- }
-
- /* Search for rootdse */
- ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res);
- if (ldb_ret != LDB_SUCCESS) {
- return NULL;
- }
-
- talloc_steal(mem_ctx, rootdse_res);
-
- if (rootdse_res->count != 1) {
- ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count);
- return NULL;
- }
-
- /* Locate schema */
- schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext");
- if (!schema_dn) {
- return NULL;
- }
-
- talloc_free(rootdse_res);
- return schema_dn;
-}
-
-static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn,
- TALLOC_CTX *mem_ctx,
- struct ldb_result **objectclass_res)
-{
- TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
- int ret;
- const char *attrs[] = {
- "lDAPDisplayName",
- "governsID",
- NULL
- };
-
- if (!local_ctx) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* Downlaod schema */
- ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE,
- "objectClass=classSchema",
- attrs, objectclass_res);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- talloc_steal(mem_ctx, objectclass_res);
-
- return ret;
-}
-
-
static int get_remote_rootdse(struct ldb_context *ldb, void *context,
struct ldb_reply *ares)
{
int ret;
struct map_private *map_private;
struct entryUUID_private *entryUUID_private;
- struct ldb_dn *schema_dn;
ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL);
if (ret != LDB_SUCCESS)
entryUUID_private = talloc_zero(map_private, struct entryUUID_private);
map_private->caller_private = entryUUID_private;
- schema_dn = find_schema_dn(module->ldb, map_private);
- if (!schema_dn) {
- /* Perhaps no schema yet */
- return LDB_SUCCESS;
- }
-
- ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private,
- &entryUUID_private->objectclass_res);
- if (ret != LDB_SUCCESS) {
- /* Perhaps no schema yet */
- return LDB_SUCCESS;
- }
-
ret = find_base_dns(module, entryUUID_private);
return ldb_next_init(module);
int ret;
struct map_private *map_private;
struct entryUUID_private *entryUUID_private;
- struct ldb_dn *schema_dn;
ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL);
if (ret != LDB_SUCCESS)
entryUUID_private = talloc_zero(map_private, struct entryUUID_private);
map_private->caller_private = entryUUID_private;
- schema_dn = find_schema_dn(module->ldb, map_private);
- if (!schema_dn) {
- /* Perhaps no schema yet */
- return LDB_SUCCESS;
- }
-
- ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private,
- &entryUUID_private->objectclass_res);
- if (ret != LDB_SUCCESS) {
- /* Perhaps no schema yet */
- return LDB_SUCCESS;
- }
-
ret = find_base_dns(module, entryUUID_private);
return ldb_next_init(module);
ldb_msg_add_string(msg, "objectCategory",
objectclass->defaultObjectCategory);
}
- if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) {
+ if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass);
- ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd);
+ ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
}
}
}
ldb database library - ldif handlers for Samba
Copyright (C) Andrew Tridgell 2005
- Copyright (C) Andrew Bartlett 2006
+ Copyright (C) Andrew Bartlett 2006-2007
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
if ( ! ldb_dn_validate(dn1)) {
const char *lDAPDisplayName = talloc_strndup(mem_ctx, (char *)in->data, in->length);
class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
- talloc_free(lDAPDisplayName);
- } else if (ldb_dn_get_comp_num(dn1) >= 1 && ldb_attr_cmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) {
- const struct ldb_val *val = ldb_dn_get_rdn_val(dn1);
- const char *cn = talloc_strndup(mem_ctx, (char *)val->data, val->length);
- class = dsdb_class_by_cn(schema, cn);
- talloc_free(cn);
- } else {
- talloc_free(dn1);
- return -1;
- }
- talloc_free(dn1);
-
- if (!class) {
- return -1;
+ if (class) {
+ struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
+ class->defaultObjectCategory);
+ *out = data_blob_string_const(ldb_dn_get_casefold(dn));
+ return LDB_SUCCESS;
+ } else {
+ *out = data_blob_talloc(mem_ctx, in->data, in->length);
+ return LDB_SUCCESS;
+ }
}
-
- *out = data_blob_string_const(talloc_strdup(mem_ctx, class->lDAPDisplayName));
-
+ *out = data_blob_string_const(ldb_dn_get_casefold(dn1));
return LDB_SUCCESS;
}
ret2 = ldif_canonicalise_objectCategory(ldb, mem_ctx, v2, &v2_canon);
if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) {
- return ldb_attr_cmp(v1_canon.data, v2_canon.data);
+ return data_blob_cmp(&v1_canon, &v2_canon);
} else {
- return strcasecmp(v1->data, v2->data);
+ return data_blob_cmp(v1, v2);
}
}
failed=`expr $failed + 1`
fi
+echo "Test Domain scope Control"
+nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=domain_scope:1 '(objectclass=user)' | grep sAMAccountName | wc -l`
+if [ $nentries -lt 1 ]; then
+echo "Extended Domain scope Control test returned 0 items"
+failed=`expr $failed + 1`
+fi
+
echo "Test Attribute Scope Query Control"
nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b "CN=Administrators,CN=Builtin,$BASEDN" | grep sAMAccountName | wc -l`
if [ $nentries -lt 1 ]; then
// assert(res.msgs[0].userAccountControl == 4098);
- var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "ntSecurityDescriptor");
+ var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor");
println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs);
if (res.error != 0 || res.msgs.length != 1) {
assert(res.msgs[0].objectClass[3] == "user");
assert(res.msgs[0].objectGUID != undefined);
assert(res.msgs[0].whenCreated != undefined);
- assert(res.msgs[0].ntSecurityDescriptor != undefined);
+ assert(res.msgs[0].nTSecurityDescriptor != undefined);
+
ok = ldb.del(res.msgs[0].dn);
if (ok.error != 0) {
assert(res.msgs[0].objectClass[0] == "top");
assert(res.msgs[0].objectClass[1] == "domain");
assert(res.msgs[0].objectClass[2] == "domainDNS");
+
+// check enumeration
+
+ var attrs = new Array("cn");
+ println("Testing ldb.search for objectCategory=person");
+ var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
+
+ var attrs = new Array("cn");
+ var controls = new Array("domain_scope:1");
+ println("Testing ldb.search for objectCategory=person with domain scope control");
+ var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
+
+ var attrs = new Array("cn");
+ println("Testing ldb.search for objectCategory=user");
+ var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
+
+ var attrs = new Array("cn");
+ var controls = new Array("domain_scope:1");
+ println("Testing ldb.search for objectCategory=user with domain scope control");
+ var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
+
+ var attrs = new Array("cn");
+ println("Testing ldb.search for objectCategory=group");
+ var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
+
+ var attrs = new Array("cn");
+ var controls = new Array("domain_scope:1");
+ println("Testing ldb.search for objectCategory=group with domain scope control");
+ var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+ assert(res.error == 0);
+ assert(res.msgs.length > 0);
}
git.samba.org / tprouty / samba.git / commitdiff