From 0eb3ee32049eb5b76308e8ef4dc6af3db544afbb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 15 Aug 2007 13:14:38 +0000 Subject: [PATCH] r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, and to test the behaviour of objectCategory=user searches. It turns out (thanks to a hint on http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps into objectCategory=CN=Person,... (by the defaultObjectCategory of that objectclass). Simplify the entryUUID module by using the fact that we now set the DN as the canoncical form of objectCategory. Andrew Bartlett (This used to be commit b474be9507df51982a604289215bb1868124fc24) --- source4/dsdb/samdb/ldb_modules/entryUUID.c | 116 +------------------ source4/dsdb/samdb/ldb_modules/objectclass.c | 4 +- source4/lib/ldb/samba/ldif_handlers.c | 33 +++--- testprogs/blackbox/test_ldb.sh | 7 ++ testprogs/ejs/ldap.js | 46 +++++++- 5 files changed, 72 insertions(+), 134 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 751b073c801..6114e0f602a 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -36,7 +36,6 @@ #include "librpc/ndr/libndr.h" struct entryUUID_private { - struct ldb_result *objectclass_res; struct ldb_dn **base_dns; }; @@ -148,28 +147,17 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c return out; } +/* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - int i; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - struct ldb_result *list; + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); - if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) { - return *val; + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); } - map_private = talloc_get_type(module->private_data, struct map_private); - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - list = entryUUID_private->objectclass_res; - - for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { - char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn); - return data_blob_string_const(dn); - } - } - return *val; + return out; } static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -588,70 +576,6 @@ static const char * const nsuniqueid_wildcard_attributes[] = { NULL }; -static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) -{ - const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; - struct ldb_dn *schema_dn; - struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL); - struct ldb_result *rootdse_res; - int ldb_ret; - if (!basedn) { - return NULL; - } - - /* Search for rootdse */ - ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res); - if (ldb_ret != LDB_SUCCESS) { - return NULL; - } - - talloc_steal(mem_ctx, rootdse_res); - - if (rootdse_res->count != 1) { - ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count); - return NULL; - } - - /* Locate schema */ - schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); - if (!schema_dn) { - return NULL; - } - - talloc_free(rootdse_res); - return schema_dn; -} - -static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, - TALLOC_CTX *mem_ctx, - struct ldb_result **objectclass_res) -{ - TALLOC_CTX *local_ctx = talloc_new(mem_ctx); - int ret; - const char *attrs[] = { - "lDAPDisplayName", - "governsID", - NULL - }; - - if (!local_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Downlaod schema */ - ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, - "objectClass=classSchema", - attrs, objectclass_res); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(mem_ctx, objectclass_res); - - return ret; -} - - static int get_remote_rootdse(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { @@ -730,7 +654,6 @@ static int entryUUID_init(struct ldb_module *module) int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -741,19 +664,6 @@ static int entryUUID_init(struct ldb_module *module) entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); @@ -765,7 +675,6 @@ static int nsuniqueid_init(struct ldb_module *module) int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -776,19 +685,6 @@ static int nsuniqueid_init(struct ldb_module *module) entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 0d55ef07db2..f7b2da9b839 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -318,9 +318,9 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); } - if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) { + if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); - ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd); + ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } } diff --git a/source4/lib/ldb/samba/ldif_handlers.c b/source4/lib/ldb/samba/ldif_handlers.c index 3e9591cb861..eadf49518fb 100644 --- a/source4/lib/ldb/samba/ldif_handlers.c +++ b/source4/lib/ldb/samba/ldif_handlers.c @@ -2,7 +2,7 @@ ldb database library - ldif handlers for Samba Copyright (C) Andrew Tridgell 2005 - Copyright (C) Andrew Bartlett 2006 + Copyright (C) Andrew Bartlett 2006-2007 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released ** under the LGPL @@ -309,24 +309,17 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c if ( ! ldb_dn_validate(dn1)) { const char *lDAPDisplayName = talloc_strndup(mem_ctx, (char *)in->data, in->length); class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); - talloc_free(lDAPDisplayName); - } else if (ldb_dn_get_comp_num(dn1) >= 1 && ldb_attr_cmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) { - const struct ldb_val *val = ldb_dn_get_rdn_val(dn1); - const char *cn = talloc_strndup(mem_ctx, (char *)val->data, val->length); - class = dsdb_class_by_cn(schema, cn); - talloc_free(cn); - } else { - talloc_free(dn1); - return -1; - } - talloc_free(dn1); - - if (!class) { - return -1; + if (class) { + struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, + class->defaultObjectCategory); + *out = data_blob_string_const(ldb_dn_get_casefold(dn)); + return LDB_SUCCESS; + } else { + *out = data_blob_talloc(mem_ctx, in->data, in->length); + return LDB_SUCCESS; + } } - - *out = data_blob_string_const(talloc_strdup(mem_ctx, class->lDAPDisplayName)); - + *out = data_blob_string_const(ldb_dn_get_casefold(dn1)); return LDB_SUCCESS; } @@ -341,9 +334,9 @@ static int ldif_comparison_objectCategory(struct ldb_context *ldb, void *mem_ctx ret2 = ldif_canonicalise_objectCategory(ldb, mem_ctx, v2, &v2_canon); if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) { - return ldb_attr_cmp(v1_canon.data, v2_canon.data); + return data_blob_cmp(&v1_canon, &v2_canon); } else { - return strcasecmp(v1->data, v2->data); + return data_blob_cmp(v1, v2); } } diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh index 6ebb6c143b1..8a019e18b79 100755 --- a/testprogs/blackbox/test_ldb.sh +++ b/testprogs/blackbox/test_ldb.sh @@ -77,6 +77,13 @@ echo "Extended DN Control test returned 0 items" failed=`expr $failed + 1` fi +echo "Test Domain scope Control" +nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=domain_scope:1 '(objectclass=user)' | grep sAMAccountName | wc -l` +if [ $nentries -lt 1 ]; then +echo "Extended Domain scope Control test returned 0 items" +failed=`expr $failed + 1` +fi + echo "Test Attribute Scope Query Control" nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b "CN=Administrators,CN=Builtin,$BASEDN" | grep sAMAccountName | wc -l` if [ $nentries -lt 1 ]; then diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js index 5735b8b391c..6515c7abfe1 100755 --- a/testprogs/ejs/ldap.js +++ b/testprogs/ejs/ldap.js @@ -439,7 +439,7 @@ objectClass: user // assert(res.msgs[0].userAccountControl == 4098); - var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "ntSecurityDescriptor"); + var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor"); println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"); var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs); if (res.error != 0 || res.msgs.length != 1) { @@ -457,7 +457,8 @@ objectClass: user assert(res.msgs[0].objectClass[3] == "user"); assert(res.msgs[0].objectGUID != undefined); assert(res.msgs[0].whenCreated != undefined); - assert(res.msgs[0].ntSecurityDescriptor != undefined); + assert(res.msgs[0].nTSecurityDescriptor != undefined); + ok = ldb.del(res.msgs[0].dn); if (ok.error != 0) { @@ -575,6 +576,47 @@ objectClass: user assert(res.msgs[0].objectClass[0] == "top"); assert(res.msgs[0].objectClass[1] == "domain"); assert(res.msgs[0].objectClass[2] == "domainDNS"); + +// check enumeration + + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=person"); + var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=person with domain scope control"); + var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=user"); + var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=user with domain scope control"); + var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=group"); + var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=group with domain scope control"); + var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); } -- 2.34.1