summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-08-10 13:16:41 +0200
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-08-11 12:59:15 +0200
commitb255a41dca63a68f404e37b7eb46b54070bea466 (patch)
treeab9fc73a877384e5d3d3cc33a347ced6f19ef036
parentfe767d4b70665bf8cf825455cb2c1db3fc2a1217 (diff)
downloadsamba-b255a41dca63a68f404e37b7eb46b54070bea466.tar.gz
samba-b255a41dca63a68f404e37b7eb46b54070bea466.tar.bz2
samba-b255a41dca63a68f404e37b7eb46b54070bea466.zip
s4:operational module - move and enhancements
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules" (suggested by abartlet) and enhances it for supporting dynamic generated "primaryGroupToken" for AD groups. This should fix bug #6466.
-rw-r--r--source4/dsdb/samdb/ldb_modules/config.mk11
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c (renamed from source4/lib/ldb/modules/operational.c)63
-rw-r--r--source4/lib/ldb/config.mk12
3 files changed, 59 insertions, 27 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index c039dda065..18144dd2c5 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -323,3 +323,14 @@ SUBSYSTEM = LIBLDB
ldb_instancetype_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/instancetype.o
+################################################
+# Start MODULE ldb_operational
+[MODULE::ldb_operational]
+SUBSYSTEM = LIBLDB
+CFLAGS = -Ilib/ldb/include
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBTEVENT
+INIT_FUNCTION = LDB_MODULE(operational)
+# End MODULE ldb_operational
+################################################
+
+ldb_operational_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/operational.o
diff --git a/source4/lib/ldb/modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 77b0014afa..9cbe1db070 100644
--- a/source4/lib/ldb/modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1,13 +1,14 @@
-/*
+/*
ldb database library
Copyright (C) Andrew Tridgell 2005
Copyright (C) Simo Sorce 2006-2008
+ Copyright (C) Matthias Dieter Wallnöfer 2009
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
@@ -21,6 +22,7 @@
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
+
/*
handle operational attributes
*/
@@ -48,22 +50,26 @@
on modify we need to change whenChanged
- subschemaSubentry: HIDDEN, not-searchable,
+ subschemaSubentry: HIDDEN, not-searchable,
points at DN CN=Aggregate,$SCHEMADN
for this one we do the search as normal, then add the static
value if requested. How do we work out the $BASEDN from inside a
module?
-
structuralObjectClass: HIDDEN, CONSTRUCTED, not-searchable. always same as objectclass?
for this one we do the search as normal, then if requested ask
for objectclass, change the attribute name, and add it
- allowedAttributesEffective: HIDDEN, CONSTRUCTED, not-searchable,
+ allowedAttributesEffective: HIDDEN, CONSTRUCTED, not-searchable,
+
list of attributes that can be modified - requires schema lookup
+ primaryGroupToken: HIDDEN, CONSTRUCTED, SEARCHABLE
+
+ contains the RID of a certain group object
+
attributeTypes: in schema only
objectClasses: in schema only
@@ -76,6 +82,9 @@
#include "ldb_includes.h"
#include "ldb_module.h"
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+
#ifndef ARRAY_SIZE
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
#endif
@@ -83,7 +92,8 @@
/*
construct a canonical name from a message
*/
-static int construct_canonical_name(struct ldb_module *module, struct ldb_message *msg)
+static int construct_canonical_name(struct ldb_module *module,
+ struct ldb_message *msg)
{
char *canonicalName;
canonicalName = ldb_dn_canonical_string(msg, msg->dn);
@@ -94,6 +104,28 @@ static int construct_canonical_name(struct ldb_module *module, struct ldb_messag
}
/*
+ construct a primary group token for groups from a message
+*/
+static int construct_primary_group_token(struct ldb_module *module,
+ struct ldb_message *msg)
+{
+ struct ldb_context *ldb;
+ uint32_t primary_group_token;
+
+ ldb = ldb_module_get_ctx(module);
+
+ if (samdb_search_count(ldb, ldb, msg->dn, "(objectclass=group)") == 1) {
+ primary_group_token
+ = samdb_result_rid_from_sid(ldb, msg, "objectSid", 0);
+ return samdb_msg_add_int(ldb, ldb, msg, "primaryGroupToken",
+ primary_group_token);
+ } else {
+ return LDB_SUCCESS;
+ }
+}
+
+
+/*
a list of attribute names that should be substituted in the parse
tree before the search is done
*/
@@ -118,17 +150,18 @@ static const struct {
{ "createTimestamp", "whenCreated", NULL },
{ "modifyTimestamp", "whenChanged", NULL },
{ "structuralObjectClass", "objectClass", NULL },
- { "canonicalName", "distinguishedName", construct_canonical_name }
+ { "canonicalName", "distinguishedName", construct_canonical_name },
+ { "primaryGroupToken", "objectSid", construct_primary_group_token }
};
/*
post process a search result record. For any search_sub[] attributes that were
asked for, we need to call the appropriate copy routine to copy the result
- into the message, then remove any attributes that we added to the search but were
- not asked for by the user
+ into the message, then remove any attributes that we added to the search but
+ were not asked for by the user
*/
static int operational_search_post_process(struct ldb_module *module,
- struct ldb_message *msg,
+ struct ldb_message *msg,
const char * const *attrs)
{
struct ldb_context *ldb;
@@ -142,7 +175,7 @@ static int operational_search_post_process(struct ldb_module *module,
continue;
}
- /* construct the new attribute, using either a supplied
+ /* construct the new attribute, using either a supplied
constructor or a simple copy */
if (search_sub[i].constructor) {
if (search_sub[i].constructor(module, msg) != 0) {
@@ -154,8 +187,8 @@ static int operational_search_post_process(struct ldb_module *module,
goto failed;
}
- /* remove the added search attribute, unless it was asked for
- by the user */
+ /* remove the added search attribute, unless it was
+ asked for by the user */
if (search_sub[i].replace == NULL ||
ldb_attr_in_list(attrs, search_sub[i].replace) ||
ldb_attr_in_list(attrs, "*")) {
@@ -256,8 +289,8 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req
searchable, but are stored using a different name in the
backend */
for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
- ldb_parse_tree_attr_replace(req->op.search.tree,
- parse_tree_sub[i].attr,
+ ldb_parse_tree_attr_replace(req->op.search.tree,
+ parse_tree_sub[i].attr,
parse_tree_sub[i].replace);
}
diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk
index 6fcf3943d0..4a1f814baa 100644
--- a/source4/lib/ldb/config.mk
+++ b/source4/lib/ldb/config.mk
@@ -47,18 +47,6 @@ SUBSYSTEM = LIBLDB
ldb_paged_searches_OBJ_FILES = $(ldbsrcdir)/modules/paged_searches.o
################################################
-# Start MODULE ldb_operational
-[MODULE::ldb_operational]
-SUBSYSTEM = LIBLDB
-CFLAGS = -I$(ldbsrcdir)/include
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBTEVENT
-INIT_FUNCTION = LDB_MODULE(operational)
-# End MODULE ldb_operational
-################################################
-
-ldb_operational_OBJ_FILES = $(ldbsrcdir)/modules/operational.o
-
-################################################
# Start MODULE ldb_rdn_name
[MODULE::ldb_rdn_name]
SUBSYSTEM = LIBLDB