summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-11-07 05:35:16 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:44:41 +0100
commit27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186 (patch)
tree7da75f98dfa650b0d0bf5ad80262a0fddcf42690
parent1cbb73f235b926a5809bbcf35f0b1ef522e11faa (diff)
downloadsamba-27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186.tar.gz
samba-27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186.tar.bz2
samba-27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186.zip
r25891: Test that we get the correct return value when we attempt to reference
invalid entries with a linked attribute. Make Samba4 pass that test, by fixing a silly bug in the linked_attributes module. (By passing down the 'original' request structure, tdb would override our handle, and therefore we would never be called for the 'wait', which collects the errors). Fix up the provision templates to handle the newly required referential integrity. Andrew Bartlett (This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
-rw-r--r--source4/dsdb/samdb/ldb_modules/linked_attributes.c4
-rw-r--r--source4/setup/provision_users.ldif242
-rwxr-xr-xtestprogs/ejs/ldap.js46
3 files changed, 152 insertions, 140 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index aea0a34ec2..be5dd12d3b 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -243,7 +243,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
ac->num_requests++;
/* Run the original request */
- ret = ldb_next_request(module, req);
+ ret = ldb_next_request(module, ac->down_req[0]);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -323,7 +323,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
ac->num_requests++;
/* Run the original request */
- ret = ldb_next_request(module, req);
+ ret = ldb_next_request(module, ac->down_req[0]);
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 95c28f92d8..7c1a438d8e 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -20,6 +20,127 @@ objectSid: ${DOMAINSID}-501
sAMAccountName: Guest
isCriticalSystemObject: TRUE
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Admins
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=krbtgt,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: krbtgt
+description: Key Distribution Center Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+objectSid: ${DOMAINSID}-502
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: krbtgt
+sAMAccountType: 805306368
+servicePrincipalName: kadmin/changepw
+isCriticalSystemObject: TRUE
+sambaPassword:: ${KRBTGTPASS_B64}
+
+dn: CN=Domain Computers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Computers
+description: All workstations and servers joined to the domain
+objectSid: ${DOMAINSID}-515
+sAMAccountName: Domain Computers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Controllers
+description: All domain controllers in the domain
+objectSid: ${DOMAINSID}-516
+adminCount: 1
+sAMAccountName: Domain Controllers
+isCriticalSystemObject: TRUE
+
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Schema Admins
+description: Designated administrators of the schema
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-518
+adminCount: 1
+sAMAccountName: Schema Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cert Publishers
+description: Members of this group are permitted to publish certificates to the Active Directory
+groupType: 2147483652
+sAMAccountType: 536870912
+objectSid: ${DOMAINSID}-517
+sAMAccountName: Cert Publishers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Admins
+description: Designated administrators of the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-512
+adminCount: 1
+sAMAccountName: Domain Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Users
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Guests
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Group Policy Creator Owners
+description: Members in this group can modify group policy for the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-520
+sAMAccountName: Group Policy Creator Owners
+isCriticalSystemObject: TRUE
+
+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: RAS and IAS Servers
+description: Servers in this group can access remote access properties of users
+instanceType: 4
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+sAMAccountType: 536870912
+groupType: 2147483652
+isCriticalSystemObject: TRUE
+
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -181,127 +302,6 @@ systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
-dn: CN=krbtgt,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-cn: krbtgt
-description: Key Distribution Center Service Account
-showInAdvancedViewOnly: TRUE
-userAccountControl: 514
-objectSid: ${DOMAINSID}-502
-adminCount: 1
-accountExpires: 9223372036854775807
-sAMAccountName: krbtgt
-sAMAccountType: 805306368
-servicePrincipalName: kadmin/changepw
-isCriticalSystemObject: TRUE
-sambaPassword:: ${KRBTGTPASS_B64}
-
-dn: CN=Domain Computers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Computers
-description: All workstations and servers joined to the domain
-objectSid: ${DOMAINSID}-515
-sAMAccountName: Domain Computers
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Controllers
-description: All domain controllers in the domain
-objectSid: ${DOMAINSID}-516
-adminCount: 1
-sAMAccountName: Domain Controllers
-isCriticalSystemObject: TRUE
-
-dn: CN=Schema Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Schema Admins
-description: Designated administrators of the schema
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-518
-adminCount: 1
-sAMAccountName: Schema Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Enterprise Admins
-description: Designated administrators of the enterprise
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-519
-adminCount: 1
-sAMAccountName: Enterprise Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Cert Publishers
-description: Members of this group are permitted to publish certificates to the Active Directory
-groupType: 2147483652
-sAMAccountType: 536870912
-objectSid: ${DOMAINSID}-517
-sAMAccountName: Cert Publishers
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Admins
-description: Designated administrators of the domain
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-512
-adminCount: 1
-sAMAccountName: Domain Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Users,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Users
-description: All domain users
-objectSid: ${DOMAINSID}-513
-sAMAccountName: Domain Users
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Guests,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Guests
-description: All domain guests
-objectSid: ${DOMAINSID}-514
-sAMAccountName: Domain Guests
-isCriticalSystemObject: TRUE
-
-dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Group Policy Creator Owners
-description: Members in this group can modify group policy for the domain
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-520
-sAMAccountName: Group Policy Creator Owners
-isCriticalSystemObject: TRUE
-
-dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: RAS and IAS Servers
-description: Servers in this group can access remote access properties of users
-instanceType: 4
-objectSid: ${DOMAINSID}-553
-sAMAccountName: RAS and IAS Servers
-sAMAccountType: 536870912
-groupType: 2147483652
-isCriticalSystemObject: TRUE
-
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js
index 56fbf4f0df..c012f84bf0 100755
--- a/testprogs/ejs/ldap.js
+++ b/testprogs/ejs/ldap.js
@@ -31,6 +31,20 @@ function basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
ldb.del("cn=ldaptestuser,cn=users," + base_dn);
+ ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
+
+ println("Testing group add with invalid member");
+ var ok = ldb.add("
+dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
+objectclass: group
+member: cn=ldaptestuser,cn=useRs," + base_dn + "
+");
+
+ if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
+ println(ok.errstr);
+ assert(ok.error == 32);
+ }
+
var ok = ldb.add("
dn: cn=ldaptestuser,cn=uSers," + base_dn + "
objectclass: user
@@ -55,28 +69,14 @@ cN: LDAPtestUSER
}
}
- ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
-
var ok = ldb.add("
dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
objectclass: group
member: cn=ldaptestuser,cn=useRs," + base_dn + "
");
if (ok.error != 0) {
- ok = ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
- if (ok.error != 0) {
- println(ok.errstr);
- assert(ok.error == 0);
- }
- ok = ldb.add("
-dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
-objectclass: group
-member: cn=ldaptestuser,cn=useRs," + base_dn + "
-");
- if (ok.error != 0) {
- println(ok.errstr);
- assert(ok.error == 0);
- }
+ println(ok.errstr);
+ assert(ok.error == 0);
}
var ok = ldb.add("
@@ -185,6 +185,18 @@ member: cn=ldaptestcomputer,cn=computers," + base_dn + "
ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
+ println("Testing adding non-existent user to a group");
+ ok = ldb.modify("
+dn: cn=ldaptestgroup,cn=users," + base_dn + "
+changetype: modify
+add: member
+member: cn=ldaptestuser3,cn=users," + base_dn + "
+");
+ if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
+ println(ok.errstr);
+ assert(ok.error == 32);
+ }
+
println("Testing Renames");
ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
@@ -895,7 +907,7 @@ var base_dn = find_basedn(ldb);
var configuration_dn = find_configurationdn(ldb);
var schema_dn = find_schemadn(ldb);
-printf("baseDN: %s\n", base_dn);
+println("baseDN: %s\n", base_dn);
var ok = gc_ldb.connect("ldap://" + host + ":3268");
if (!ok) {