diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samba3sam.c | 52 | ||||
-rwxr-xr-x | source4/script/tests/test_s3upgrade.sh | 1 | ||||
-rwxr-xr-x | testprogs/ejs/samba3sam | 44 |
3 files changed, 86 insertions, 11 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index b823f11f8c..769cda2903 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -8,6 +8,7 @@ #include "ldb/modules/ldb_map.h" #include "ldb/include/ldb.h" #include "ldb/include/ldb_private.h" +#include "librpc/gen_ndr/ndr_security.h" /* FIXME: * sambaSID -> member (dn!) @@ -81,6 +82,51 @@ static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX return ldb_val_dup(ctx, val); } +static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data); + struct ldb_val *out = talloc_zero(out, struct ldb_val); + NTSTATUS status; + + if (sid == NULL) { + return *out; + } + status = ndr_push_struct_blob(out, ctx, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + talloc_free(sid); + if (!NT_STATUS_IS_OK(status)) { + return *out; + } + + return *out; +} + +static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct dom_sid *sid; + NTSTATUS status; + struct ldb_val *out = talloc_zero(ctx, struct ldb_val); + + sid = talloc(ctx, struct dom_sid); + if (sid == NULL) { + return *out; + } + status = ndr_pull_struct_blob(val, sid, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sid); + return *out; + } + out->data = (uint8_t *)dom_sid_string(ctx, sid); + talloc_free(sid); + if (out->data == NULL) { + return *out; + } + out->length = strlen((const char *)out->data); + + return *out; +} + const struct ldb_map_objectclass samba3_objectclasses[] = { { "group", "sambaGroupMapping" }, { "user", "sambaSAMAccount" }, @@ -304,8 +350,10 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaSID -> objectSid*/ { .local_name = "objectSid", - .type = MAP_RENAME, - .u.rename.remote_name = "sambaSID", + .type = MAP_CONVERT, + .u.convert.remote_name = "sambaSID", + .u.convert.convert_local = decode_sid, + .u.convert.convert_remote = encode_sid, }, /* sambaPwdLastSet -> pwdLastSet */ diff --git a/source4/script/tests/test_s3upgrade.sh b/source4/script/tests/test_s3upgrade.sh index e4e5d828e5..d981d5410a 100755 --- a/source4/script/tests/test_s3upgrade.sh +++ b/source4/script/tests/test_s3upgrade.sh @@ -10,5 +10,6 @@ fi mkdir -p $PREFIX rm -f $PREFIX/* +bin/smbscript ../testprogs/ejs/samba3sam bin/smbscript ../testdata/samba3/verify ../testdata/samba3 bin/smbscript setup/upgrade --verify --targetdir=$PREFIX ../testdata/samba3 ../testdata/samba3/smb.conf diff --git a/testprogs/ejs/samba3sam b/testprogs/ejs/samba3sam index 3331cfe164..75e9f65863 100755 --- a/testprogs/ejs/samba3sam +++ b/testprogs/ejs/samba3sam @@ -1,4 +1,8 @@ #!/usr/bin/env smbscript +/* (C) Jelmer Vernooij <jelmer@samba.org> 2005 + Published under the GNU GPL + Sponsored by Google Summer of Code + */ libinclude("base.js"); var mypath = substr(ARGV[0], 0, -strlen("samba3sam")); @@ -57,17 +61,32 @@ assert(msg['mappedFromDn'] == msg['dn']); println("Looking up by non-mapped attribute"); msg = s4.search("(cn=Administrator)"); +assert(msg[0].cn == "Administrator"); assert(msg.length == 1); println("Looking up by mapped attribute"); msg = s4.search("(name=Backup Operators)"); +assert(msg[0].name == "Backup Operators"); assert(msg.length == 1); println("Looking up by old name of renamed attribute"); msg = s4.search("(displayName=Backup Operators)"); +assert(msg.length == 0); + +println("Looking up mapped entry containing SID"); +msg = s4.search("(cn=Replicator)"); assert(msg.length == 1); +assert(msg[0].dn == "cn=Replicator,ou=Groups,ou=Tests,dc=vernstok,dc=nl"); +assert(msg[0].objectSid == "S-1-5-21-4231626423-2410014848-2360679739-552"); +assert(msg[0].mappedFromDn == msg[0].dn); + +println("Checking mapping of objectclass"); +var oc = msg[0].objectclass; +for (var i in oc) { + assert(oc[i] == "posixGroup" || oc[i] == "group"); +} -println("Adding a record"); +println("Adding a record that will be fallbacked"); ok = s4.add(" dn: cn=Foo,dc=idealx,dc=org unixName: root @@ -80,19 +99,26 @@ assert(ok); println("Checking for existance of record"); msg = s4.search("(cn=Foo)", new Array('unixName','lastLogon','cn','showInAdvancedViewOnly')); assert(msg.length == 1); +assert(msg[0].showInAdvancedViewOnly == "TRUE"); +assert(msg[0].cn == "Foo"); +assert(msg[0].unixName == "root"); +assert(msg[0].lastLogon == 20000); -println("Checking for persistence of non-mappable attribute"); -msg = s4.search("(cn=Foo)", new Array('showInAdvancedViewOnly')); -assert(msg.length == 1); - -println("Adding record with mapped attribute in dn"); +println("Adding record that will be mapped"); ok = s4.add(" -dn: unixName=nobody,dc=idealx,dc=org -unixName: nobody +dn: cn=Niemand,ou=Tests,dc=vernstok,dc=nl +objectClass: user +unixName: blah cn: Niemand "); assert(ok); println("Checking for existance of record (mapped)"); -msg = s4.search("(unixName=nobody)", new Array('unixName','cn','dn')); +msg = s4.search("(unixName=blah)", new Array('unixName','cn','dn')); assert(msg.length == 1); + +println("Checking for data in destination database"); +msg = s3.search("(cn=Niemand)"); +assert(msg.length >= 1); +assert(msg[0].displayName == "Niemand"); + |