summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba3sam.c52
-rwxr-xr-xsource4/script/tests/test_s3upgrade.sh1
-rwxr-xr-xtestprogs/ejs/samba3sam44
3 files changed, 86 insertions, 11 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c
index b823f11f8c..769cda2903 100644
--- a/source4/dsdb/samdb/ldb_modules/samba3sam.c
+++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c
@@ -8,6 +8,7 @@
#include "ldb/modules/ldb_map.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* FIXME:
* sambaSID -> member (dn!)
@@ -81,6 +82,51 @@ static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX
return ldb_val_dup(ctx, val);
}
+static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+ struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data);
+ struct ldb_val *out = talloc_zero(out, struct ldb_val);
+ NTSTATUS status;
+
+ if (sid == NULL) {
+ return *out;
+ }
+ status = ndr_push_struct_blob(out, ctx, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ talloc_free(sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return *out;
+ }
+
+ return *out;
+}
+
+static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+ struct dom_sid *sid;
+ NTSTATUS status;
+ struct ldb_val *out = talloc_zero(ctx, struct ldb_val);
+
+ sid = talloc(ctx, struct dom_sid);
+ if (sid == NULL) {
+ return *out;
+ }
+ status = ndr_pull_struct_blob(val, sid, sid,
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(sid);
+ return *out;
+ }
+ out->data = (uint8_t *)dom_sid_string(ctx, sid);
+ talloc_free(sid);
+ if (out->data == NULL) {
+ return *out;
+ }
+ out->length = strlen((const char *)out->data);
+
+ return *out;
+}
+
const struct ldb_map_objectclass samba3_objectclasses[] = {
{ "group", "sambaGroupMapping" },
{ "user", "sambaSAMAccount" },
@@ -304,8 +350,10 @@ const struct ldb_map_attribute samba3_attributes[] =
/* sambaSID -> objectSid*/
{
.local_name = "objectSid",
- .type = MAP_RENAME,
- .u.rename.remote_name = "sambaSID",
+ .type = MAP_CONVERT,
+ .u.convert.remote_name = "sambaSID",
+ .u.convert.convert_local = decode_sid,
+ .u.convert.convert_remote = encode_sid,
},
/* sambaPwdLastSet -> pwdLastSet */
diff --git a/source4/script/tests/test_s3upgrade.sh b/source4/script/tests/test_s3upgrade.sh
index e4e5d828e5..d981d5410a 100755
--- a/source4/script/tests/test_s3upgrade.sh
+++ b/source4/script/tests/test_s3upgrade.sh
@@ -10,5 +10,6 @@ fi
mkdir -p $PREFIX
rm -f $PREFIX/*
+bin/smbscript ../testprogs/ejs/samba3sam
bin/smbscript ../testdata/samba3/verify ../testdata/samba3
bin/smbscript setup/upgrade --verify --targetdir=$PREFIX ../testdata/samba3 ../testdata/samba3/smb.conf
diff --git a/testprogs/ejs/samba3sam b/testprogs/ejs/samba3sam
index 3331cfe164..75e9f65863 100755
--- a/testprogs/ejs/samba3sam
+++ b/testprogs/ejs/samba3sam
@@ -1,4 +1,8 @@
#!/usr/bin/env smbscript
+/* (C) Jelmer Vernooij <jelmer@samba.org> 2005
+ Published under the GNU GPL
+ Sponsored by Google Summer of Code
+ */
libinclude("base.js");
var mypath = substr(ARGV[0], 0, -strlen("samba3sam"));
@@ -57,17 +61,32 @@ assert(msg['mappedFromDn'] == msg['dn']);
println("Looking up by non-mapped attribute");
msg = s4.search("(cn=Administrator)");
+assert(msg[0].cn == "Administrator");
assert(msg.length == 1);
println("Looking up by mapped attribute");
msg = s4.search("(name=Backup Operators)");
+assert(msg[0].name == "Backup Operators");
assert(msg.length == 1);
println("Looking up by old name of renamed attribute");
msg = s4.search("(displayName=Backup Operators)");
+assert(msg.length == 0);
+
+println("Looking up mapped entry containing SID");
+msg = s4.search("(cn=Replicator)");
assert(msg.length == 1);
+assert(msg[0].dn == "cn=Replicator,ou=Groups,ou=Tests,dc=vernstok,dc=nl");
+assert(msg[0].objectSid == "S-1-5-21-4231626423-2410014848-2360679739-552");
+assert(msg[0].mappedFromDn == msg[0].dn);
+
+println("Checking mapping of objectclass");
+var oc = msg[0].objectclass;
+for (var i in oc) {
+ assert(oc[i] == "posixGroup" || oc[i] == "group");
+}
-println("Adding a record");
+println("Adding a record that will be fallbacked");
ok = s4.add("
dn: cn=Foo,dc=idealx,dc=org
unixName: root
@@ -80,19 +99,26 @@ assert(ok);
println("Checking for existance of record");
msg = s4.search("(cn=Foo)", new Array('unixName','lastLogon','cn','showInAdvancedViewOnly'));
assert(msg.length == 1);
+assert(msg[0].showInAdvancedViewOnly == "TRUE");
+assert(msg[0].cn == "Foo");
+assert(msg[0].unixName == "root");
+assert(msg[0].lastLogon == 20000);
-println("Checking for persistence of non-mappable attribute");
-msg = s4.search("(cn=Foo)", new Array('showInAdvancedViewOnly'));
-assert(msg.length == 1);
-
-println("Adding record with mapped attribute in dn");
+println("Adding record that will be mapped");
ok = s4.add("
-dn: unixName=nobody,dc=idealx,dc=org
-unixName: nobody
+dn: cn=Niemand,ou=Tests,dc=vernstok,dc=nl
+objectClass: user
+unixName: blah
cn: Niemand
");
assert(ok);
println("Checking for existance of record (mapped)");
-msg = s4.search("(unixName=nobody)", new Array('unixName','cn','dn'));
+msg = s4.search("(unixName=blah)", new Array('unixName','cn','dn'));
assert(msg.length == 1);
+
+println("Checking for data in destination database");
+msg = s3.search("(cn=Niemand)");
+assert(msg.length >= 1);
+assert(msg[0].displayName == "Niemand");
+