diff options
-rw-r--r-- | source4/lib/ldb/modules/ldb_map.c | 25 | ||||
-rw-r--r-- | source4/lib/samba3/PLAN | 4 | ||||
-rw-r--r-- | source4/lib/samba3/samba3.h | 1 | ||||
-rw-r--r-- | source4/lib/samba3/smbpasswd.c | 5 | ||||
-rw-r--r-- | source4/scripting/libjs/upgrade.js | 97 |
5 files changed, 98 insertions, 34 deletions
diff --git a/source4/lib/ldb/modules/ldb_map.c b/source4/lib/ldb/modules/ldb_map.c index 513e065f2e..de7a00ef60 100644 --- a/source4/lib/ldb/modules/ldb_map.c +++ b/source4/lib/ldb/modules/ldb_map.c @@ -27,11 +27,15 @@ #include "ldb/include/ldb_private.h" #include "ldb/modules/ldb_map.h" -/* TODO: - * - objectclass hint in ldb_map_attribute - * for use when multiple remote attributes (independant of each other) - * map to one local attribute. E.g.: (uid, gidNumber) -> unixName - * (use MAP_GENERATE instead ?) +/* + * - map_message_outgoing() should: + * - modify: not worry about anything simply map and hope everything + * will be ok. + * - make a list of remote objectclasses that will be used + * given the attributes that are available + * - only add attribute to the remote message if + * it is allowed by the objectclass + * */ /* @@ -701,10 +705,6 @@ static int ldb_map_message_outgoing(struct ldb_module *module, const struct ldb_ } if ((*fb)->num_elements == 0) { - /* No elements, discard.. */ - talloc_free(*fb); - *fb = NULL; - } else { ldb_msg_add_string(module->ldb, *fb, "isMapped", "TRUE"); } @@ -727,8 +727,8 @@ static int map_rename(struct ldb_module *module, const struct ldb_dn *olddn, con struct ldb_dn *n_olddn, *n_newdn; int ret; - ret = ldb_next_rename_record(module, olddn, newdn); - + ret = ldb_next_rename_record(module, n_olddn, n_newdn); + n_olddn = map_local_dn(module, module, olddn); n_newdn = map_local_dn(module, module, newdn); @@ -753,7 +753,7 @@ static int map_delete(struct ldb_module *module, const struct ldb_dn *dn) newdn = map_local_dn(module, module, dn); - ret = ldb_delete(privdat->mapped_ldb, newdn); + ldb_delete(privdat->mapped_ldb, newdn); talloc_free(newdn); @@ -996,7 +996,6 @@ static int map_modify(struct ldb_module *module, const struct ldb_message *msg) if (!map_is_mappable(privdat, msg)) return ldb_next_modify_record(module, msg); - if (ldb_map_message_outgoing(module, msg, &fb, &mp) == -1) return -1; diff --git a/source4/lib/samba3/PLAN b/source4/lib/samba3/PLAN index 47b5edd408..80885a4ec7 100644 --- a/source4/lib/samba3/PLAN +++ b/source4/lib/samba3/PLAN @@ -1,2 +1,4 @@ TODO (SoC project): - - finish ldb_map testsuite + - [ldb_map] some more strict checking when sending data to an LDAP server + - [ldb_map] fix rename + - fix ntPwdHash / lmPwdHash bug diff --git a/source4/lib/samba3/samba3.h b/source4/lib/samba3/samba3.h index f0f4c99513..a5f60bf1c2 100644 --- a/source4/lib/samba3/samba3.h +++ b/source4/lib/samba3/samba3.h @@ -45,7 +45,6 @@ struct samba3_samaccount { char *profile_path; char *acct_desc; char *workstations; - uid_t uid; uint32_t user_rid, group_rid, hours_len, unknown_6; uint16_t acct_ctrl, logon_divs; uint16_t bad_password_count, logon_count; diff --git a/source4/lib/samba3/smbpasswd.c b/source4/lib/samba3/smbpasswd.c index fe0780c8d3..baddb82545 100644 --- a/source4/lib/samba3/smbpasswd.c +++ b/source4/lib/samba3/smbpasswd.c @@ -228,6 +228,7 @@ NTSTATUS samba3_read_smbpasswd(const char *filename, TALLOC_CTX *ctx, struct sam for (i = 0; i < numlines; i++) { char *p = lines[i], *q; + uid_t uid; struct samba3_samaccount *acc = &((*accounts)[*count]); if (p[0] == '\0' || p[0] == '#') @@ -244,7 +245,9 @@ NTSTATUS samba3_read_smbpasswd(const char *filename, TALLOC_CTX *ctx, struct sam acc->username = talloc_strndup(ctx, p, PTR_DIFF(q, p)); p = q+1; - acc->uid = atoi(p); + uid = atoi(p); + + /* uid is ignored here.. */ q = strchr(p, ':'); if (!q) { diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js index ac7e445330..45e6884e9f 100644 --- a/source4/scripting/libjs/upgrade.js +++ b/source4/scripting/libjs/upgrade.js @@ -94,20 +94,40 @@ samba3RefuseMachinePwdChange: %d samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time, samba3.policy.refuse_machine_password_change ); - + return ldif; } -function upgrade_sam_account(acc,domaindn) +function upgrade_sam_account(ldb,acc,domaindn,domainsid) { - var ldb = ldb_init(); + if (acc.nt_username == undefined) { + acc.nt_username = acc.username; + } + + if (acc.nt_username == "") { + acc.nt_username = acc.username; + } + + if (acc.fullname == undefined) { + var pw = nss.getpwnam(acc.fullname); + acc.fullname = pw.pw_gecos; + } + + var pts = split(',', acc.fullname); + acc.fullname = pts[0]; + + assert(acc.fullname != undefined); + assert(acc.nt_username != undefined); + var ldif = sprintf( "dn: cn=%s,%s +objectClass: top objectClass: user lastLogon: %d lastLogoff: %d unixName: %s name: %s +sAMAccountName: %s cn: %s description: %s primaryGroupID: %d @@ -125,15 +145,16 @@ samba3BadPwdTime: %d samba3PassLastSetTime: %d samba3PassCanChangeTime: %d samba3PassMustChangeTime: %d -samba3Rid: %d +objectSid: %s-%d ntPwdHash:: %s lmPwdHash:: %s -", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, +", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, + acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count, acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, -acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid, +acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid, ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); return ldif; @@ -141,6 +162,33 @@ acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc function upgrade_sam_group(grp,domaindn) { + var nss = nss_init(); + + var gr; + if (grp.sid_name_use == 5) { // Well-known group + return undefined; + } + + if (grp.nt_name == "Domain Guests" || + grp.nt_name == "Domain Users" || + grp.nt_name == "Domain Admins") { + return undefined; + } + + if (grp.gid == -1) { + gr = nss.getgrnam(grp.nt_name); + } else { + gr = nss.getgrgid(grp.gid); + } + + if (gr == undefined) { + grp.unixname = "UNKNOWN"; + } else { + grp.unixname = gr.gr_name; + } + + assert(grp.unixname != undefined); + var ldif = sprintf( "dn: cn=%s,%s objectClass: top @@ -148,10 +196,10 @@ objectClass: group description: %s cn: %s objectSid: %s -unixName: FIXME +unixName: %s samba3SidNameUse: %d ", grp.nt_name, domaindn, -grp.comment, grp.nt_name, grp.sid, grp.sid_name_use); +grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use); return ldif; } @@ -421,9 +469,9 @@ function upgrade(subobj, samba3, message, paths) message("Importing users\n"); for (var i in samba3.samaccounts) { var msg = "... " + samba3.samaccounts[i].username; - var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN); + var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID); ok = samdb.add(ldif); - if (!ok) { + if (!ok && samdb.errstring() != "Record exists") { msg = msg + "... error: " + samdb.errstring(); ret = ret + 1; } @@ -434,10 +482,12 @@ function upgrade(subobj, samba3, message, paths) for (var i in samba3.groupmappings) { var msg = "... " + samba3.groupmappings[i].nt_name; var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN); - ok = samdb.add(ldif); - if (!ok) { - msg = msg + "... error: " + samdb.errstring(); - ret = ret + 1; + if (ldif != undefined) { + ok = samdb.add(ldif); + if (!ok && samdb.errstring() != "Record exists") { + msg = msg + "... error: " + samdb.errstring(); + ret = ret + 1; + } } message(msg + "\n"); } @@ -454,7 +504,7 @@ function upgrade(subobj, samba3, message, paths) for (var j in ldif) { var msg = "... ... " + j; ok = regdb.add(ldif[j]); - if (!ok) { + if (!ok && regdb.errstring() != "Record exists") { msg = msg + "... error: " + regdb.errstring(); ret = ret + 1; } @@ -497,10 +547,16 @@ dn: @MAP=samba3sam ok = samdb.add(ldif); assert(ok); - ok = samdb.modify("dn: @MODULES + ok = samdb.modify(" +dn: @MODULES +changetype: modify replace: @LIST -@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam"); - assert(ok); +@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam +"); + if (!ok) { + message("Error enabling samba3sam module: " + samdb.errstring() + "\n"); + ret = ret + 1; + } } return ret; @@ -514,6 +570,11 @@ function upgrade_verify(subobj, samba3,paths,message) var ok = samldb.connect(paths.samdb); assert(ok); + + for (var i in samba3.samaccounts) { + var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))"); + assert(msg.length >= 1); + } // FIXME } |