diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samba3sam.c | 57 | ||||
-rw-r--r-- | source4/lib/ldb/modules/ldb_map.c | 36 | ||||
-rw-r--r-- | source4/scripting/ejs/smbcalls_ldb.c | 14 | ||||
-rwxr-xr-x | testprogs/ejs/samba3sam | 5 |
4 files changed, 92 insertions, 20 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index 41228e52f8..0ee0433071 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -47,6 +47,27 @@ /* In Samba4 but not in Samba3: */ +static void generate_hashes (struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) +{ + const char *upwd = ldb_msg_find_string(local, local_attr, NULL); + struct ldb_val val; + + if (!upwd) + return; + + ldb_msg_add_string(module->ldb, remote_fb, local_attr, upwd); + + val.length = 16; + val.data = talloc_zero_size(module, val.length); + + E_md4hash(upwd, val.data); + ldb_msg_add_value(module->ldb, remote_mp, "sambaNTPassword", &val); + + val.data = talloc_zero_size(module, val.length); + E_deshash(upwd, val.data); + ldb_msg_add_value(module->ldb, remote_mp, "sambaLMPassword", &val); +} + static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *attr, const struct ldb_message *remote) { @@ -72,8 +93,8 @@ static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *mo static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb) { const struct ldb_val *sidval; + char *sidstring; struct dom_sid *sid; - struct ldb_val out; NTSTATUS status; sidval = ldb_msg_find_ldb_val(local, "objectSid"); @@ -94,17 +115,18 @@ static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char if (!ldb_msg_find_ldb_val(local, "primaryGroupID")) return; /* Sorry, no SID today.. */ - sid->sub_auths[sid->num_auths-1] = ldb_msg_find_uint(local, "primaryGroupID", 0); + sid->num_auths--; - status = ndr_push_struct_blob(&out, remote_mp, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); + sidstring = dom_sid_string(remote_mp, sid); talloc_free(sid); - if (!NT_STATUS_IS_OK(status)) { - return; - } - - ldb_msg_add_value(module->ldb, remote_mp, "sambaPrimaryGroupSID", &out); + ldb_msg_add_fmt(module->ldb, remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_uint(local, "primaryGroupID", 0)); + talloc_free(sidstring); } +static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + return ldb_val_dup(ctx, val); +} static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -114,6 +136,7 @@ static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, pwd = getpwnam((char *)val->data); if (!pwd) { + ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Unable to lookup '%s' in passwd", (char *)val->data); return *talloc_zero(ctx, struct ldb_val); } @@ -383,10 +406,11 @@ const struct ldb_map_attribute samba3_attributes[] = /* sAMAccountName -> cn */ { .local_name = "sAMAccountName", - .type = MAP_RENAME, + .type = MAP_CONVERT, .u = { - .rename = { + .convert = { .remote_name = "uid", + .convert_remote = convert_uid_samaccount, }, }, }, @@ -849,6 +873,19 @@ const struct ldb_map_attribute samba3_attributes[] = }, }, }, + + /* unicodePwd */ + { + .local_name = "unicodePwd", + .type = MAP_GENERATE, + .u = { + .generate = { + .remote_names = { "sambaNTPassword", "sambaLMPassword", NULL }, + .generate_local = NULL, + .generate_remote = generate_hashes + }, + }, + }, { .local_name = NULL, } diff --git a/source4/lib/ldb/modules/ldb_map.c b/source4/lib/ldb/modules/ldb_map.c index 3bbf893a27..9b62b1314a 100644 --- a/source4/lib/ldb/modules/ldb_map.c +++ b/source4/lib/ldb/modules/ldb_map.c @@ -324,6 +324,8 @@ static struct ldb_parse_tree *ldb_map_parse_tree(struct ldb_module *module, TALL } if (map_type == MAP_CONVERT) { + if (!attr->u.convert.convert_local) + return NULL; newvalue = attr->u.convert.convert_local(module, new_tree, &value); } else { newvalue = ldb_val_dup(new_tree, &value); @@ -435,6 +437,11 @@ static struct ldb_dn *map_local_dn(struct ldb_module *module, TALLOC_CTX *ctx, c case MAP_CONVERT: newdn->components[i].name = talloc_strdup(newdn->components, attr->u.convert.remote_name); + if (attr->u.convert.convert_local == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "convert_local not set for attribute '%s' used in DN!", dn->components[i].name); + talloc_free(newdn); + return NULL; + } newdn->components[i].value = attr->u.convert.convert_local(module, newdn->components, &dn->components[i].value); break; @@ -658,8 +665,12 @@ static struct ldb_message *ldb_map_message_incoming(struct ldb_module *module, c case MAP_GENERATE: ldb_debug(module->ldb, LDB_DEBUG_TRACE, "Generating local attribute %s", attr->local_name); + if (!attr->u.generate.generate_local) + continue; + elm = attr->u.generate.generate_local(module, msg, attr->local_name, mi); - if (!elm) continue; + if (!elm) + continue; ldb_msg_add(module->ldb, msg, elm, elm->flags); break; @@ -1039,7 +1050,12 @@ static int map_add(struct ldb_module *module, const struct ldb_message *msg) elm = talloc(fb, struct ldb_message_element); elm->num_values = msg->elements[i].num_values; - elm->values = talloc_reference(elm, msg->elements[i].values); + elm->values = talloc_array(elm, struct ldb_val, elm->num_values); + + for (j = 0; j < elm->num_values; j++) { + elm->values[j] = ldb_val_dup(elm, &msg->elements[i].values[j]); + } + elm->name = talloc_strdup(elm, msg->elements[i].name); break; @@ -1049,10 +1065,16 @@ static int map_add(struct ldb_module *module, const struct ldb_message *msg) elm->name = talloc_strdup(elm, attr->u.rename.remote_name); elm->num_values = msg->elements[i].num_values; - elm->values = talloc_reference(elm, msg->elements[i].values); + elm->values = talloc_array(elm, struct ldb_val, elm->num_values); + + for (j = 0; j < elm->num_values; j++) { + elm->values[j] = ldb_val_dup(elm, &msg->elements[i].values[j]); + } break; case MAP_CONVERT: + if (attr->u.convert.convert_local == NULL) + continue; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "Converting %s -> %s", attr->local_name, attr->u.convert.remote_name); elm = talloc(mp, struct ldb_message_element); @@ -1165,6 +1187,8 @@ static int map_modify(struct ldb_module *module, const struct ldb_message *msg) continue; case MAP_CONVERT: + if (!attr->u.convert.convert_local) + continue; elm = talloc(mp, struct ldb_message_element); elm->name = talloc_strdup(elm, attr->u.rename.remote_name); @@ -1397,7 +1421,11 @@ static struct ldb_val map_convert_remote_dn(struct ldb_module *module, TALLOC_CT newval = talloc(ctx, struct ldb_val); newval->data = (uint8_t *)ldb_dn_linearize(ctx, newdn); - newval->length = strlen((char *)newval->data); + if (newval->data) { + newval->length = strlen((char *)newval->data); + } else { + newval->length = 0; + } talloc_free(newdn); diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c index 855dd157f7..f536fbe547 100644 --- a/source4/scripting/ejs/smbcalls_ldb.c +++ b/source4/scripting/ejs/smbcalls_ldb.c @@ -256,17 +256,23 @@ static int ejs_ldbErrstring(MprVarHandle eid, int argc, struct MprVar **argv) static int ejs_base64encode(MprVarHandle eid, int argc, struct MprVar **argv) { char *ret; - DATA_BLOB *blob; if (argc != 1) { ejsSetErrorMsg(eid, "ldb.base64encode invalid argument count"); return -1; } - blob = mprToDataBlob(argv[0]); - mprAssert(blob); - ret = ldb_base64_encode(mprMemCtx(), (char *)blob->data, blob->length); + if (argv[0]->type == MPR_TYPE_STRING) { + const char *orig = mprToString(argv[0]); + ret = ldb_base64_encode(mprMemCtx(), orig, strlen(orig)); + } else { + DATA_BLOB *blob; + blob = mprToDataBlob(argv[0]); + mprAssert(blob); + ret = ldb_base64_encode(mprMemCtx(), (char *)blob->data, blob->length); + } + if (!ret) { mpr_Return(eid, mprCreateUndefinedVar()); } else { diff --git a/testprogs/ejs/samba3sam b/testprogs/ejs/samba3sam index 6ea8da3492..3952f45253 100755 --- a/testprogs/ejs/samba3sam +++ b/testprogs/ejs/samba3sam @@ -115,13 +115,14 @@ println("Adding record that will be mapped"); ok = s4.add(" dn: cn=Niemand,sambaDomainName=TESTS,dc=vernstok,dc=nl objectClass: user -unixName: blah +unixName: bin +unicodePwd: geheim cn: Niemand "); assert(ok); println("Checking for existance of record (mapped)"); -msg = s4.search("(unixName=blah)", new Array('unixName','cn','dn')); +msg = s4.search("(unixName=bin)", new Array('unixName','cn','dn')); assert(msg.length == 1); assert(msg[0].cn == "Niemand"); |