From adef944c4314daded57d21b8f1dd2a1b8156740e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Nov 2007 02:26:47 +0100 Subject: r26137: Rename the entryUUID module to better match it's purpose: being a simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett (This used to be commit a7be80766f4270d63433bbd6a976ebf302ed3433) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 833 +++++++++++++++++++++++ 1 file changed, 833 insertions(+) create mode 100644 source4/dsdb/samdb/ldb_modules/simple_ldap_map.c (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c new file mode 100644 index 0000000000..2b8b07f0b4 --- /dev/null +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -0,0 +1,833 @@ +/* + ldb database module + + LDAP semantics mapping module + + Copyright (C) Jelmer Vernooij 2005 + Copyright (C) Andrew Bartlett 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + This module relies on ldb_map to do all the real work, but performs + some of the trivial mappings between AD semantics and that provided + by OpenLDAP and similar servers. +*/ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" +#include "ldb/include/ldb_errors.h" +#include "ldb/ldb_map/ldb_map.h" + +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/ndr/libndr.h" + +struct entryuuid_private { + struct ldb_dn **base_dns; +}; + +static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return out; + } + + return out; +} + +static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID *guid; + struct ldb_val out = data_blob(NULL, 0); + if (val->length >= 32 && val->data[val->length] == '\0') { + ldb_handler_copy(module->ldb, ctx, val, &out); + } else { + enum ndr_err_code ndr_err; + + guid = talloc(ctx, struct GUID); + if (guid == NULL) { + return out; + } + ndr_err = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(guid); + return out; + } + out = data_blob_string_const(GUID_string(ctx, guid)); + talloc_free(guid); + } + return out; +} + +static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = NS_GUID_from_string((char *)val->data, &guid); + enum ndr_err_code ndr_err; + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return out; + } + + return out; +} + +static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + if (val->length >= 32 && val->data[val->length] == '\0') { + struct GUID guid; + GUID_from_string((char *)val->data, &guid); + out = data_blob_string_const(NS_GUID_string(ctx, &guid)); + } else { + enum ndr_err_code ndr_err; + struct GUID *guid_p; + guid_p = talloc(ctx, struct GUID); + if (guid_p == NULL) { + return out; + } + ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(guid_p); + return out; + } + out = data_blob_string_const(NS_GUID_string(ctx, guid_p)); + talloc_free(guid_p); + } + return out; +} + +/* The backend holds binary sids, so just copy them back */ +static struct ldb_val val_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + ldb_handler_copy(module->ldb, ctx, val, &out); + + return out; +} + +/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */ +static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); + + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + +/* Ensure we always convert objectCategory into a DN */ +static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); + + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + +static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + long long int signed_ll = strtoll((const char *)val->data, NULL, 10); + if (signed_ll >= 0x80000000LL) { + union { + int32_t signed_int; + uint32_t unsigned_int; + } u = { + .unsigned_int = strtoul((const char *)val->data, NULL, 10) + }; + + struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int)); + return out; + } + return val_copy(module, ctx, val); +} + +static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(talloc_asprintf(ctx, "%s#%06x#00#000000", ldb_timestring(ctx, t), (unsigned int)(usn & 0xFFFFFF))); + return out; +} + +static unsigned long long entryCSN_to_usn_int(TALLOC_CTX *ctx, const struct ldb_val *val) +{ + char *entryCSN = talloc_strdup(ctx, (const char *)val->data); + char *mod_per_sec; + time_t t; + unsigned long long usn; + char *p; + if (!entryCSN) { + return 0; + } + p = strchr(entryCSN, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + mod_per_sec = p; + + p = strchr(p, '#'); + if (!p) { + return 0; + } + p[0] = '\0'; + p++; + + usn = strtol(mod_per_sec, NULL, 16); + + t = ldb_string_to_time(entryCSN); + + usn = usn | ((unsigned long long)t <<24); + return usn; +} + +static struct ldb_val entryCSN_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = entryCSN_to_usn_int(ctx, val); + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + +static struct ldb_val usn_to_timestamp(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + unsigned long long usn = strtoull((const char *)val->data, NULL, 10); + time_t t = (usn >> 24); + out = data_blob_string_const(ldb_timestring(ctx, t)); + return out; +} + +static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out; + time_t t; + unsigned long long usn; + + t = ldb_string_to_time((const char *)val->data); + + usn = ((unsigned long long)t <<24); + + out = data_blob_string_const(talloc_asprintf(ctx, "%lld", usn)); + return out; +} + + +static const struct ldb_map_attribute entryuuid_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryUUID", + .convert_local = guid_always_string, + .convert_remote = encode_guid, + }, + }, + }, + /* invocationId */ + { + .local_name = "invocationId", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "invocationId", + .convert_local = guid_always_string, + .convert_remote = encode_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "name", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4RDN" + } + } + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "objectClasses", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4ObjectClasses" + } + } + }, + { + .local_name = "dITContentRules", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4DITContentRules" + } + } + }, + { + .local_name = "attributeTypes", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "samba4AttributeTypes" + } + } + }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "sAMAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "sAMAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "entryCSN", + .convert_local = usn_to_entryCSN, + .convert_remote = entryCSN_to_usn + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* This objectClass conflicts with builtin classes on OpenLDAP */ +const struct ldb_map_objectclass entryuuid_objectclasses[] = +{ + { + .local_name = "subSchema", + .remote_name = "samba4SubSchema" + }, + { + .local_name = NULL + } +}; + +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +static const char * const entryuuid_wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + "usnCreated", + "usnChanged", + NULL +}; + +static const struct ldb_map_attribute nsuniqueid_attributes[] = +{ + /* objectGUID */ + { + .local_name = "objectGUID", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "nsuniqueid", + .convert_local = guid_ns_string, + .convert_remote = encode_ns_guid, + }, + }, + }, + /* objectSid */ + { + .local_name = "objectSid", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectSid", + .convert_local = sid_always_binary, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "whenCreated", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "createTimestamp" + } + } + }, + { + .local_name = "whenChanged", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "modifyTimestamp" + } + } + }, + { + .local_name = "sambaPassword", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "userPassword" + } + } + }, + { + .local_name = "objectCategory", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "objectCategory", + .convert_local = objectCategory_always_dn, + .convert_remote = val_copy, + }, + }, + }, + { + .local_name = "distinguishedName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, + { + .local_name = "groupType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "groupType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "sAMAccountType", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "sAMAccountType", + .convert_local = normalise_to_signed32, + .convert_remote = val_copy, + }, + } + }, + { + .local_name = "usnChanged", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "modifyTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "usnCreated", + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = "createTimestamp", + .convert_local = usn_to_timestamp, + .convert_remote = timestamp_to_usn, + }, + }, + }, + { + .local_name = "*", + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* These things do not show up in wildcard searches in OpenLDAP, but + * we need them to show up in the AD-like view */ +static const char * const nsuniqueid_wildcard_attributes[] = { + "objectGUID", + "whenCreated", + "whenChanged", + "usnCreated", + "usnChanged", + NULL +}; + +static int get_remote_rootdse(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + struct entryuuid_private *entryuuid_private; + entryuuid_private = talloc_get_type(context, + struct entryuuid_private); + if (ares->type == LDB_REPLY_ENTRY) { + int i; + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); + entryuuid_private->base_dns = talloc_realloc(entryuuid_private, entryuuid_private->base_dns, struct ldb_dn *, + el->num_values + 1); + for (i=0; i < el->num_values; i++) { + if (!entryuuid_private->base_dns) { + return LDB_ERR_OPERATIONS_ERROR; + } + entryuuid_private->base_dns[i] = ldb_dn_new(entryuuid_private->base_dns, ldb, (const char *)el->values[i].data); + if ( ! ldb_dn_validate(entryuuid_private->base_dns[i])) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + entryuuid_private->base_dns[i] = NULL; + } + + return LDB_SUCCESS; +} + +static int find_base_dns(struct ldb_module *module, + struct entryuuid_private *entryuuid_private) +{ + int ret; + struct ldb_request *req; + const char *naming_context_attr[] = { + "namingContexts", + NULL + }; + req = talloc(entryuuid_private, struct ldb_request); + if (req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_SEARCH; + req->op.search.base = ldb_dn_new(req, module->ldb, NULL); + req->op.search.scope = LDB_SCOPE_BASE; + + req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); + if (req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(req); + return LDB_ERR_OPERATIONS_ERROR; + } + + req->op.search.attrs = naming_context_attr; + req->controls = NULL; + req->context = entryuuid_private; + req->callback = get_remote_rootdse; + ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ + + ret = ldb_next_request(module, req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(req); + if (ret != LDB_SUCCESS) { + return ret; + } + + return LDB_SUCCESS; +} + +/* the context init function */ +static int entryuuid_init(struct ldb_module *module) +{ + int ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, NULL); + if (ret != LDB_SUCCESS) + return ret; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_zero(map_private, struct entryuuid_private); + map_private->caller_private = entryuuid_private; + + ret = find_base_dns(module, entryuuid_private); + + return ldb_next_init(module); +} + +/* the context init function */ +static int nsuniqueid_init(struct ldb_module *module) +{ + int ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); + if (ret != LDB_SUCCESS) + return ret; + + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_zero(map_private, struct entryuuid_private); + map_private->caller_private = entryuuid_private; + + ret = find_base_dns(module, entryuuid_private); + + return ldb_next_init(module); +} + +static int get_seq(struct ldb_context *ldb, void *context, + struct ldb_reply *ares) +{ + unsigned long long *max_seq = (unsigned long long *)context; + unsigned long long seq; + if (ares->type == LDB_REPLY_ENTRY) { + struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); + if (el) { + seq = entryCSN_to_usn_int(ares, &el->values[0]); + *max_seq = MAX(seq, *max_seq); + } + } + + return LDB_SUCCESS; +} + +static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req) +{ + int i, ret; + struct map_private *map_private; + struct entryuuid_private *entryuuid_private; + unsigned long long max_seq = 0; + struct ldb_request *search_req; + map_private = talloc_get_type(module->private_data, struct map_private); + + entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private); + + /* Search the baseDNs for a sequence number */ + for (i=0; entryuuid_private && + entryuuid_private->base_dns && + entryuuid_private->base_dns[i]; + i++) { + static const char *contextCSN_attr[] = { + "contextCSN", NULL + }; + search_req = talloc(req, struct ldb_request); + if (search_req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->operation = LDB_SEARCH; + search_req->op.search.base = entryuuid_private->base_dns[i]; + search_req->op.search.scope = LDB_SCOPE_BASE; + + search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); + if (search_req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); + talloc_free(search_req); + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->op.search.attrs = contextCSN_attr; + search_req->controls = NULL; + search_req->context = &max_seq; + search_req->callback = get_seq; + ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ + + ret = ldb_next_request(module, search_req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); + } + + talloc_free(search_req); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + switch (req->op.seq_num.type) { + case LDB_SEQ_HIGHEST_SEQ: + req->op.seq_num.seq_num = max_seq; + break; + case LDB_SEQ_NEXT: + req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num++; + break; + case LDB_SEQ_HIGHEST_TIMESTAMP: + { + req->op.seq_num.seq_num = (max_seq >> 24); + break; + } + } + req->op.seq_num.flags = 0; + req->op.seq_num.flags |= LDB_SEQ_TIMESTAMP_SEQUENCE; + req->op.seq_num.flags |= LDB_SEQ_GLOBAL_SEQUENCE; + return LDB_SUCCESS; +} + +static struct ldb_module_ops entryuuid_ops = { + .name = "entryuuid", + .init_context = entryuuid_init, + .sequence_number = entryuuid_sequence_number +}; + +static struct ldb_module_ops nsuniqueid_ops = { + .name = "nsuniqueid", + .init_context = nsuniqueid_init, + .sequence_number = entryuuid_sequence_number +}; + +/* the init function */ +int ldb_simple_ldap_map_module_init(void) +{ + int ret; + struct ldb_module_ops ops = ldb_map_get_ops(); + entryuuid_ops.add = ops.add; + entryuuid_ops.modify = ops.modify; + entryuuid_ops.del = ops.del; + entryuuid_ops.rename = ops.rename; + entryuuid_ops.search = ops.search; + entryuuid_ops.wait = ops.wait; + ret = ldb_register_module(&entryuuid_ops); + + if (ret) { + return ret; + } + + nsuniqueid_ops.add = ops.add; + nsuniqueid_ops.modify = ops.modify; + nsuniqueid_ops.del = ops.del; + nsuniqueid_ops.rename = ops.rename; + nsuniqueid_ops.search = ops.search; + nsuniqueid_ops.wait = ops.wait; + ret = ldb_register_module(&nsuniqueid_ops); + + return ret; +} -- cgit From 470043bf7ae038e590a011e90bbf610c76d53767 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Nov 2007 04:43:20 +0100 Subject: r26140: Add a new test for searches by distinguieshedName and dn, and implement these in the simple ldap mapping module. We still don't pass this test, because we must get linked attributes into OpenLDAP. Andrew Bartlett (This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 2b8b07f0b4..7efcccc9ff 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -375,6 +375,15 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, + { + .local_name = "dn", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, { .local_name = "groupType", .type = MAP_CONVERT, @@ -524,6 +533,15 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, + { + .local_name = "dn", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "entryDN" + } + } + }, { .local_name = "groupType", .type = MAP_CONVERT, -- cgit From 3e75f222bcdf114238cc4f2bcc61332dc059135f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:42 +0100 Subject: r26539: Remove unnecessary statics. (This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 7efcccc9ff..a5a3ba6aef 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -752,7 +752,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque entryuuid_private->base_dns && entryuuid_private->base_dns[i]; i++) { - static const char *contextCSN_attr[] = { + const char *contextCSN_attr[] = { "contextCSN", NULL }; search_req = talloc(req, struct ldb_request); -- cgit From 0500b87092540d300b4e021a0fb95ce16a44fbd2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 20 Dec 2007 00:02:15 +0100 Subject: r26540: Revert my previous commit after concerns raised by Andrew. (This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index a5a3ba6aef..7efcccc9ff 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -752,7 +752,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque entryuuid_private->base_dns && entryuuid_private->base_dns[i]; i++) { - const char *contextCSN_attr[] = { + static const char *contextCSN_attr[] = { "contextCSN", NULL }; search_req = talloc(req, struct ldb_request); -- cgit From 86dc05e99f124db47f2743d1fc23117a7f5145ab Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:05 -0600 Subject: r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 7efcccc9ff..070ce6ae69 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -49,7 +49,7 @@ static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, co if (!NT_STATUS_IS_OK(status)) { return out; } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; @@ -93,7 +93,7 @@ static struct ldb_val encode_ns_guid(struct ldb_module *module, TALLOC_CTX *ctx, if (!NT_STATUS_IS_OK(status)) { return out; } - ndr_err = ndr_push_struct_blob(&out, ctx, &guid, + ndr_err = ndr_push_struct_blob(&out, ctx, NULL, &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return out; -- cgit From 7d5f0e0893d42b56145a3ffa34e3b4b9906cbd91 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 1 Jan 2008 22:05:13 -0600 Subject: r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 070ce6ae69..91001d43d7 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -71,7 +71,7 @@ static struct ldb_val guid_always_string(struct ldb_module *module, TALLOC_CTX * if (guid == NULL) { return out; } - ndr_err = ndr_pull_struct_blob(val, guid, guid, + ndr_err = ndr_pull_struct_blob(val, guid, NULL, guid, (ndr_pull_flags_fn_t)ndr_pull_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid); @@ -116,7 +116,7 @@ static struct ldb_val guid_ns_string(struct ldb_module *module, TALLOC_CTX *ctx, if (guid_p == NULL) { return out; } - ndr_err = ndr_pull_struct_blob(val, guid_p, guid_p, + ndr_err = ndr_pull_struct_blob(val, guid_p, NULL, guid_p, (ndr_pull_flags_fn_t)ndr_pull_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(guid_p); -- cgit From ac4810f1bb8984971a98d30c6a3b0b29367d1e2e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2008 15:19:27 +1100 Subject: Remove 'dn' from mapping, it isn't a valid attribute in AD, and causes problems with ldap.js test with OpenLDAP as the backend. Likewise, remove it from the template lookup (for consistancy). TODO: see if it can be removed from ldb Andrew Bartlett (This used to be commit 47a1b76f7fff30229d3f23c6723f047923faf196) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 91001d43d7..970106787b 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -375,15 +375,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, - { - .local_name = "dn", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, { .local_name = "groupType", .type = MAP_CONVERT, @@ -533,15 +524,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, - { - .local_name = "dn", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "entryDN" - } - } - }, { .local_name = "groupType", .type = MAP_CONVERT, -- cgit From d5fd15005c0cad9e9018e81ab5c30b87cb2f605a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 08:53:18 +1100 Subject: ldb_map objectClass munging: Don't hard-code 'extensibleObject'. This allows objectClass munging to be removed, or modified to not include adding an objectClass, or for that objectClass to be something different. Andrew Bartlett (This used to be commit ee93b4e2ee1dd1cd38bcf14b2bb62556a13cec4a) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 970106787b..6e66d0783a 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -667,7 +667,7 @@ static int entryuuid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, NULL); + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; @@ -688,7 +688,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From f106e67599a02426d5eaf87e9d76bec486427add Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:27:05 +1100 Subject: Search for memberOf when clients ask for a wildcard against OpenLDAP The memberOf module in OpenLDAP make this attribute operational, so we need to add it here or clients won't get it when using *. Andrew Bartlett (This used to be commit 35148fd51f22d81fe9f590b7d6f13285c35656a7) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 6e66d0783a..acf2fd622c 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -448,6 +448,7 @@ static const char * const entryuuid_wildcard_attributes[] = { "whenChanged", "usnCreated", "usnChanged", + "memberOf", NULL }; -- cgit From 16109a40c0abd8c30a5eb9bf9ef692bfae9dfc7d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Feb 2008 01:54:32 +0100 Subject: Use struct-based rather than function-based initialization for ldb modules everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 38 ++++-------------------- 1 file changed, 6 insertions(+), 32 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index acf2fd622c..dbb58856a0 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -793,42 +793,16 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque return LDB_SUCCESS; } -static struct ldb_module_ops entryuuid_ops = { +const struct ldb_module_ops ldb_entryuuid_module_ops = { .name = "entryuuid", .init_context = entryuuid_init, - .sequence_number = entryuuid_sequence_number + .sequence_number = entryuuid_sequence_number, + LDB_MAP_OPS }; -static struct ldb_module_ops nsuniqueid_ops = { +const struct ldb_module_ops ldb_nsuniqueid_module_ops = { .name = "nsuniqueid", .init_context = nsuniqueid_init, - .sequence_number = entryuuid_sequence_number + .sequence_number = entryuuid_sequence_number, + LDB_MAP_OPS }; - -/* the init function */ -int ldb_simple_ldap_map_module_init(void) -{ - int ret; - struct ldb_module_ops ops = ldb_map_get_ops(); - entryuuid_ops.add = ops.add; - entryuuid_ops.modify = ops.modify; - entryuuid_ops.del = ops.del; - entryuuid_ops.rename = ops.rename; - entryuuid_ops.search = ops.search; - entryuuid_ops.wait = ops.wait; - ret = ldb_register_module(&entryuuid_ops); - - if (ret) { - return ret; - } - - nsuniqueid_ops.add = ops.add; - nsuniqueid_ops.modify = ops.modify; - nsuniqueid_ops.del = ops.del; - nsuniqueid_ops.rename = ops.rename; - nsuniqueid_ops.search = ops.search; - nsuniqueid_ops.wait = ops.wait; - ret = ldb_register_module(&nsuniqueid_ops); - - return ret; -} -- cgit From 39a817d310964f8e9a63cfb096b3ad24fa03bd5e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Feb 2008 04:33:43 +0100 Subject: Fix use of some modules (needed _PUBLIC_). (This used to be commit ce332130ea77159832da23bab760fa26921719e2) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index dbb58856a0..3f4c19d285 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -793,14 +793,14 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque return LDB_SUCCESS; } -const struct ldb_module_ops ldb_entryuuid_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_entryuuid_module_ops = { .name = "entryuuid", .init_context = entryuuid_init, .sequence_number = entryuuid_sequence_number, LDB_MAP_OPS }; -const struct ldb_module_ops ldb_nsuniqueid_module_ops = { +_PUBLIC_ const struct ldb_module_ops ldb_nsuniqueid_module_ops = { .name = "nsuniqueid", .init_context = nsuniqueid_init, .sequence_number = entryuuid_sequence_number, -- cgit From 8a10979e6b5baaf9d4ef1703f056cdae6a81cf0e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Mar 2008 13:40:50 +1100 Subject: The DN in objectCategory should, if possible, be returned pretty... This avoids going via the canonicalise_fn(), which will upper case the DN Andrew Bartlett (This used to be commit cdff1b0802437d713652b89f4522d3cce97c30ec) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 3f4c19d285..91896d7247 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -153,9 +153,17 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c /* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { + struct ldb_dn *dn; struct ldb_val out = data_blob(NULL, 0); const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); + dn = ldb_dn_new(ctx, module->ldb, val->data); + if (dn && ldb_dn_is_valid(dn)) { + talloc_free(dn); + return val_copy(module, ctx, val); + } + talloc_free(dn); + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { return data_blob(NULL, 0); } -- cgit From b388f932ba14078697878567956c2f16ad8abc68 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 19 Jun 2008 18:06:35 +1000 Subject: Change detection of objectCategory short fomm To actually validate the DN, we load and call the validation fucntion, not just check the 'ldb_dn_is_valid()' function. Andrew Bartlett (This used to be commit 5fb5a4e13db3a03da414876efa717c3de44ca77c) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 91896d7247..101ca67dee 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -158,7 +158,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); dn = ldb_dn_new(ctx, module->ldb, val->data); - if (dn && ldb_dn_is_valid(dn)) { + if (dn && ldb_dn_validate(dn)) { talloc_free(dn); return val_copy(module, ctx, val); } -- cgit From a5e3c5e236794aef2ccc332449824f4e9a18b09d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 Jul 2008 17:54:43 +1000 Subject: Avoid the use of extensibleObject in ldap mapping backend. Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 101ca67dee..e5541ea255 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -676,7 +676,7 @@ static int entryuuid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; @@ -697,7 +697,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From 44ea6a26fd088f0f8c86817510ebe5a6cddf9158 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 12 Jul 2008 15:26:42 +1000 Subject: rename sambaPassword -> userPassword. This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index e5541ea255..05f11003c4 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -354,15 +354,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] = } } }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, { .local_name = "objectCategory", .type = MAP_CONVERT, @@ -504,15 +495,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, - { - .local_name = "sambaPassword", - .type = MAP_RENAME, - .u = { - .rename = { - .remote_name = "userPassword" - } - } - }, { .local_name = "objectCategory", .type = MAP_CONVERT, -- cgit From cc44b10c240e22a7db83c641a9015dad3ec2e0de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 20:26:04 +1000 Subject: Revert Fedrora DS backend to use extensibleObject. Until I create a samba4openldaptop and samba4fedoratop... Andrew Bartlett (This used to be commit 6e232c4ae6dc4151599ab4e57add2ec232d4ac13) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 05f11003c4..1830e8be7b 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -679,7 +679,7 @@ static int nsuniqueid_init(struct ldb_module *module) struct map_private *map_private; struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; -- cgit From c46afc8c447e3edb1dc81777700753b98aaa0f93 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 22:10:42 +1000 Subject: Simplify the contextCSN determination. We only ever have one backend partition per Samba partition. Andrew Bartlett (This used to be commit 316a9b312a2d4a4ea5a5c70946fb06b61fab1a7d) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 208 +++++++---------------- 1 file changed, 63 insertions(+), 145 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 05f11003c4..5da321b9e5 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -34,10 +34,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/ndr/libndr.h" - -struct entryuuid_private { - struct ldb_dn **base_dns; -}; +#include "dsdb/samdb/samdb.h" static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -579,96 +576,14 @@ static const char * const nsuniqueid_wildcard_attributes[] = { NULL }; -static int get_remote_rootdse(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - struct entryuuid_private *entryuuid_private; - entryuuid_private = talloc_get_type(context, - struct entryuuid_private); - if (ares->type == LDB_REPLY_ENTRY) { - int i; - struct ldb_message_element *el = ldb_msg_find_element(ares->message, "namingContexts"); - entryuuid_private->base_dns = talloc_realloc(entryuuid_private, entryuuid_private->base_dns, struct ldb_dn *, - el->num_values + 1); - for (i=0; i < el->num_values; i++) { - if (!entryuuid_private->base_dns) { - return LDB_ERR_OPERATIONS_ERROR; - } - entryuuid_private->base_dns[i] = ldb_dn_new(entryuuid_private->base_dns, ldb, (const char *)el->values[i].data); - if ( ! ldb_dn_validate(entryuuid_private->base_dns[i])) { - return LDB_ERR_OPERATIONS_ERROR; - } - } - entryuuid_private->base_dns[i] = NULL; - } - - return LDB_SUCCESS; -} - -static int find_base_dns(struct ldb_module *module, - struct entryuuid_private *entryuuid_private) -{ - int ret; - struct ldb_request *req; - const char *naming_context_attr[] = { - "namingContexts", - NULL - }; - req = talloc(entryuuid_private, struct ldb_request); - if (req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, module->ldb, NULL); - req->op.search.scope = LDB_SCOPE_BASE; - - req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); - if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(req); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->op.search.attrs = naming_context_attr; - req->controls = NULL; - req->context = entryuuid_private; - req->callback = get_remote_rootdse; - ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ - - ret = ldb_next_request(module, req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - } - - talloc_free(req); - if (ret != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} - /* the context init function */ static int entryuuid_init(struct ldb_module *module) { int ret; - struct map_private *map_private; - struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, entryuuid_attributes, entryuuid_objectclasses, entryuuid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; - map_private = talloc_get_type(module->private_data, struct map_private); - - entryuuid_private = talloc_zero(map_private, struct entryuuid_private); - map_private->caller_private = entryuuid_private; - - ret = find_base_dns(module, entryuuid_private); - return ldb_next_init(module); } @@ -676,33 +591,21 @@ static int entryuuid_init(struct ldb_module *module) static int nsuniqueid_init(struct ldb_module *module) { int ret; - struct map_private *map_private; - struct entryuuid_private *entryuuid_private; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "samba4Top", NULL); if (ret != LDB_SUCCESS) return ret; - map_private = talloc_get_type(module->private_data, struct map_private); - - entryuuid_private = talloc_zero(map_private, struct entryuuid_private); - map_private->caller_private = entryuuid_private; - - ret = find_base_dns(module, entryuuid_private); - return ldb_next_init(module); } static int get_seq(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { - unsigned long long *max_seq = (unsigned long long *)context; - unsigned long long seq; + unsigned long long *seq = (unsigned long long *)context; if (ares->type == LDB_REPLY_ENTRY) { struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); if (el) { - seq = entryCSN_to_usn_int(ares, &el->values[0]); - *max_seq = MAX(seq, *max_seq); + *seq = entryCSN_to_usn_int(ares, &el->values[0]); } } @@ -711,69 +614,84 @@ static int get_seq(struct ldb_context *ldb, void *context, static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_request *req) { - int i, ret; + int ret; struct map_private *map_private; struct entryuuid_private *entryuuid_private; - unsigned long long max_seq = 0; + unsigned long long seq = 0; struct ldb_request *search_req; + + const struct ldb_control *partition_ctrl; + const struct dsdb_control_current_partition *partition; + + static const char *contextCSN_attr[] = { + "contextCSN", NULL + }; + map_private = talloc_get_type(module->private_data, struct map_private); entryuuid_private = talloc_get_type(map_private->caller_private, struct entryuuid_private); - /* Search the baseDNs for a sequence number */ - for (i=0; entryuuid_private && - entryuuid_private->base_dns && - entryuuid_private->base_dns[i]; - i++) { - static const char *contextCSN_attr[] = { - "contextCSN", NULL - }; - search_req = talloc(req, struct ldb_request); - if (search_req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->operation = LDB_SEARCH; - search_req->op.search.base = entryuuid_private->base_dns[i]; - search_req->op.search.scope = LDB_SCOPE_BASE; - - search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); - if (search_req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(search_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->op.search.attrs = contextCSN_attr; - search_req->controls = NULL; - search_req->context = &max_seq; - search_req->callback = get_seq; - ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ - - ret = ldb_next_request(module, search_req); - - if (ret == LDB_SUCCESS) { - ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); - } - + /* All this to get the DN of the parition, so we can search the right thing */ + partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); + if (!partition_ctrl) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "instancetype_add: no current partition control found"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + partition = talloc_get_type(partition_ctrl->data, + struct dsdb_control_current_partition); + SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); + + search_req = talloc(req, struct ldb_request); + if (search_req == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Finally, we have it. This saves searching over more + * partitions than we expose to the client, such as a cn=samba + * configuration partition */ + + search_req->operation = LDB_SEARCH; + search_req->op.search.base = partition->dn; + search_req->op.search.scope = LDB_SCOPE_BASE; + + search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); + if (search_req->op.search.tree == NULL) { + ldb_set_errstring(module->ldb, "Unable to parse search expression"); talloc_free(search_req); - if (ret != LDB_SUCCESS) { - return ret; - } + return LDB_ERR_OPERATIONS_ERROR; + } + + search_req->op.search.attrs = contextCSN_attr; + search_req->controls = NULL; + search_req->context = &seq; + search_req->callback = get_seq; + ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ + + ret = ldb_next_request(module, search_req); + + if (ret == LDB_SUCCESS) { + ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); + } + + talloc_free(search_req); + if (ret != LDB_SUCCESS) { + return ret; } switch (req->op.seq_num.type) { case LDB_SEQ_HIGHEST_SEQ: - req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num = seq; break; case LDB_SEQ_NEXT: - req->op.seq_num.seq_num = max_seq; + req->op.seq_num.seq_num = seq; req->op.seq_num.seq_num++; break; case LDB_SEQ_HIGHEST_TIMESTAMP: { - req->op.seq_num.seq_num = (max_seq >> 24); + req->op.seq_num.seq_num = (seq >> 24); break; } } -- cgit From 4ad97a1d0593b3401a352407009a99ead23f21f2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 19:24:58 +1000 Subject: Don't walk past the end of ldb values. This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2) --- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb/ldb_modules/simple_ldap_map.c') diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 6e967aab2f..8f92995145 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -154,7 +154,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC struct ldb_val out = data_blob(NULL, 0); const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory"); - dn = ldb_dn_new(ctx, module->ldb, val->data); + dn = ldb_dn_from_ldb_val(ctx, module->ldb, val); if (dn && ldb_dn_validate(dn)) { talloc_free(dn); return val_copy(module, ctx, val); -- cgit