From bf01937549cd1ebaf327a709ecb104bfc0e0705c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 23 Oct 2009 22:59:48 -0500 Subject: s4:dsdb - Store SID as string in FDS. --- source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 24 ++++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 26 +++++++++++++++++++++--- 2 files changed, 45 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c index 6fbd0559db..cbbf8c6078 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c @@ -35,7 +35,9 @@ #include "ldb/include/ldb.h" #include "ldb/include/ldb_errors.h" #include "ldb/include/ldb_module.h" +#include "libcli/security/dom_sid.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_security.h" #include "librpc/ndr/libndr.h" #include "dsdb/samdb/samdb.h" @@ -278,9 +280,27 @@ static int handle_dereference_fds(struct ldb_dn *dn, /* Look for the objectSID */ - sidBlob = ldb_msg_find_ldb_val(&fake_msg, "objectSID"); + sidBlob = ldb_msg_find_ldb_val(&fake_msg, "sambaSID"); if (sidBlob) { - ldb_dn_set_extended_component(dn, "SID", sidBlob); + enum ndr_err_code ndr_err; + + struct ldb_val sid_blob; + struct dom_sid *sid; + + sid = dom_sid_parse_length(NULL, sidBlob); + + if (sid == NULL) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + + ndr_err = ndr_push_struct_blob(&sid_blob, NULL, NULL, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + talloc_free(sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + + ldb_dn_set_extended_component(dn, "SID", &sid_blob); } return LDB_SUCCESS; } diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index d923e55484..36104e7e3c 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -33,6 +33,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/ndr/libndr.h" #include "dsdb/samdb/samdb.h" +#include "../../../lib/ldb/include/ldb_handlers.h" struct entryuuid_private { struct ldb_context *ldb; @@ -122,6 +123,25 @@ static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *c return out; } +/* Ensure we always convert sids into string, so the backend doesn't have to know about both forms */ +static struct ldb_val sid_always_string(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct ldb_val out = data_blob(NULL, 0); + + if (ldif_comparision_objectSid_isString(val)) { + if (ldb_handler_copy(ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + } else { + if (ldif_write_objectSid(ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + } + return out; +} + /* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { @@ -470,9 +490,9 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = .type = LDB_MAP_CONVERT, .u = { .convert = { - .remote_name = "objectSid", - .convert_local = sid_always_binary, - .convert_remote = val_copy, + .remote_name = "sambaSID", + .convert_local = sid_always_string, + .convert_remote = sid_always_binary, } } }, -- cgit