From 05db3024ba6a8cd0b3182595f4f6f2f1f0987e44 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 1 Sep 2005 00:37:52 +0000
Subject: r9854: Finish ldb_map testsuite Update PLAN Some more small other
 fixes (This used to be commit de2bde2526ffaf521253e3b9e58fc11417986321)

---
 source4/lib/ldb/modules/ldb_map.c  | 25 +++++-----
 source4/lib/samba3/PLAN            |  4 +-
 source4/lib/samba3/samba3.h        |  1 -
 source4/lib/samba3/smbpasswd.c     |  5 +-
 source4/scripting/libjs/upgrade.js | 97 +++++++++++++++++++++++++++++++-------
 5 files changed, 98 insertions(+), 34 deletions(-)

(limited to 'source4')

diff --git a/source4/lib/ldb/modules/ldb_map.c b/source4/lib/ldb/modules/ldb_map.c
index 513e065f2e..de7a00ef60 100644
--- a/source4/lib/ldb/modules/ldb_map.c
+++ b/source4/lib/ldb/modules/ldb_map.c
@@ -27,11 +27,15 @@
 #include "ldb/include/ldb_private.h"
 #include "ldb/modules/ldb_map.h"
 
-/* TODO:
- *  - objectclass hint in ldb_map_attribute 
- *     for use when multiple remote attributes (independant of each other)
- *     map to one local attribute. E.g.: (uid, gidNumber) -> unixName
- *     (use MAP_GENERATE instead ?) 
+/* 
+ *  - map_message_outgoing() should:
+ *   - modify: not worry about anything simply map and hope everything 
+ *     will be ok.
+ *   - make a list of remote objectclasses that will be used 
+ *     given the attributes that are available
+ *   - only add attribute to the remote message if 
+ *     it is allowed by the objectclass
+ *
  */
 
 /*
@@ -701,10 +705,6 @@ static int ldb_map_message_outgoing(struct ldb_module *module, const struct ldb_
 	}
 
 	if ((*fb)->num_elements == 0) {
-		/* No elements, discard.. */
-		talloc_free(*fb);
-		*fb = NULL;
-	} else {
 		ldb_msg_add_string(module->ldb, *fb, "isMapped", "TRUE");
 	}
 
@@ -727,8 +727,8 @@ static int map_rename(struct ldb_module *module, const struct ldb_dn *olddn, con
 	struct ldb_dn *n_olddn, *n_newdn;
 	int ret;
 
-	ret = ldb_next_rename_record(module, olddn, newdn);
-	
+	ret = ldb_next_rename_record(module, n_olddn, n_newdn);
+
 	n_olddn = map_local_dn(module, module, olddn);
 	n_newdn = map_local_dn(module, module, newdn);
 
@@ -753,7 +753,7 @@ static int map_delete(struct ldb_module *module, const struct ldb_dn *dn)
 	
 	newdn = map_local_dn(module, module, dn);
 
-	ret = ldb_delete(privdat->mapped_ldb, newdn);
+	ldb_delete(privdat->mapped_ldb, newdn);
 
 	talloc_free(newdn);
 
@@ -996,7 +996,6 @@ static int map_modify(struct ldb_module *module, const struct ldb_message *msg)
 
 	if (!map_is_mappable(privdat, msg))
 		return ldb_next_modify_record(module, msg);
-		
 
 	if (ldb_map_message_outgoing(module, msg, &fb, &mp) == -1)
 		return -1;
diff --git a/source4/lib/samba3/PLAN b/source4/lib/samba3/PLAN
index 47b5edd408..80885a4ec7 100644
--- a/source4/lib/samba3/PLAN
+++ b/source4/lib/samba3/PLAN
@@ -1,2 +1,4 @@
 TODO (SoC project):
- - finish ldb_map testsuite
+ - [ldb_map] some more strict checking when sending data to an LDAP server
+ - [ldb_map] fix rename
+ - fix ntPwdHash / lmPwdHash bug
diff --git a/source4/lib/samba3/samba3.h b/source4/lib/samba3/samba3.h
index f0f4c99513..a5f60bf1c2 100644
--- a/source4/lib/samba3/samba3.h
+++ b/source4/lib/samba3/samba3.h
@@ -45,7 +45,6 @@ struct samba3_samaccount {
 	char *profile_path;
 	char *acct_desc;
 	char *workstations;
-	uid_t uid;
 	uint32_t user_rid, group_rid, hours_len, unknown_6;
 	uint16_t acct_ctrl, logon_divs;
 	uint16_t bad_password_count, logon_count;
diff --git a/source4/lib/samba3/smbpasswd.c b/source4/lib/samba3/smbpasswd.c
index fe0780c8d3..baddb82545 100644
--- a/source4/lib/samba3/smbpasswd.c
+++ b/source4/lib/samba3/smbpasswd.c
@@ -228,6 +228,7 @@ NTSTATUS samba3_read_smbpasswd(const char *filename, TALLOC_CTX *ctx, struct sam
 
 	for (i = 0; i < numlines; i++) {
 		char *p = lines[i], *q;
+		uid_t uid;
 		struct samba3_samaccount *acc = &((*accounts)[*count]);
 
 		if (p[0] == '\0' || p[0] == '#')
@@ -244,7 +245,9 @@ NTSTATUS samba3_read_smbpasswd(const char *filename, TALLOC_CTX *ctx, struct sam
 		acc->username = talloc_strndup(ctx, p, PTR_DIFF(q, p));
 		p = q+1;
 
-		acc->uid = atoi(p);
+		uid = atoi(p);
+		
+		/* uid is ignored here.. */
 
 		q = strchr(p, ':');
 		if (!q) {
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
index ac7e445330..45e6884e9f 100644
--- a/source4/scripting/libjs/upgrade.js
+++ b/source4/scripting/libjs/upgrade.js
@@ -94,20 +94,40 @@ samba3RefuseMachinePwdChange: %d
 	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time, 
 	samba3.policy.refuse_machine_password_change
 );
-
+	
 	return ldif;
 }
 
-function upgrade_sam_account(acc,domaindn)
+function upgrade_sam_account(ldb,acc,domaindn,domainsid)
 {
-	var ldb = ldb_init();
+	if (acc.nt_username == undefined) {
+		acc.nt_username = acc.username;
+	}	
+
+	if (acc.nt_username == "") {
+		acc.nt_username = acc.username;
+	}	
+
+	if (acc.fullname == undefined) {
+		var pw = nss.getpwnam(acc.fullname);
+		acc.fullname = pw.pw_gecos;
+	}
+
+	var pts = split(',', acc.fullname);
+	acc.fullname = pts[0];
+	
+	assert(acc.fullname != undefined);
+	assert(acc.nt_username != undefined);
+
 	var ldif = sprintf(
 "dn: cn=%s,%s
+objectClass: top
 objectClass: user
 lastLogon: %d
 lastLogoff: %d
 unixName: %s
 name: %s
+sAMAccountName: %s
 cn: %s
 description: %s
 primaryGroupID: %d
@@ -125,15 +145,16 @@ samba3BadPwdTime: %d
 samba3PassLastSetTime: %d
 samba3PassCanChangeTime: %d
 samba3PassMustChangeTime: %d
-samba3Rid: %d
+objectSid: %s-%d
 ntPwdHash:: %s
 lmPwdHash:: %s
 
-", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, 
+", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
+
 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
+acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
 	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); 
 
 	return ldif;
@@ -141,6 +162,33 @@ acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc
 
 function upgrade_sam_group(grp,domaindn)
 {
+	var nss = nss_init();
+
+	var gr;
+	if (grp.sid_name_use == 5) { // Well-known group
+		return undefined;
+	}
+
+	if (grp.nt_name == "Domain Guests" ||
+	    grp.nt_name == "Domain Users" ||
+	    grp.nt_name == "Domain Admins") {
+		return undefined;
+	}
+	
+	if (grp.gid == -1) {
+		gr = nss.getgrnam(grp.nt_name);
+	} else {
+		gr = nss.getgrgid(grp.gid);
+	}
+
+	if (gr == undefined) {
+		grp.unixname = "UNKNOWN";
+	} else {
+		grp.unixname = gr.gr_name;
+	}
+
+	assert(grp.unixname != undefined);
+	
 	var ldif = sprintf(
 "dn: cn=%s,%s
 objectClass: top
@@ -148,10 +196,10 @@ objectClass: group
 description: %s
 cn: %s
 objectSid: %s
-unixName: FIXME
+unixName: %s
 samba3SidNameUse: %d
 ", grp.nt_name, domaindn, 
-grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
+grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use);
 
 	return ldif;
 }
@@ -421,9 +469,9 @@ function upgrade(subobj, samba3, message, paths)
 	message("Importing users\n");
 	for (var i in samba3.samaccounts) {
 		var msg = "... " + samba3.samaccounts[i].username;
-		var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
+		var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID);
 		ok = samdb.add(ldif);
-		if (!ok) { 
+		if (!ok && samdb.errstring() != "Record exists") { 
 			msg = msg + "... error: " + samdb.errstring();
 			ret = ret + 1; 
 		}
@@ -434,10 +482,12 @@ function upgrade(subobj, samba3, message, paths)
 	for (var i in samba3.groupmappings) {
 		var msg = "... " + samba3.groupmappings[i].nt_name;
 		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
-		ok = samdb.add(ldif);
-		if (!ok) { 
-			msg = msg + "... error: " + samdb.errstring();
-			ret = ret + 1; 
+		if (ldif != undefined) {
+			ok = samdb.add(ldif);
+			if (!ok && samdb.errstring() != "Record exists") { 
+				msg = msg + "... error: " + samdb.errstring();
+				ret = ret + 1; 
+			}
 		}
 		message(msg + "\n");
 	}
@@ -454,7 +504,7 @@ function upgrade(subobj, samba3, message, paths)
 		for (var j in ldif) {
 			var msg = "... ... " + j;
 			ok = regdb.add(ldif[j]);
-			if (!ok) { 
+			if (!ok && regdb.errstring() != "Record exists") { 
 				msg = msg + "... error: " + regdb.errstring();
 				ret = ret + 1; 
 			}
@@ -497,10 +547,16 @@ dn: @MAP=samba3sam
 		ok = samdb.add(ldif);
 		assert(ok);
 
-		ok = samdb.modify("dn: @MODULES
+		ok = samdb.modify("
+dn: @MODULES
+changetype: modify
 replace: @LIST
-@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
-		assert(ok);
+@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam
+");
+		if (!ok) {
+			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
+			ret = ret + 1;
+		}
 	}
 
 	return ret;
@@ -514,6 +570,11 @@ function upgrade_verify(subobj, samba3,paths,message)
 
 	var ok = samldb.connect(paths.samdb);
 	assert(ok);
+
+	for (var i in samba3.samaccounts) {
+		var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))");
+		assert(msg.length >= 1);
+	}
 	
 	// FIXME
 }
-- 
cgit