svn commit: samba r24459 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules source/lib/ldb/samba testprogs/blackbox testprogs/ejs

abartlet at samba.org abartlet at samba.org
Wed Aug 15 13:14:40 GMT 2007


Author: abartlet
Date: 2007-08-15 13:14:38 +0000 (Wed, 15 Aug 2007)
New Revision: 24459

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24459

Log:
Fix up ldap.js and test_ldb.sh to test the domain_scope control, and
to test the behaviour of objectCategory=user searches.

It turns out (thanks to a hint on
http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps
into objectCategory=CN=Person,... (by the defaultObjectCategory of
that objectclass).

Simplify the entryUUID module by using the fact that we now set the DN
as the canoncical form of objectCategory.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
   branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c
   branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh
   branches/SAMBA_4_0/testprogs/ejs/ldap.js


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c	2007-08-15 10:30:44 UTC (rev 24458)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c	2007-08-15 13:14:38 UTC (rev 24459)
@@ -36,7 +36,6 @@
 #include "librpc/ndr/libndr.h"
 
 struct entryUUID_private {
-	struct ldb_result *objectclass_res;	
 	struct ldb_dn **base_dns;
 };
 
@@ -148,28 +147,17 @@
 	return out;
 }
 
+/* Ensure we always convert objectCategory into a DN */
 static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
 {
-	int i;
-	struct map_private *map_private;
-	struct entryUUID_private *entryUUID_private;
-	struct ldb_result *list;
+	struct ldb_val out = data_blob(NULL, 0);
+	const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid");
 
-	if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) {
-		return *val;
+	if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) {
+		return data_blob(NULL, 0);
 	}
-	map_private = talloc_get_type(module->private_data, struct map_private);
 
-	entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private);
-	list = entryUUID_private->objectclass_res;
-
-	for (i=0; list && (i < list->count); i++) {
-		if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) {
-			char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn);
-			return data_blob_string_const(dn);
-		}
-	}
-	return *val;
+	return out;
 }
 
 static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
@@ -588,70 +576,6 @@
 	NULL
 };
 
-static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) 
-{
-	const char *rootdse_attrs[] = {"schemaNamingContext", NULL};
-	struct ldb_dn *schema_dn;
-	struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL);
-	struct ldb_result *rootdse_res;
-	int ldb_ret;
-	if (!basedn) {
-		return NULL;
-	}
-	
-	/* Search for rootdse */
-	ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res);
-	if (ldb_ret != LDB_SUCCESS) {
-		return NULL;
-	}
-	
-	talloc_steal(mem_ctx, rootdse_res);
-
-	if (rootdse_res->count != 1) {
-		ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count);
-		return NULL;
-	}
-	
-	/* Locate schema */
-	schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext");
-	if (!schema_dn) {
-		return NULL;
-	}
-
-	talloc_free(rootdse_res);
-	return schema_dn;
-}
-
-static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn,
-			      TALLOC_CTX *mem_ctx, 
-			      struct ldb_result **objectclass_res)
-{
-	TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
-	int ret;
-	const char *attrs[] = {
-		"lDAPDisplayName",
-		"governsID",
-		NULL
-	};
-
-	if (!local_ctx) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-	
-	/* Downlaod schema */
-	ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, 
-			 "objectClass=classSchema", 
-			 attrs, objectclass_res);
-	if (ret != LDB_SUCCESS) {
-		return ret;
-	}
-
-	talloc_steal(mem_ctx, objectclass_res);
-
-	return ret;
-}
-
-
 static int get_remote_rootdse(struct ldb_context *ldb, void *context, 
 		       struct ldb_reply *ares) 
 {
@@ -730,7 +654,6 @@
         int ret;
 	struct map_private *map_private;
 	struct entryUUID_private *entryUUID_private;
-	struct ldb_dn *schema_dn;
 
 	ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL);
         if (ret != LDB_SUCCESS)
@@ -741,19 +664,6 @@
 	entryUUID_private = talloc_zero(map_private, struct entryUUID_private);
 	map_private->caller_private = entryUUID_private;
 
-	schema_dn = find_schema_dn(module->ldb, map_private);
-	if (!schema_dn) {
-		/* Perhaps no schema yet */
-		return LDB_SUCCESS;
-	}
-	
-	ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, 
-				       &entryUUID_private->objectclass_res);
-	if (ret != LDB_SUCCESS) {
-		/* Perhaps no schema yet */
-		return LDB_SUCCESS;
-	}	
-
 	ret = find_base_dns(module, entryUUID_private);
 
 	return ldb_next_init(module);
@@ -765,7 +675,6 @@
         int ret;
 	struct map_private *map_private;
 	struct entryUUID_private *entryUUID_private;
-	struct ldb_dn *schema_dn;
 
 	ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL);
         if (ret != LDB_SUCCESS)
@@ -776,19 +685,6 @@
 	entryUUID_private = talloc_zero(map_private, struct entryUUID_private);
 	map_private->caller_private = entryUUID_private;
 
-	schema_dn = find_schema_dn(module->ldb, map_private);
-	if (!schema_dn) {
-		/* Perhaps no schema yet */
-		return LDB_SUCCESS;
-	}
-	
-	ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, 
-				       &entryUUID_private->objectclass_res);
-	if (ret != LDB_SUCCESS) {
-		/* Perhaps no schema yet */
-		return LDB_SUCCESS;
-	}	
-
 	ret = find_base_dns(module, entryUUID_private);
 
 	return ldb_next_init(module);

Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c	2007-08-15 10:30:44 UTC (rev 24458)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c	2007-08-15 13:14:38 UTC (rev 24459)
@@ -318,9 +318,9 @@
 					ldb_msg_add_string(msg, "objectCategory", 
 							   objectclass->defaultObjectCategory);
 				}
-				if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) {
+				if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
 					DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass);
-					ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd);
+					ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
 				}
 			}
 		}

Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c	2007-08-15 10:30:44 UTC (rev 24458)
+++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c	2007-08-15 13:14:38 UTC (rev 24459)
@@ -2,7 +2,7 @@
    ldb database library - ldif handlers for Samba
 
    Copyright (C) Andrew Tridgell 2005
-   Copyright (C) Andrew Bartlett 2006
+   Copyright (C) Andrew Bartlett 2006-2007
      ** NOTE! The following LGPL license applies to the ldb
      ** library. This does NOT imply that all of Samba is released
      ** under the LGPL
@@ -309,24 +309,17 @@
 	if ( ! ldb_dn_validate(dn1)) {
 		const char *lDAPDisplayName = talloc_strndup(mem_ctx, (char *)in->data, in->length);
 		class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
-		talloc_free(lDAPDisplayName);
-	} else if (ldb_dn_get_comp_num(dn1) >= 1 && ldb_attr_cmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) {
-		const struct ldb_val *val = ldb_dn_get_rdn_val(dn1);
-		const char *cn = talloc_strndup(mem_ctx, (char *)val->data, val->length);
-		class = dsdb_class_by_cn(schema, cn);
-		talloc_free(cn);
-	} else {
-		talloc_free(dn1);
-		return -1;
+		if (class) {
+			struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,  
+						       class->defaultObjectCategory);
+			*out = data_blob_string_const(ldb_dn_get_casefold(dn));
+			return LDB_SUCCESS;
+		} else {
+			*out = data_blob_talloc(mem_ctx, in->data, in->length);
+			return LDB_SUCCESS;
+		}
 	}
-	talloc_free(dn1);
-
-	if (!class) {
-		return -1;
-	}
-	
-	*out = data_blob_string_const(talloc_strdup(mem_ctx, class->lDAPDisplayName));
-
+	*out = data_blob_string_const(ldb_dn_get_casefold(dn1));
 	return LDB_SUCCESS;
 }
 
@@ -341,9 +334,9 @@
 	ret2 = ldif_canonicalise_objectCategory(ldb, mem_ctx, v2, &v2_canon);
 
 	if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) {
-		return ldb_attr_cmp(v1_canon.data, v2_canon.data);
+		return data_blob_cmp(&v1_canon, &v2_canon);
 	} else {
-		return strcasecmp(v1->data, v2->data);
+		return data_blob_cmp(v1, v2);
 	}
 }
 

Modified: branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh
===================================================================
--- branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh	2007-08-15 10:30:44 UTC (rev 24458)
+++ branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh	2007-08-15 13:14:38 UTC (rev 24459)
@@ -77,6 +77,13 @@
 failed=`expr $failed + 1`
 fi
 
+echo "Test Domain scope Control"
+nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=domain_scope:1 '(objectclass=user)' | grep sAMAccountName | wc -l`
+if [ $nentries -lt 1 ]; then
+echo "Extended Domain scope Control test returned 0 items"
+failed=`expr $failed + 1`
+fi
+
 echo "Test Attribute Scope Query Control"
 nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b "CN=Administrators,CN=Builtin,$BASEDN" | grep sAMAccountName | wc -l`
 if [ $nentries -lt 1 ]; then

Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===================================================================
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js	2007-08-15 10:30:44 UTC (rev 24458)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js	2007-08-15 13:14:38 UTC (rev 24459)
@@ -439,7 +439,7 @@
 //	assert(res.msgs[0].userAccountControl == 4098);
 
 
-        var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "ntSecurityDescriptor");
+        var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor");
 	println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
 	var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs);
 	if (res.error != 0 || res.msgs.length != 1) {
@@ -457,8 +457,9 @@
 	assert(res.msgs[0].objectClass[3] == "user");
 	assert(res.msgs[0].objectGUID != undefined);
 	assert(res.msgs[0].whenCreated != undefined);
-	assert(res.msgs[0].ntSecurityDescriptor != undefined);
+	assert(res.msgs[0].nTSecurityDescriptor != undefined);
 
+
 	ok = ldb.del(res.msgs[0].dn);
 	if (ok.error != 0) {
 		println(ok.errstr);
@@ -575,7 +576,48 @@
 	assert(res.msgs[0].objectClass[0] == "top");
 	assert(res.msgs[0].objectClass[1] == "domain");
 	assert(res.msgs[0].objectClass[2] == "domainDNS");
+
+//  check enumeration
+
+ 	var attrs = new Array("cn");
+	println("Testing ldb.search for objectCategory=person");
+	var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
+
+ 	var attrs = new Array("cn");
+	var controls = new Array("domain_scope:1");
+	println("Testing ldb.search for objectCategory=person with domain scope control");
+	var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
+ 
+	var attrs = new Array("cn");
+	println("Testing ldb.search for objectCategory=user");
+	var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
+
+ 	var attrs = new Array("cn");
+	var controls = new Array("domain_scope:1");
+	println("Testing ldb.search for objectCategory=user with domain scope control");
+	var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
 	
+ 	var attrs = new Array("cn");
+	println("Testing ldb.search for objectCategory=group");
+	var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
+
+ 	var attrs = new Array("cn");
+	var controls = new Array("domain_scope:1");
+	println("Testing ldb.search for objectCategory=group with domain scope control");
+	var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
+	assert(res.error == 0);
+	assert(res.msgs.length > 0);
+	
 }
 
 function basedn_tests(ldb, gc_ldb)



More information about the samba-cvs mailing list