[SCM] Samba Shared Repository - branch master updated

Mon May 3 10:31:17 MDT 2010

The branch, master has been updated
       via  6dafd5f... s4/test: Implement tests for msDS-isRODC constructed attribute
       via  d308174... s4/rodc: Implement msDS-isRODC constructed attr
      from  a4e35df... s4:LogonGetDomainInfo - fix a potential crash source

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6dafd5f8c72ef48fdf6da73aab4da0dbd66a7b6f
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Mon May 3 18:12:45 2010 +0200

    s4/test: Implement tests for msDS-isRODC constructed attribute
    
    This attribute will be returned for objects with
    objectClass=nTDSDSA,server and computer

commit d3081741c9d3fa6536e9427d75697bdf2295aaed
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Wed Apr 28 17:02:55 2010 +0300

    s4/rodc: Implement msDS-isRODC constructed attr

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/util.c                   |   21 +++-
 source4/dsdb/samdb/ldb_modules/operational.c |  153 +++++++++++++++++++++++++-
 source4/lib/ldb/tests/python/ldap_schema.py  |   39 +++++++
 3 files changed, 206 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index e4e55fc..771d30a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2720,7 +2720,7 @@ int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1,
 /*
   see if a computer identified by its invocationId is a RODC
 */
-int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *invocationId, bool *is_rodc)
+int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *objectGUID, bool *is_rodc)
 {
 	/* 1) find the DN for this servers NTDSDSA object
 	   2) search for the msDS-isRODC attribute
@@ -2740,8 +2740,17 @@ int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *invocationId,
 	}
 
 	ret = dsdb_search(sam_ctx, tmp_ctx, &res, config_dn, LDB_SCOPE_SUBTREE, attrs,
-			  DSDB_SEARCH_ONE_ONLY, "invocationID=%s", GUID_string(tmp_ctx, invocationId));
+			  DSDB_SEARCH_ONE_ONLY, "objectGUID=%s", GUID_string(tmp_ctx, objectGUID));
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		*is_rodc = false;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
 	if (ret != LDB_SUCCESS) {
+		DEBUG(1,(("Failed to find our own NTDS Settings object by objectGUID=%s!\n"),
+			 GUID_string(tmp_ctx, objectGUID)));
 		talloc_free(tmp_ctx);
 		return ret;
 	}
@@ -2759,12 +2768,12 @@ int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *invocationId,
 */
 int samdb_rodc(struct ldb_context *sam_ctx, bool *am_rodc)
 {
-	const struct GUID *invocationId;
-	invocationId = samdb_ntds_invocation_id(sam_ctx);
-	if (!invocationId) {
+	const struct GUID *objectGUID;
+	objectGUID = samdb_ntds_objectGUID(sam_ctx);
+	if (!objectGUID) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	return samdb_is_rodc(sam_ctx, invocationId, am_rodc);
+	return samdb_is_rodc(sam_ctx, objectGUID, am_rodc);
 }
 
 
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 94fe411..bc2afa2 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -287,6 +287,156 @@ static int construct_subschema_subentry(struct ldb_module *module,
 }
 
 
+static int construct_msds_isrodc_with_dn(struct ldb_module *module,
+					 struct ldb_message *msg,
+					 struct ldb_message_element *object_category)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	const struct ldb_val *val;
+
+	ldb = ldb_module_get_ctx(module);
+	if (!ldb) {
+		DEBUG(4, (__location__ ": Failed to get ldb \n"));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	dn = ldb_dn_new(msg, ldb, (const char *)object_category->values[0].data);
+	if (!dn) {
+		DEBUG(4, (__location__ ": Failed to create dn from %s \n",
+			  (const char *)object_category->values[0].data));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	val = ldb_dn_get_rdn_val(dn);
+	if (!val) {
+		DEBUG(4, (__location__ ": Failed to get rdn val from %s \n",
+			  ldb_dn_get_linearized(dn)));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (strequal((const char *)val->data, "NTDS-DSA")) {
+		ldb_msg_add_string(msg, "msDS-isRODC", "FALSE");
+	} else {
+		ldb_msg_add_string(msg, "msDS-isRODC", "TRUE");
+	}
+	return LDB_SUCCESS;
+}
+
+static int construct_msds_isrodc_with_server_dn(struct ldb_module *module,
+						struct ldb_message *msg,
+						struct ldb_dn *dn)
+{
+	struct ldb_dn *server_dn;
+	const char *attr_obj_cat[] = { "objectCategory", NULL };
+	struct ldb_result *res;
+	struct ldb_message_element *object_category;
+	int ret;
+
+	server_dn = ldb_dn_copy(msg, dn);
+	if (!ldb_dn_add_child_fmt(server_dn, "CN=NTDS Settings")) {
+		DEBUG(4, (__location__ ": Failed to add child to %s \n",
+			  ldb_dn_get_linearized(server_dn)));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_module_search_dn(module, msg, &res, server_dn, attr_obj_cat, 0);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
+					 ldb_dn_get_linearized(server_dn)));
+		return LDB_SUCCESS;
+	} else if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	object_category = ldb_msg_find_element(res->msgs[0], "objectCategory");
+	if (!object_category) {
+		DEBUG(4,(__location__ ": Can't find objectCategory for %s \n",
+			 ldb_dn_get_linearized(res->msgs[0]->dn)));
+		return LDB_SUCCESS;
+	}
+	return construct_msds_isrodc_with_dn(module, msg, object_category);
+}
+
+static int construct_msds_isrodc_with_computer_dn(struct ldb_module *module,
+						  struct ldb_message *msg)
+{
+	struct ldb_context *ldb;
+	const char *attr[] = { "serverReferenceBL", NULL };
+	struct ldb_result *res;
+	int ret;
+	struct ldb_dn *server_dn;
+
+	ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attr, 0);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(4,(__location__ ": Can't get serverReferenceBL for %s \n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return LDB_SUCCESS;
+	} else if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	if (!ldb) {
+		return LDB_SUCCESS;
+	}
+
+	server_dn = ldb_msg_find_attr_as_dn(ldb, msg, res->msgs[0], "serverReferenceBL");
+	if (!server_dn) {
+		DEBUG(4,(__location__ ": Can't find serverReferenceBL for %s \n",
+			 ldb_dn_get_linearized(res->msgs[0]->dn)));
+		return LDB_SUCCESS;
+	}
+	return construct_msds_isrodc_with_server_dn(module, msg, server_dn);
+}
+
+/*
+  construct msDS-isRODC attr
+*/
+static int construct_msds_isrodc(struct ldb_module *module, struct ldb_message *msg)
+{
+	struct ldb_message_element * object_class;
+	struct ldb_message_element * object_category;
+	unsigned int i;
+
+	object_class = ldb_msg_find_element(msg, "objectClass");
+	if (!object_class) {
+		DEBUG(4,(__location__ ": Can't get objectClass for %s \n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	for (i=0; i<object_class->num_values; i++) {
+		if (strequal((const char*)object_class->values[i].data, "nTDSDSA")) {
+			/* If TO!objectCategory  equals the DN of the classSchema  object for the nTDSDSA
+			 * object class, then TO!msDS-isRODC  is false. Otherwise, TO!msDS-isRODC  is true.
+			 */
+			object_category = ldb_msg_find_element(msg, "objectCategory");
+			if (!object_category) {
+				DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
+					 ldb_dn_get_linearized(msg->dn)));
+				return LDB_SUCCESS;
+			}
+			return construct_msds_isrodc_with_dn(module, msg, object_category);
+		}
+		if (strequal((const char*)object_class->values[i].data, "server")) {
+			/* Let TN be the nTDSDSA  object whose DN is "CN=NTDS Settings," prepended to
+			 * the DN of TO. Apply the previous rule for the "TO is an nTDSDSA  object" case,
+			 * substituting TN for TO.
+			 */
+			return construct_msds_isrodc_with_server_dn(module, msg, msg->dn);
+		}
+		if (strequal((const char*)object_class->values[i].data, "computer")) {
+			/* Let TS be the server  object named by TO!serverReferenceBL. Apply the previous
+			 * rule for the "TO is a server  object" case, substituting TS for TO.
+			 */
+			return construct_msds_isrodc_with_computer_dn(module, msg);
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
 /*
   a list of attribute names that should be substituted in the parse
   tree before the search is done
@@ -317,7 +467,8 @@ static const struct {
 	{ "primaryGroupToken", "objectClass", "objectSid", construct_primary_group_token },
 	{ "tokenGroups", "objectSid", "primaryGroupID", construct_token_groups },
 	{ "parentGUID", NULL, NULL, construct_parent_guid },
-	{ "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry }
+	{ "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry },
+	{ "msDS-isRODC", "objectClass", "objectCategory", construct_msds_isrodc }
 };
 
 
diff --git a/source4/lib/ldb/tests/python/ldap_schema.py b/source4/lib/ldb/tests/python/ldap_schema.py
index 932ef46..ceebe11 100755
--- a/source4/lib/ldb/tests/python/ldap_schema.py
+++ b/source4/lib/ldb/tests/python/ldap_schema.py
@@ -481,6 +481,42 @@ systemOnly: FALSE
             else:
                 self.assertTrue("msDS-IntId" not in ldb_msg)
 
+class SchemaTests_msDS_isRODC(unittest.TestCase):
+
+    def setUp(self):
+        self.ldb = ldb
+        res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+        self.assertEquals(len(res), 1)
+        self.base_dn = res[0]["defaultNamingContext"][0]
+
+    def test_objectClass_ntdsdsa(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=nTDSDSA",
+                              attrs=["msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            self.assertTrue("msDS-isRODC" in ldb_msg)
+
+    def test_objectClass_server(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=server",
+                              attrs=["msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            ntds_search_dn = "CN=NTDS Settings,%s" % ldb_msg['dn']
+            try:
+                res_check = self.ldb.search(ntds_search_dn, attrs=["objectCategory"])
+            except LdbError, (num, _):
+                self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+                print("Server entry %s doesn't have a NTDS settings object" % res[0]['dn'])
+            else:
+                self.assertTrue("objectCategory" in res_check[0])
+                self.assertTrue("msDS-isRODC" in ldb_msg)
+
+    def test_objectClass_computer(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=computer",
+                              attrs=["serverReferenceBL","msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            if "serverReferenceBL" not in ldb_msg:
+                print("Computer entry %s doesn't have a serverReferenceBL attribute" % ldb_msg['dn'])
+            else:
+                self.assertTrue("msDS-isRODC" in ldb_msg)
 
 if not "://" in host:
     if os.path.isfile(host):
@@ -506,4 +542,7 @@ if not runner.run(unittest.makeSuite(SchemaTests)).wasSuccessful():
     rc = 1
 if not runner.run(unittest.makeSuite(SchemaTests_msDS_IntId)).wasSuccessful():
     rc = 1
+if not runner.run(unittest.makeSuite(SchemaTests_msDS_isRODC)).wasSuccessful():
+    rc = 1
+
 sys.exit(rc)


-- 
Samba Shared Repository
