Author: abartlet Date: 2007-08-15 13:14:38 +0000 (Wed, 15 Aug 2007) New Revision: 24459
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24459 Log: Fix up ldap.js and test_ldb.sh to test the domain_scope control, and to test the behaviour of objectCategory=user searches. It turns out (thanks to a hint on http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps into objectCategory=CN=Person,... (by the defaultObjectCategory of that objectclass). Simplify the entryUUID module by using the fact that we now set the DN as the canoncical form of objectCategory. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c =================================================================== --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2007-08-15 10:30:44 UTC (rev 24458) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2007-08-15 13:14:38 UTC (rev 24459) @@ -36,7 +36,6 @@ #include "librpc/ndr/libndr.h" struct entryUUID_private { - struct ldb_result *objectclass_res; struct ldb_dn **base_dns; }; @@ -148,28 +147,17 @@ return out; } +/* Ensure we always convert objectCategory into a DN */ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { - int i; - struct map_private *map_private; - struct entryUUID_private *entryUUID_private; - struct ldb_result *list; + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectSid"); - if (ldb_dn_validate(ldb_dn_new(ctx, module->ldb, (const char *)val->data))) { - return *val; + if (a->syntax->canonicalise_fn(module->ldb, ctx, val, &out) != LDB_SUCCESS) { + return data_blob(NULL, 0); } - map_private = talloc_get_type(module->private_data, struct map_private); - entryUUID_private = talloc_get_type(map_private->caller_private, struct entryUUID_private); - list = entryUUID_private->objectclass_res; - - for (i=0; list && (i < list->count); i++) { - if (ldb_attr_cmp((const char *)val->data, ldb_msg_find_attr_as_string(list->msgs[i], "lDAPDisplayName", NULL)) == 0) { - char *dn = ldb_dn_alloc_linearized(ctx, list->msgs[i]->dn); - return data_blob_string_const(dn); - } - } - return *val; + return out; } static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) @@ -588,70 +576,6 @@ NULL }; -static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) -{ - const char *rootdse_attrs[] = {"schemaNamingContext", NULL}; - struct ldb_dn *schema_dn; - struct ldb_dn *basedn = ldb_dn_new(mem_ctx, ldb, NULL); - struct ldb_result *rootdse_res; - int ldb_ret; - if (!basedn) { - return NULL; - } - - /* Search for rootdse */ - ldb_ret = ldb_search(ldb, basedn, LDB_SCOPE_BASE, NULL, rootdse_attrs, &rootdse_res); - if (ldb_ret != LDB_SUCCESS) { - return NULL; - } - - talloc_steal(mem_ctx, rootdse_res); - - if (rootdse_res->count != 1) { - ldb_asprintf_errstring(ldb, "Failed to find rootDSE: count %d", rootdse_res->count); - return NULL; - } - - /* Locate schema */ - schema_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, rootdse_res->msgs[0], "schemaNamingContext"); - if (!schema_dn) { - return NULL; - } - - talloc_free(rootdse_res); - return schema_dn; -} - -static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, - TALLOC_CTX *mem_ctx, - struct ldb_result **objectclass_res) -{ - TALLOC_CTX *local_ctx = talloc_new(mem_ctx); - int ret; - const char *attrs[] = { - "lDAPDisplayName", - "governsID", - NULL - }; - - if (!local_ctx) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Downlaod schema */ - ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, - "objectClass=classSchema", - attrs, objectclass_res); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(mem_ctx, objectclass_res); - - return ret; -} - - static int get_remote_rootdse(struct ldb_context *ldb, void *context, struct ldb_reply *ares) { @@ -730,7 +654,6 @@ int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -741,19 +664,6 @@ entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); @@ -765,7 +675,6 @@ int ret; struct map_private *map_private; struct entryUUID_private *entryUUID_private; - struct ldb_dn *schema_dn; ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, NULL); if (ret != LDB_SUCCESS) @@ -776,19 +685,6 @@ entryUUID_private = talloc_zero(map_private, struct entryUUID_private); map_private->caller_private = entryUUID_private; - schema_dn = find_schema_dn(module->ldb, map_private); - if (!schema_dn) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - - ret = fetch_objectclass_schema(module->ldb, schema_dn, entryUUID_private, - &entryUUID_private->objectclass_res); - if (ret != LDB_SUCCESS) { - /* Perhaps no schema yet */ - return LDB_SUCCESS; - } - ret = find_base_dns(module, entryUUID_private); return ldb_next_init(module); Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c =================================================================== --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-08-15 10:30:44 UTC (rev 24458) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c 2007-08-15 13:14:38 UTC (rev 24459) @@ -318,9 +318,9 @@ ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory); } - if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) { + if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) { DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass); - ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd); + ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd); } } } Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c =================================================================== --- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2007-08-15 10:30:44 UTC (rev 24458) +++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2007-08-15 13:14:38 UTC (rev 24459) @@ -2,7 +2,7 @@ ldb database library - ldif handlers for Samba Copyright (C) Andrew Tridgell 2005 - Copyright (C) Andrew Bartlett 2006 + Copyright (C) Andrew Bartlett 2006-2007 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released ** under the LGPL @@ -309,24 +309,17 @@ if ( ! ldb_dn_validate(dn1)) { const char *lDAPDisplayName = talloc_strndup(mem_ctx, (char *)in->data, in->length); class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); - talloc_free(lDAPDisplayName); - } else if (ldb_dn_get_comp_num(dn1) >= 1 && ldb_attr_cmp(ldb_dn_get_rdn_name(dn1), "cn") == 0) { - const struct ldb_val *val = ldb_dn_get_rdn_val(dn1); - const char *cn = talloc_strndup(mem_ctx, (char *)val->data, val->length); - class = dsdb_class_by_cn(schema, cn); - talloc_free(cn); - } else { - talloc_free(dn1); - return -1; + if (class) { + struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, + class->defaultObjectCategory); + *out = data_blob_string_const(ldb_dn_get_casefold(dn)); + return LDB_SUCCESS; + } else { + *out = data_blob_talloc(mem_ctx, in->data, in->length); + return LDB_SUCCESS; + } } - talloc_free(dn1); - - if (!class) { - return -1; - } - - *out = data_blob_string_const(talloc_strdup(mem_ctx, class->lDAPDisplayName)); - + *out = data_blob_string_const(ldb_dn_get_casefold(dn1)); return LDB_SUCCESS; } @@ -341,9 +334,9 @@ ret2 = ldif_canonicalise_objectCategory(ldb, mem_ctx, v2, &v2_canon); if (ret1 == LDB_SUCCESS && ret2 == LDB_SUCCESS) { - return ldb_attr_cmp(v1_canon.data, v2_canon.data); + return data_blob_cmp(&v1_canon, &v2_canon); } else { - return strcasecmp(v1->data, v2->data); + return data_blob_cmp(v1, v2); } } Modified: branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh =================================================================== --- branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh 2007-08-15 10:30:44 UTC (rev 24458) +++ branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh 2007-08-15 13:14:38 UTC (rev 24459) @@ -77,6 +77,13 @@ failed=`expr $failed + 1` fi +echo "Test Domain scope Control" +nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=domain_scope:1 '(objectclass=user)' | grep sAMAccountName | wc -l` +if [ $nentries -lt 1 ]; then +echo "Extended Domain scope Control test returned 0 items" +failed=`expr $failed + 1` +fi + echo "Test Attribute Scope Query Control" nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b "CN=Administrators,CN=Builtin,$BASEDN" | grep sAMAccountName | wc -l` if [ $nentries -lt 1 ]; then Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js =================================================================== --- branches/SAMBA_4_0/testprogs/ejs/ldap.js 2007-08-15 10:30:44 UTC (rev 24458) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js 2007-08-15 13:14:38 UTC (rev 24459) @@ -439,7 +439,7 @@ // assert(res.msgs[0].userAccountControl == 4098); - var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "ntSecurityDescriptor"); + var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor"); println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"); var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs); if (res.error != 0 || res.msgs.length != 1) { @@ -457,8 +457,9 @@ assert(res.msgs[0].objectClass[3] == "user"); assert(res.msgs[0].objectGUID != undefined); assert(res.msgs[0].whenCreated != undefined); - assert(res.msgs[0].ntSecurityDescriptor != undefined); + assert(res.msgs[0].nTSecurityDescriptor != undefined); + ok = ldb.del(res.msgs[0].dn); if (ok.error != 0) { println(ok.errstr); @@ -575,7 +576,48 @@ assert(res.msgs[0].objectClass[0] == "top"); assert(res.msgs[0].objectClass[1] == "domain"); assert(res.msgs[0].objectClass[2] == "domainDNS"); + +// check enumeration + + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=person"); + var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=person with domain scope control"); + var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=user"); + var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=user with domain scope control"); + var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); + var attrs = new Array("cn"); + println("Testing ldb.search for objectCategory=group"); + var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + assert(res.msgs.length > 0); + + var attrs = new Array("cn"); + var controls = new Array("domain_scope:1"); + println("Testing ldb.search for objectCategory=group with domain scope control"); + var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls); + assert(res.error == 0); + assert(res.msgs.length > 0); + } function basedn_tests(ldb, gc_ldb)
