[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Wed Dec 9 00:18:41 MST 2009
The branch, master has been updated
via 0fca76e... s4-dsdb: added dsdb_functional_level() helper function
via 732c701... s4-drs: ensure we fill in ncRoot_dn in getncchanges
via 16eb25b... s4-drs: use parentGUID attribute in getncchanges
via 4bb2958... s4-ldb: fixed nested searches inside ldb modules
via e5a478d... s4-ldb: added a missing ltdb_unlock_read()
via 3397671... s4-dsdb: use dsdb_module_search_dn in repl_meta_data
via 707cd30... s4-dsdb: fixed steal of parentGUID for empty msg
from f772329... s3: Give the user a chance to change password when password will expire soon.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0fca76e5775e46dd69153eee93e92b1937df29b5
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 15:18:37 2009 +1100
s4-dsdb: added dsdb_functional_level() helper function
commit 732c701c52932419e602adfe726dee89d89549d3
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:39:05 2009 +1100
s4-drs: ensure we fill in ncRoot_dn in getncchanges
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 16eb25b35b1a2bf9d7e96db26c8a379d15adc106
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:38:25 2009 +1100
s4-drs: use parentGUID attribute in getncchanges
Now that parentGUID is reliable again, use it instead
of building our own
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 4bb2958f16cc6af43d113528407d53f0d78b0486
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:37:26 2009 +1100
s4-ldb: fixed nested searches inside ldb modules
We need to keep a search count in ltdb to allow for nesting
of searches inside a module
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit e5a478d3a23c1d9bb7ebd8c836a0c0a880839e34
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:36:50 2009 +1100
s4-ldb: added a missing ltdb_unlock_read()
commit 33976711e349c9b5e2ddcacbba3d87acabfae75a
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:35:46 2009 +1100
s4-dsdb: use dsdb_module_search_dn in repl_meta_data
This allows us to search below the current module. That
will be important when we start using the results of this
search to get the linked attributes meta data right
commit 707cd30cda11acdcad59cfdb6743eb822f69f5ba
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 9 14:34:13 2009 +1100
s4-dsdb: fixed steal of parentGUID for empty msg
msg->elements could be NULL before we add parentGUID
-----------------------------------------------------------------------
Summary of changes:
source4/cldap_server/netlogon.c | 4 +-
source4/dsdb/common/util.c | 16 ++++++++
source4/dsdb/samdb/ldb_modules/descriptor.c | 8 +---
source4/dsdb/samdb/ldb_modules/operational.c | 14 +++++--
source4/dsdb/samdb/ldb_modules/password_hash.c | 6 +--
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 5 ++-
source4/dsdb/samdb/ldb_modules/rootdse.c | 5 +-
source4/lib/ldb/ldb_tdb/ldb_search.c | 1 +
source4/lib/ldb/ldb_tdb/ldb_tdb.c | 15 +++++--
source4/lib/ldb/ldb_tdb/ldb_tdb.h | 1 +
source4/rpc_server/drsuapi/getncchanges.c | 47 ++++++----------------
11 files changed, 61 insertions(+), 61 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index c565f2f..049b008 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -215,10 +215,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
#endif
if (samdb_is_pdc(sam_ctx)) {
- int *domainFunctionality;
server_type |= DS_SERVER_PDC;
- domainFunctionality = talloc_get_type(ldb_get_opaque(sam_ctx, "domainFunctionality"), int);
- if (domainFunctionality && *domainFunctionality >= DS_DOMAIN_FUNCTION_2008) {
+ if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
}
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d9e03ce..512230f 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2705,3 +2705,19 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn)
return ret;
}
+
+/*
+ return domain functional level
+ returns DS_DOMAIN_FUNCTION_*
+ */
+int dsdb_functional_level(struct ldb_context *ldb)
+{
+ int *domainFunctionality =
+ talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
+ if (!domainFunctionality) {
+ DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n"));
+ return DS_DOMAIN_FUNCTION_2000;
+ }
+ return *domainFunctionality;
+}
+
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index da80ee5..03cb1ff 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -141,13 +141,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dom_sid *dag)
{
- int *domainFunctionality;
-
- domainFunctionality = talloc_get_type(
- ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- if (*domainFunctionality
- && (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) {
+ if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008) {
return dag;
}
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index badc0c5..aef9598 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -125,11 +125,12 @@ static int construct_parent_guid(struct ldb_module *module,
const struct ldb_val *parent_guid;
const char *attrs[] = { "objectGUID", NULL };
int ret;
+ struct ldb_val v;
/* TODO: In the future, this needs to honour the partition boundaries */
struct ldb_dn *parent_dn = ldb_dn_get_parent(msg, msg->dn);
- if (parent_dn == NULL){
+ if (parent_dn == NULL) {
DEBUG(4,(__location__ ": Failed to find parent for dn %s\n",
ldb_dn_get_linearized(msg->dn)));
return LDB_SUCCESS;
@@ -138,7 +139,7 @@ static int construct_parent_guid(struct ldb_module *module,
ret = dsdb_module_search_dn(module, msg, &res, parent_dn, attrs, DSDB_SEARCH_SHOW_DELETED);
talloc_free(parent_dn);
/* if there is no parentGUID for this object, then return */
- if (ret == LDB_ERR_NO_SUCH_OBJECT){
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
DEBUG(4,(__location__ ": Parent dn for %s does not exist \n",
ldb_dn_get_linearized(msg->dn)));
return LDB_SUCCESS;
@@ -152,9 +153,14 @@ static int construct_parent_guid(struct ldb_module *module,
return LDB_SUCCESS;
}
- talloc_steal(msg->elements, parent_guid->data);
+ v = data_blob_dup_talloc(res, parent_guid);
+ if (!v.data) {
+ talloc_free(res);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ret = ldb_msg_add_steal_value(msg, "parentGUID", &v);
talloc_free(res);
- return ldb_msg_add_value(msg, "parentGUID", parent_guid, 0);
+ return ret;
}
/*
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 8791db2..4d4f500 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1025,7 +1025,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
uint8_t zero16[16];
bool do_newer_keys = false;
bool do_cleartext = false;
- int *domainFunctionality;
ZERO_STRUCT(zero16);
ZERO_STRUCT(names);
@@ -1065,10 +1064,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
}
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
- domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- do_newer_keys = *domainFunctionality &&
- (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
+ do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 9ed70d9..27e4ce0 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -45,6 +45,7 @@
#include "param/param.h"
#include "libcli/security/dom_sid.h"
#include "lib/util/dlinklist.h"
+#include "dsdb/samdb/ldb_modules/util.h"
struct replmd_private {
TALLOC_CTX *la_ctx;
@@ -870,7 +871,9 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
* attribute was changed
*/
- ret = dsdb_search_dn_with_deleted(ldb, msg, &res, msg->dn, NULL);
+ ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
+ DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 661060d..045b507 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -322,10 +322,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- if (priv && do_attribute(attrs, "domainFunctionality")
- && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) {
+ if (priv && do_attribute(attrs, "domainFunctionality")) {
if (ldb_msg_add_fmt(msg, "domainFunctionality",
- "%d", *val) != 0) {
+ "%d", dsdb_functional_level(ldb)) != 0) {
goto failed;
}
}
diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c
index a6647cc..268c2f3 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_search.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_search.c
@@ -567,6 +567,7 @@ int ltdb_search(struct ltdb_context *ctx)
* full search or we may return
* duplicate entries
*/
+ ltdb_unlock_read(module);
return LDB_ERR_OPERATIONS_ERROR;
}
ret = ltdb_search_full(ctx);
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index 7fb3cdc..48409f2 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -88,10 +88,16 @@ int ltdb_lock_read(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
- if (ltdb->in_transaction == 0) {
- return tdb_lockall_read(ltdb->tdb);
+ int ret = 0;
+
+ if (ltdb->in_transaction == 0 &&
+ ltdb->read_lock_count == 0) {
+ ret = tdb_lockall_read(ltdb->tdb);
}
- return 0;
+ if (ret == 0) {
+ ltdb->read_lock_count++;
+ }
+ return ret;
}
/*
@@ -101,9 +107,10 @@ int ltdb_unlock_read(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
- if (ltdb->in_transaction == 0) {
+ if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
return tdb_unlockall_read(ltdb->tdb);
}
+ ltdb->read_lock_count--;
return 0;
}
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h
index 0f17c82..bb4cb3f 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h
@@ -31,6 +31,7 @@ struct ltdb_private {
bool check_base;
struct ltdb_idxptr *idxptr;
bool prepared_commit;
+ int read_lock_count;
};
/*
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index c90c92a..24ff324 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -57,46 +57,17 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
obj->is_nc_prefix = true;
obj->parent_object_guid = NULL;
} else {
- struct ldb_dn *parent_dn;
- uint32_t instance_type;
-
- instance_type = ldb_msg_find_attr_as_uint(msg, "instanceType", 0);
- if (instance_type & INSTANCE_TYPE_IS_NC_HEAD) {
- struct ldb_result *res;
- int ret;
- const char *dnstr = ldb_dn_get_linearized(msg->dn);
- msg->dn = ldb_dn_new(msg, sam_ctx, dnstr);
- /* we need to re-search the msg, to avoid the
- * broken dual message problems with our
- * partitions implementation */
- DEBUG(6,(__location__ ": Re-fetching subref %s\n",
- ldb_dn_get_linearized(msg->dn)));
- ret = drsuapi_search_with_extended_dn(sam_ctx, msg, &res,
- msg->dn, LDB_SCOPE_BASE, NULL,
- NULL, NULL);
- if (ret != LDB_SUCCESS || res->count < 1) {
- DEBUG(0,(__location__ ": Failed to reload subref head %s in %s\n",
- ldb_dn_get_linearized(msg->dn), ldb_dn_get_linearized(ncRoot_dn)));
- return WERR_DS_DRA_INTERNAL_ERROR;
- }
- msg = res->msgs[0];
- }
-
- parent_dn = ldb_dn_copy(msg, msg->dn);
obj->is_nc_prefix = false;
obj->parent_object_guid = talloc(obj, struct GUID);
- if (parent_dn == NULL) {
+ if (obj->parent_object_guid == NULL) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
- if (ldb_dn_remove_child_components(parent_dn, 1) != true) {
- DEBUG(0,(__location__ ": Unable to remove DN component\n"));
+ *obj->parent_object_guid = samdb_result_guid(msg, "parentGUID");
+ if (GUID_all_zero(obj->parent_object_guid)) {
+ DEBUG(0,(__location__ ": missing parentGUID for %s\n",
+ ldb_dn_get_linearized(msg->dn)));
return WERR_DS_DRA_INTERNAL_ERROR;
}
- if (dsdb_find_guid_by_dn(sam_ctx, parent_dn, obj->parent_object_guid) != LDB_SUCCESS) {
- DEBUG(0,(__location__ ": Unable to find parent DN %s %s\n",
- ldb_dn_get_linearized(msg->dn), ldb_dn_get_linearized(parent_dn)));
- }
- talloc_free(parent_dn);
}
obj->next_object = NULL;
@@ -343,6 +314,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
"ntPwdHistory",
"supplementalCredentials",
"unicodePwd",
+ "parentGUID",
NULL };
WERROR werr;
struct dcesrv_handle *h;
@@ -430,6 +402,13 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return WERR_NOMEM;
}
b_state->getncchanges_state = getnc_state;
+ getnc_state->ncRoot_dn = ldb_dn_new(getnc_state, b_state->sam_ctx, ncRoot->dn);
+ }
+
+ if (!ldb_dn_validate(getnc_state->ncRoot_dn) ||
+ ldb_dn_is_null(getnc_state->ncRoot_dn)) {
+ DEBUG(0,(__location__ ": Bad DN '%s'\n", ncRoot->dn));
+ return WERR_DS_DRA_INVALID_PARAMETER;
}
/* we need the session key for encrypting password attributes */
--
Samba Shared Repository
More information about the samba-cvs
mailing list