[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-670-g4f9de0e
Anatoliy Atanasov
anatoliy at samba.org
Wed Sep 23 18:35:03 MDT 2009
The branch, master has been updated
via 4f9de0e995cbdebe8919bc703ea257149f02d5b1 (commit)
via 23e4470c31a1800065830205241295344057ca01 (commit)
via 97a9ae15b581be85bec260b3875343811f315fe6 (commit)
from 71c862cd91969f238f4d63c8b1178621714d0cc4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4f9de0e995cbdebe8919bc703ea257149f02d5b1
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date: Wed Sep 23 16:51:55 2009 -0700
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
commit 23e4470c31a1800065830205241295344057ca01
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date: Wed Sep 23 16:52:34 2009 -0700
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges
When this flag is specified in the request we should return
for ncRoot only and so scope of search is LDB_SCOPE_BASE.
commit 97a9ae15b581be85bec260b3875343811f315fe6
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date: Wed Sep 23 16:58:58 2009 -0700
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchanges
When this flag is specified in the request we shouldn't use the
uptodateness vector in the request.
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 3 ++
source4/rpc_server/drsuapi/drsutil.c | 32 ++++++++++++++++++++++++++-
source4/rpc_server/drsuapi/getncchanges.c | 29 +++++++++++++++++++++---
3 files changed, 59 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
index 4097862..b8765cb 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
@@ -59,3 +59,6 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
const char* call);
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+ struct drsuapi_DsReplicaMetaData *meta_data);
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index c78ebdd..9aef317 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -52,7 +52,6 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
const char *sort_attrib,
const char *filter)
{
- va_list ap;
int ret;
struct ldb_request *req;
TALLOC_CTX *tmp_ctx;
@@ -134,3 +133,34 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char*
return WERR_OK;
}
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+ struct drsuapi_DsReplicaMetaData *meta_data)
+{
+ if (attr->value_ctr.num_values == 0) {
+ return;
+ }
+
+ switch (attr->attid) {
+ case DRSUAPI_ATTRIBUTE_dBCSPwd:
+ case DRSUAPI_ATTRIBUTE_unicodePwd:
+ case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+ case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+ case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+ case DRSUAPI_ATTRIBUTE_priorValue:
+ case DRSUAPI_ATTRIBUTE_currentValue:
+ case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+ case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+ case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+ case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+ /*set value to null*/
+ attr->value_ctr.num_values = 0;
+ talloc_free(attr->value_ctr.values);
+ attr->value_ctr.values = NULL;
+ meta_data->originating_change_time = 0;
+ return;
+ default:
+ return;
+ }
+ return;
+}
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 75f5651..a9c4b45 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -41,7 +41,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
struct ldb_dn *ncRoot_dn,
struct dsdb_schema *schema,
DATA_BLOB *session_key,
- uint64_t highest_usn)
+ uint64_t highest_usn,
+ uint32_t replica_flags)
{
const struct ldb_val *md_value;
int i, n;
@@ -182,7 +183,15 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
sa->lDAPDisplayName, win_errstr(werr)));
return werr;
}
-
+ /* if DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING is set
+ * check if attribute is secret and send a null value
+ * TODO: check if we can make this in the database layer
+ */
+ if ((replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING)
+ == DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) {
+ drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i],
+ &obj->meta_data_ctr->meta_data[i]);
+ }
/* some attributes needs to be encrypted
before being sent */
werr = drsuapi_encrypt_attribute(obj, session_key, rid,
@@ -307,6 +316,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
const char *attrs[] = { "*", "parentGUID", "distinguishedName", NULL };
WERROR werr;
char* search_filter;
+ enum ldb_scope scope = LDB_SCOPE_SUBTREE;
*r->out.level_out = 6;
/* TODO: linked attributes*/
@@ -332,6 +342,12 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return WERR_DS_DRA_BAD_NC;
}
+ if ((r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET)
+ == DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET) {
+ /* Ignore the _in_ uptpdateness vector*/
+ r->in.req->req8.uptodateness_vector = NULL;
+ }
+
werr = drs_security_level_check(dce_call, "DsGetNCChanges");
if (!W_ERROR_IS_OK(werr)) {
return werr;
@@ -366,9 +382,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
"(&%s(isCriticalSystemObject=true))",
search_filter);
}
+
ncRoot_dn = ldb_dn_new(mem_ctx, sam_ctx, ncRoot->dn);
+ if ((r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP)
+ == DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP) {
+ scope = LDB_SCOPE_BASE;
+ }
ret = drsuapi_search_with_extended_dn(sam_ctx, mem_ctx, &site_res,
- ncRoot_dn, LDB_SCOPE_SUBTREE, attrs,
+ ncRoot_dn, scope, attrs,
"distinguishedName",
search_filter);
if (ret != LDB_SUCCESS) {
@@ -424,7 +445,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
}
werr = get_nc_changes_build_object(obj, site_res->msgs[i], sam_ctx, ncRoot_dn,
- schema, &session_key, r->in.req->req8.highwatermark.highest_usn);
+ schema, &session_key, r->in.req->req8.highwatermark.highest_usn, r->in.req->req8.replica_flags);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list