[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-670-g4f9de0e

Anatoliy Atanasov anatoliy at samba.org
Wed Sep 23 18:35:03 MDT 2009 

The branch, master has been updated
       via  4f9de0e995cbdebe8919bc703ea257149f02d5b1 (commit)
       via  23e4470c31a1800065830205241295344057ca01 (commit)
       via  97a9ae15b581be85bec260b3875343811f315fe6 (commit)
      from  71c862cd91969f238f4d63c8b1178621714d0cc4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4f9de0e995cbdebe8919bc703ea257149f02d5b1
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Wed Sep 23 16:51:55 2009 -0700

    s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges
    
    When this flag is specified in the request these attributes are treated as
    secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
    lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
    trustAuthIncoming, trustAuthOutgoing, unicodePwd
    Their value is changed to NULL and the meta_data.originating_change_time to 0

commit 23e4470c31a1800065830205241295344057ca01
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Wed Sep 23 16:52:34 2009 -0700

    s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges
    
    When this flag is specified in the request we should return
    for ncRoot only and so scope of search is LDB_SCOPE_BASE.

commit 97a9ae15b581be85bec260b3875343811f315fe6
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Wed Sep 23 16:58:58 2009 -0700

    s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchanges
    
    When this flag is specified in the request we shouldn't use the
    uptodateness vector in the request.

-----------------------------------------------------------------------

Summary of changes:
 source4/rpc_server/drsuapi/dcesrv_drsuapi.h |    3 ++
 source4/rpc_server/drsuapi/drsutil.c        |   32 ++++++++++++++++++++++++++-
 source4/rpc_server/drsuapi/getncchanges.c   |   29 +++++++++++++++++++++---
 3 files changed, 59 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
index 4097862..b8765cb 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
@@ -59,3 +59,6 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
 
 WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
 				const char* call);
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+				      struct drsuapi_DsReplicaMetaData *meta_data);
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index c78ebdd..9aef317 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -52,7 +52,6 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
 				    const char *sort_attrib,
 				    const char *filter)
 {
-	va_list ap;
 	int ret;
 	struct ldb_request *req;
 	TALLOC_CTX *tmp_ctx;
@@ -134,3 +133,34 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char*
 
 	return WERR_OK;
 }
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+				      struct drsuapi_DsReplicaMetaData *meta_data)
+{
+	if (attr->value_ctr.num_values == 0) {
+		return;
+	}
+
+	switch (attr->attid) {
+	case DRSUAPI_ATTRIBUTE_dBCSPwd:
+	case DRSUAPI_ATTRIBUTE_unicodePwd:
+	case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+	case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+	case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+	case DRSUAPI_ATTRIBUTE_priorValue:
+	case DRSUAPI_ATTRIBUTE_currentValue:
+	case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+	case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+	case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+	case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+		/*set value to null*/
+		attr->value_ctr.num_values = 0;
+		talloc_free(attr->value_ctr.values);
+		attr->value_ctr.values = NULL;
+		meta_data->originating_change_time = 0;
+		return;
+	default:
+		return;
+	}
+	return;
+}
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 75f5651..a9c4b45 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -41,7 +41,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
 					  struct ldb_dn *ncRoot_dn,
 					  struct dsdb_schema *schema,
 					  DATA_BLOB *session_key,
-					  uint64_t highest_usn)
+					  uint64_t highest_usn,
+					  uint32_t replica_flags)
 {
 	const struct ldb_val *md_value;
 	int i, n;
@@ -182,7 +183,15 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
 					 sa->lDAPDisplayName, win_errstr(werr)));
 				return werr;
 			}
-
+			/* if DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING is set
+			 * check if attribute is secret and send a null value
+			 * TODO: check if we can make this in the database layer
+			 */
+			if ((replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING)
+			    == DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) {
+				drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i],
+								 &obj->meta_data_ctr->meta_data[i]);
+			}
 			/* some attributes needs to be encrypted
 			   before being sent */
 			werr = drsuapi_encrypt_attribute(obj, session_key, rid, 
@@ -307,6 +316,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 	const char *attrs[] = { "*", "parentGUID", "distinguishedName", NULL };
 	WERROR werr;
 	char* search_filter;
+	enum ldb_scope scope = LDB_SCOPE_SUBTREE;
 
 	*r->out.level_out = 6;
 	/* TODO: linked attributes*/
@@ -332,6 +342,12 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 		return WERR_DS_DRA_BAD_NC;
 	}
 
+	if ((r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET)
+	    == DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET) {
+		/* Ignore the _in_ uptpdateness vector*/
+		r->in.req->req8.uptodateness_vector = NULL;
+	} 
+
 	werr = drs_security_level_check(dce_call, "DsGetNCChanges");
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
@@ -366,9 +382,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 						"(&%s(isCriticalSystemObject=true))",
 						search_filter);
 	}
+
 	ncRoot_dn = ldb_dn_new(mem_ctx, sam_ctx, ncRoot->dn);
+	if ((r->in.req->req8.replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP)
+	    == DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP) {
+		scope = LDB_SCOPE_BASE;
+	}
 	ret = drsuapi_search_with_extended_dn(sam_ctx, mem_ctx, &site_res,
-					      ncRoot_dn, LDB_SCOPE_SUBTREE, attrs,
+					      ncRoot_dn, scope, attrs,
 					      "distinguishedName",
 					      search_filter);
 	if (ret != LDB_SUCCESS) {
@@ -424,7 +445,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 		}
 
 		werr = get_nc_changes_build_object(obj, site_res->msgs[i], sam_ctx, ncRoot_dn, 
-						   schema, &session_key, r->in.req->req8.highwatermark.highest_usn);
+						   schema, &session_key, r->in.req->req8.highwatermark.highest_usn, r->in.req->req8.replica_flags);
 		if (!W_ERROR_IS_OK(werr)) {
 			return werr;
 		}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list