[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-763-g4a230b5
Andrew Tridgell
tridge at samba.org
Sun Sep 27 23:36:51 MDT 2009
The branch, master has been updated
via 4a230b5e6ccbd7e8ac3dce875014715b733bb210 (commit)
via 0b0edbb606eb291b293e1bd0f3adfbbe76318d89 (commit)
via f279b57f194d1be3600215b98e7e5fc6431d31c3 (commit)
via da3f5a4113d7c828dc7d14226361473fb9ff00e7 (commit)
via 808585b4fe312aac953f1647a9c7f08b412b915b (commit)
via ccd2673b1a58d4c67793ab5a2622588116739716 (commit)
via cf55f78c29deb2c60bf4bf8e6bf17d0b75112d11 (commit)
via 83fae5f23f3a7929a685bf4e92bb99191bb2abe3 (commit)
via 0d810fceaff4f4320a34f55c44525cc07a71f4af (commit)
via 8aa85d7cbe5acee3900702f8fbdddb72ab26b578 (commit)
via 11efdc3ee2138002c61c43c180b9d80b80c53c1b (commit)
via b7dba6f16a00fa58cf5f486a83a4453055495fa6 (commit)
via 46b73740982e278040d426b6b93209341d97be40 (commit)
via d1876203248877755347d38a3bc27de506638a7f (commit)
via c82a816f4b8e375f8a93fa81194a47b327747c7f (commit)
via 12936bee690e5be8d34f7da288a8620d8b50c676 (commit)
via a130ad27c4d913f9d8a8f4bf3fde6c44ba33587d (commit)
via d515b6e3265f61a8eaeaaa7b3afc1e536fb216ef (commit)
via 9e326487687d1d2077964951093f49c9cddbff21 (commit)
via 5acd8bc01b23d6fc3d83eea9c3307feb7210879f (commit)
via 9cef5f0a53ce2bddce644303659859743ea89398 (commit)
via 557b177b04001ea687cf7905d765c72c1a7019b9 (commit)
from d9ada600cc81603300a0cfce75179c6aa1ac94cc (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4a230b5e6ccbd7e8ac3dce875014715b733bb210
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 28 15:16:06 2009 +1000
s4-kcc: fixed corruption of repsFrom records by kcc
We were re-using a stack variable outside of the stack scope
commit 0b0edbb606eb291b293e1bd0f3adfbbe76318d89
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 28 13:10:13 2009 +1000
s4-kcc: remove stale repsFrom entries in kcc run
commit f279b57f194d1be3600215b98e7e5fc6431d31c3
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 28 12:28:59 2009 +1000
s4-dsdb: don't return the partition root objects
When searching across partitions, we want to avoid sending duplicate
records caused by the record appearing both as a mount point and as a
partition root in a nested partition. This patch works by intercepting
objects from searches and checking if they match a partition root. If
they do, and the partition is not the one in the partition control
request, then discard the object.
commit da3f5a4113d7c828dc7d14226361473fb9ff00e7
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 28 11:06:35 2009 +1000
s4-make: add libds to etags/ctags source list
commit 808585b4fe312aac953f1647a9c7f08b412b915b
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 20:47:06 2009 -0700
s4-libnet: fixed debug formatting
commit ccd2673b1a58d4c67793ab5a2622588116739716
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 20:46:53 2009 -0700
s4-dsdb: removed extraneous debug messages
commit cf55f78c29deb2c60bf4bf8e6bf17d0b75112d11
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 20:38:20 2009 -0700
s4-dsdb: update replPropertyMetaData on linked attribute source attributes
commit 83fae5f23f3a7929a685bf4e92bb99191bb2abe3
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 20:37:45 2009 -0700
s4-dsdb: fixed searching for GUID based DNs between partitions
commit 0d810fceaff4f4320a34f55c44525cc07a71f4af
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:54:00 2009 -0700
s4-drs: removed debug code that replicated a maximum of 10 objects at a time
commit 8aa85d7cbe5acee3900702f8fbdddb72ab26b578
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:18:02 2009 -0700
s4-drsuapi: state variable for getncchanges
commit 11efdc3ee2138002c61c43c180b9d80b80c53c1b
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:17:44 2009 -0700
s4-dsruapi: plugfest updates
- always fetch parentGUID from databases, don't rely on parentGUID in
attributes
- re-fetch nc root mesages to avoid the problem of dual messages for
roots
- support returning messages a chunk at a time, using max_object_count
from request
commit b7dba6f16a00fa58cf5f486a83a4453055495fa6
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:15:23 2009 -0700
s4-drsutil: allow NULL filter
commit 46b73740982e278040d426b6b93209341d97be40
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:14:59 2009 -0700
s4-ldap: fixed spelling
commit d1876203248877755347d38a3bc27de506638a7f
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:14:43 2009 -0700
s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical
We may also need to remove the isCriticalSystemObject when the machine
is demoted
commit c82a816f4b8e375f8a93fa81194a47b327747c7f
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:13:09 2009 -0700
s4-repl: free the la list on prepare commit failure
commit 12936bee690e5be8d34f7da288a8620d8b50c676
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Sep 25 15:12:52 2009 -0700
s4-samdb: free the linked_attributes list on prepare commit failure
commit a130ad27c4d913f9d8a8f4bf3fde6c44ba33587d
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 20:15:11 2009 -0700
s4-repl: use GUID to resolve target in linked attributes
When we vampire from w2k8-r2, the DC sends us a linked attribute for
our machine account which has a target DN with a GUID of the OU=Domain
Controllers objects, but has a DN of CN=Computers. We need to use the
GUID to resolve the real DN.
commit d515b6e3265f61a8eaeaaa7b3afc1e536fb216ef
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 20:13:22 2009 -0700
s4-dsdb: ask for an extended DN in dsdb_find_dn_by_guid()
commit 9e326487687d1d2077964951093f49c9cddbff21
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 17:20:34 2009 -0700
s4-dsdb: make dsdb_search_dn_with_deleted public for repl_meta_data module
commit 5acd8bc01b23d6fc3d83eea9c3307feb7210879f
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 16:53:06 2009 -0700
s4-acl: fixed SD creation
Thanks for Nadya and Metze for this. The SDs were being created with
invalid fields (noticed by w2k8-r2 client when joining our domain)
commit 9cef5f0a53ce2bddce644303659859743ea89398
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 16:51:15 2009 -0700
libds: fixed spelling error
commit 557b177b04001ea687cf7905d765c72c1a7019b9
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 24 16:50:59 2009 -0700
s4-drs: fixed sorting of replPropertyMetaData
This also ensures we add the SHOW_DELETED control on searches for old
replPropertyMetaData attributes
-----------------------------------------------------------------------
Summary of changes:
libds/common/flags.h | 2 +-
source4/build/make/rules.mk | 2 +-
source4/dsdb/common/util.c | 15 +-
source4/dsdb/kcc/kcc_periodic.c | 17 ++-
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 18 ++-
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition.c | 20 ++-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 116 +++++++----
source4/dsdb/samdb/ldb_modules/samldb.c | 10 +
source4/ldap_server/ldap_backend.c | 2 +-
source4/libcli/security/create_descriptor.c | 34 ++-
source4/libnet/libnet_vampire.c | 4 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 1 +
source4/rpc_server/drsuapi/drsutil.c | 5 -
source4/rpc_server/drsuapi/getncchanges.c | 220 +++++++++++++-------
15 files changed, 319 insertions(+), 151 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libds/common/flags.h b/libds/common/flags.h
index fb90e66..37103bc 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -153,7 +153,7 @@
#define SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE 0x10000000
#define SYSTEM_FLAG_CONFIG_ALLOW_MOVE 0x20000000
#define SYSTEM_FLAG_CONFIG_ALLOW_RENAME 0x40000000
-#define SYSTEM_FLAG_DISALLOW_DELTE 0x80000000
+#define SYSTEM_FLAG_DISALLOW_DELETE 0x80000000
/* "searchFlags" */
#define SEARCH_FLAG_ATTINDEX 0x0000001
diff --git a/source4/build/make/rules.mk b/source4/build/make/rules.mk
index d054d87..78b4240 100644
--- a/source4/build/make/rules.mk
+++ b/source4/build/make/rules.mk
@@ -182,7 +182,7 @@ showflags::
@echo ' MDLD_FLAGS = $(MDLD_FLAGS)'
@echo ' SHLIBEXT = $(SHLIBEXT)'
-base_srcdirs = $(srcdir) ../librpc/ ../lib/ ../libcli ../libgpo ../nsswitch
+base_srcdirs = $(srcdir) ../librpc/ ../lib/ ../libcli ../libgpo ../nsswitch ../libds
etags:
etags $(ETAGS_OPTIONS) `find $(base_srcdirs) -name "*.[ch]"`
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 52ba40b..45f19e9 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2155,6 +2155,11 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
}
options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_EXTENDED_DN_OID, true, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
ret = ldb_request_add_control(search_req,
LDB_CONTROL_SEARCH_OPTIONS_OID,
true, options);
@@ -2187,11 +2192,11 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
/*
search for attrs on one DN, allowing for deleted objects
*/
-static int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
- TALLOC_CTX *mem_ctx,
- struct ldb_result **_res,
- struct ldb_dn *basedn,
- const char * const *attrs)
+int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_result **_res,
+ struct ldb_dn *basedn,
+ const char * const *attrs)
{
int ret;
struct ldb_request *req;
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index dae0c1e..44e0c7a 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -75,6 +75,7 @@ static NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ct
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ /* add any new ones */
for (i=0; i<count; i++) {
if (!reps_in_list(&reps[i], old_reps, old_count)) {
old_reps = talloc_realloc(mem_ctx, old_reps, struct repsFromToBlob, old_count+1);
@@ -84,6 +85,16 @@ static NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ct
modified = true;
}
}
+
+ /* remove any stale ones */
+ for (i=0; i<old_count; i++) {
+ if (!reps_in_list(&old_reps[i], reps, count)) {
+ memmove(&old_reps[i], &old_reps[i+1], (old_count-(i+1))*sizeof(old_reps[0]));
+ old_count--;
+ i--;
+ modified = true;
+ }
+ }
if (modified) {
werr = dsdb_savereps(s->samdb, mem_ctx, p->dn, "repsFrom", old_reps, old_count);
@@ -121,7 +132,6 @@ static NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_c
for (i=0; i<res->count; i++) {
struct repsFromTo1 *r1;
- struct repsFromTo1OtherInfo oi;
struct GUID ntds_guid, invocation_id;
ntds_guid = samdb_result_guid(res->msgs[i], "objectGUID");
@@ -136,14 +146,13 @@ static NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_c
NT_STATUS_HAVE_NO_MEMORY(reps);
ZERO_STRUCT(reps[count]);
- ZERO_STRUCT(oi);
reps[count].version = 1;
r1 = &reps[count].ctr.ctr1;
- oi.dns_name = talloc_asprintf(mem_ctx, "%s._msdcs.%s",
+ r1->other_info = talloc_zero(reps, struct repsFromTo1OtherInfo);
+ r1->other_info->dns_name = talloc_asprintf(r1->other_info, "%s._msdcs.%s",
GUID_string(mem_ctx, &ntds_guid),
lp_realm(s->task->lp_ctx));
- r1->other_info = &oi;
r1->source_dsa_obj_guid = ntds_guid;
r1->source_dsa_invocation_id = invocation_id;
r1->replica_flags =
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index e6b0220..89ba7bb 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -255,6 +255,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
"wellKnownObjects",
NULL
};
+ bool all_partitions = false;
if (!ldb_dn_has_extended(dn)) {
/* Move along there isn't anything to see here */
@@ -268,7 +269,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
if (sid_val) {
- /* TODO: do a search over all partitions */
+ all_partitions = true;
base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
ldb_binary_encode(req, *sid_val));
@@ -281,7 +282,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
} else if (guid_val) {
- /* TODO: do a search over all partitions */
+ all_partitions = true;
base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module));
base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
ldb_binary_encode(req, *guid_val));
@@ -360,6 +361,19 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
return LDB_ERR_OPERATIONS_ERROR;
}
+ if (all_partitions) {
+ struct ldb_search_options_control *control;
+ control = talloc(down_req, struct ldb_search_options_control);
+ control->search_options = 2;
+ ret = ldb_request_add_control(down_req,
+ LDB_CONTROL_SEARCH_OPTIONS_OID,
+ true, control);
+ if (ret != LDB_SUCCESS) {
+ ldb_oom(ldb_module_get_ctx(module));
+ return ret;
+ }
+ }
+
/* perform the search */
return ldb_next_request(module, down_req);
}
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index b4144ef..32f9cba 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -1223,13 +1223,15 @@ static int linked_attributes_prepare_commit(struct ldb_module *module)
ret = la_do_mod_request(module, ac);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed mod request ret=%d\n", ret));
+ talloc_free(la_private);
+ ldb_module_set_private(module, NULL);
return ret;
}
}
talloc_free(la_private);
ldb_module_set_private(module, NULL);
-
+
return ldb_next_prepare_commit(module);
}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 79d11fd..6e86d4c 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -186,9 +186,11 @@ static int partition_req_callback(struct ldb_request *req,
struct partition_context *ac;
struct ldb_module *module;
struct ldb_request *nreq;
- int ret;
+ int ret, i;
+ struct partition_private_data *data;
ac = talloc_get_type(req->context, struct partition_context);
+ data = talloc_get_type(ac->module->private_data, struct partition_private_data);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
@@ -213,6 +215,22 @@ static int partition_req_callback(struct ldb_request *req,
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
+ for (i=0; data && data->partitions && data->partitions[i]; i++) {
+ if (ldb_dn_compare(ares->message->dn, data->partitions[i]->ctrl->dn) == 0) {
+ struct ldb_control *part_control;
+ /* this is a partition root message - make
+ sure it isn't one of our fake root
+ entries from a parent partition */
+ part_control = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
+ if (part_control && part_control->data != data->partitions[i]->ctrl) {
+ DEBUG(6,(__location__ ": Discarding partition mount object %s\n",
+ ldb_dn_get_linearized(ares->message->dn)));
+ talloc_free(ares);
+ return LDB_SUCCESS;
+ }
+ }
+ }
+
return ldb_module_send_entry(ac->req, ares->message, ares->controls);
case LDB_REPLY_DONE:
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index f07dc14..253596d 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -363,11 +363,33 @@ static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMeta
return m1->attid - m2->attid;
}
-static void replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1,
- const uint32_t *rdn_attid)
+static int replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1,
+ const struct dsdb_schema *schema,
+ struct ldb_dn *dn)
{
+ const char *rdn_name;
+ const struct dsdb_attribute *rdn_sa;
+
+ rdn_name = ldb_dn_get_rdn_name(dn);
+ if (!rdn_name) {
+ DEBUG(0,(__location__ ": No rDN for %s?\n", ldb_dn_get_linearized(dn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ rdn_sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
+ if (rdn_sa == NULL) {
+ DEBUG(0,(__location__ ": No sa found for rDN %s for %s\n", rdn_name, ldb_dn_get_linearized(dn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ DEBUG(6,("Sorting rpmd with attid exception %u rDN=%s DN=%s\n",
+ rdn_sa->attributeID_id, rdn_name, ldb_dn_get_linearized(dn)));
+
ldb_qsort(ctr1->array, ctr1->count, sizeof(struct replPropertyMetaData1),
- discard_const_p(void, rdn_attid), (ldb_qsort_cmp_fn_t)replmd_replPropertyMetaData1_attid_sort);
+ discard_const_p(void, &rdn_sa->attributeID_id),
+ (ldb_qsort_cmp_fn_t)replmd_replPropertyMetaData1_attid_sort);
+
+ return LDB_SUCCESS;
}
static int replmd_ldb_message_element_attid_sort(const struct ldb_message_element *e1,
@@ -440,7 +462,6 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
enum ndr_err_code ndr_err;
struct ldb_request *down_req;
struct ldb_message *msg;
- const struct dsdb_attribute *rdn_attr = NULL;
struct GUID guid;
struct ldb_val guid_value;
struct replPropertyMetaDataBlob nmd;
@@ -581,10 +602,6 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
m->originating_usn = seq_num;
m->local_usn = seq_num;
ni++;
-
- if (ldb_attr_cmp(e->name, ldb_dn_get_rdn_name(msg->dn))) {
- rdn_attr = sa;
- }
}
/* fix meta data count */
@@ -593,7 +610,10 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
/*
* sort meta data array, and move the rdn attribute entry to the end
*/
- replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_attr->attributeID_id);
+ ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, schema, msg->dn);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/* generated NDR encoded values */
ndr_err = ndr_push_struct_blob(&guid_value, msg,
@@ -764,7 +784,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
unix_to_nt_time(&now, t);
/* search for the existing replPropertyMetaDataBlob */
- ret = ldb_search(ldb, msg, &res, msg->dn, LDB_SCOPE_BASE, attrs, NULL);
+ ret = dsdb_search_dn_with_deleted(ldb, msg, &res, msg->dn, attrs);
if (ret != LDB_SUCCESS || res->count < 1) {
DEBUG(0,(__location__ ": Object %s failed to find replPropertyMetaData\n",
ldb_dn_get_linearized(msg->dn)));
@@ -811,20 +831,6 @@ static int replmd_update_rpmd(struct ldb_module *module,
if (*seq_num != 0) {
struct ldb_val *md_value;
struct ldb_message_element *el;
- const char *rdn_name;
- const struct dsdb_attribute *rdn_sa;
-
- rdn_name = ldb_dn_get_rdn_name(msg->dn);
- if (!rdn_name) {
- DEBUG(0,(__location__ ": No rDN for %s?\n", ldb_dn_get_linearized(msg->dn)));
- return LDB_ERR_OPERATIONS_ERROR;
- }
- rdn_sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
- if (rdn_sa == NULL) {
- DEBUG(0,(__location__ ": sa not found for rDN %s in %s?\n",
- rdn_name, ldb_dn_get_linearized(msg->dn)));
- return LDB_ERR_OPERATIONS_ERROR;
- }
md_value = talloc(msg, struct ldb_val);
if (md_value == NULL) {
@@ -832,7 +838,10 @@ static int replmd_update_rpmd(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
- replmd_replPropertyMetaDataCtr1_sort(&omd.ctr.ctr1, &rdn_sa->attributeID_id);
+ ret = replmd_replPropertyMetaDataCtr1_sort(&omd.ctr.ctr1, schema, msg->dn);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
ndr_err = ndr_push_struct_blob(md_value, msg,
lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")),
@@ -1379,12 +1388,9 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
*
* sort the new meta data array
*/
- {
- struct replPropertyMetaData1 *rdn_p;
- uint32_t rdn_idx = omd.ctr.ctr1.count - 1;
-
- rdn_p = &nmd.ctr.ctr1.array[rdn_idx];
- replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, &rdn_p->attid);
+ ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, ar->schema, msg->dn);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
/*
@@ -1545,6 +1551,13 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
ar,
replmd_replicated_apply_search_callback,
ar->req);
+
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+
if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
return ldb_next_request(ar->module, search_req);
@@ -2063,10 +2076,11 @@ static int replmd_process_linked_attribute(struct ldb_module *module,
struct ldb_message_element *ret_el;
TALLOC_CTX *tmp_ctx = talloc_new(la_entry);
enum ndr_err_code ndr_err;
- char *target_dn;
struct ldb_request *mod_req;
int ret;
const struct dsdb_attribute *attr;
+ struct ldb_dn *target_dn;
+ uint64_t seq_num = 0;
/*
linked_attributes[0]:
@@ -2163,16 +2177,37 @@ linked_attributes[0]:
}
ret_el->num_values = 1;
- target_dn = talloc_asprintf(tmp_ctx, "<GUID=%s>;<SID=%s>;%s",
- GUID_string(tmp_ctx, &target.guid),
- dom_sid_string(tmp_ctx, &target.sid),
- target.dn);
- if (target_dn == NULL) {
- ldb_oom(ldb);
+ ret = dsdb_find_dn_by_guid(ldb, tmp_ctx, GUID_string(tmp_ctx, &target.guid), &target_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to map GUID %s to DN\n", GUID_string(tmp_ctx, &target.guid)));
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
- ret_el->values[0] = data_blob_string_const(target_dn);
+
+ ret_el->values[0].data = (uint8_t *)ldb_dn_get_extended_linearized(tmp_ctx, target_dn, 1);
+ ret_el->values[0].length = strlen((char *)ret_el->values[0].data);
+
+ ret = replmd_update_rpmd(module, msg, &seq_num);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* we only change whenChanged and uSNChanged if the seq_num
+ has changed */
+ if (seq_num != 0) {
+ time_t t = time(NULL);
+
+ if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (add_uint64_element(msg, "uSNChanged", seq_num) != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
msg,
@@ -2304,6 +2339,9 @@ static int replmd_prepare_commit(struct ldb_module *module)
DLIST_REMOVE(replmd_private->la_list, la);
ret = replmd_process_linked_attribute(module, la);
if (ret != LDB_SUCCESS) {
+ talloc_free(replmd_private->la_ctx);
+ replmd_private->la_list = NULL;
+ replmd_private->la_ctx = NULL;
return ret;
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 8f51dc7..e59b5dd 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2005,6 +2005,16 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
}
el2 = ldb_msg_find_element(msg, "sAMAccountType");
el2->flags = LDB_FLAG_MOD_REPLACE;
+
+ if (user_account_control & UF_SERVER_TRUST_ACCOUNT) {
+ ret = samdb_msg_add_string(ldb, msg, msg,
+ "isCriticalSystemObject", "TRUE");
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el2 = ldb_msg_find_element(msg, "isCriticalSystemObject");
+ el2->flags = LDB_FLAG_MOD_REPLACE;
+ }
}
el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 383c5bc..27b9c87 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -734,7 +734,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
int result = LDAP_SUCCESS;
int ldb_ret;
- DEBUG(10, ("ModifyDNRequrest"));
+ DEBUG(10, ("ModifyDNRequest"));
DEBUGADD(10, (" dn: %s", req->dn));
DEBUGADD(10, (" newrdn: %s", req->newrdn));
diff --git a/source4/libcli/security/create_descriptor.c b/source4/libcli/security/create_descriptor.c
index ebf07ac..a7f5f41 100644
--- a/source4/libcli/security/create_descriptor.c
+++ b/source4/libcli/security/create_descriptor.c
@@ -265,6 +265,9 @@ static struct security_acl *calculate_inherited_from_creator(TALLOC_CTX *mem_ctx
if (!tmp_acl)
return NULL;
+ tmp_acl->revision = acl->revision;
+ DEBUG(6,(__location__ ": acl revision %u\n", acl->revision));
+
co = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_OWNER);
cg = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_GROUP);
@@ -411,28 +414,35 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
struct dom_sid *new_group = NULL;
new_sd = security_descriptor_initialise(mem_ctx);
- if (!new_sd)
+ if (!new_sd) {
return NULL;
- if (!creator_sd || !creator_sd->owner_sid){
- if (inherit_flags & SEC_OWNER_FROM_PARENT)
+ }
+
+ if (!creator_sd || !creator_sd->owner_sid) {
+ if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) {
new_owner = parent_sd->owner_sid;
- else if (!default_owner)
+ } else if (!default_owner) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list