[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Fri Jan 1 14:52:25 MST 2010
The branch, master has been updated
via 00b39c7... s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs
via cced567... s4-kcc: added a preiodic task to remove deleted objects
via 08bad38... s4-dsdb: fixed several memory leaks
via 031460b... s4-dsdb: fixed samdb_create_foreign_security_principal() to use the wellknown GUID
via 335af02... s4-ldb: fixed valgrind error: ares can be freed by callback
via 8eaed07... s4-dsdb: make sure 'whenChanged' is set on modify
via 9819d28... s4-dsdb: added dsdb_tombstone_lifetime()
via 23eb9f4... s4-dsdb: allow system to remove deleted objects
via 1c5a268... s4-ldaptest: need to use MessageElement for modify messages
via e410a91... s4-ldb: show an error string, as well as error message
via 4eecfc8... s4-drs: make sure the DNs we put in the db have a extended GUID
via 6628588... s4-dsdb: added dsdb_set_extended_dn_guid()
via 98d94cc... s4-ldbtest: fixed message element in modify
via 81e8a18... s4-ldb: allow modules to override error return values
via 302dcd0... s4-ldbmodify: show the error code as well as error string
via 1ab5020... s4-ldb: declate ldb_val_to_time()
via 53e86ac... s4-ldb: use safe length limited conversions for int64 and time
via 708ad42... s4-dsdb: use safe length limiting in string->integer conversion
via c306179... s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time()
via baae6ef... s4-ldb: added ldb_val_to_time()
via e3cf818... s4-drs: sort linked attributes
via d48237d... s4-drs: re-resolve the DN in linked attribute processing
via 5dd6e08... s4-drs: use dsdb_module_rename()
via 38160de... s4-drs: use dsdb linked attribute parse functions
via 5e52c71... s4-dsdb: added parse functions for DRS linked attribute blobs
via a81dd03... s4-drs: set flag to indicate that we do support linked attributes
via 36f8ece... s4-ldb: show the error code as well as errstr
via db3f0e8... s4-dsdb: fixed valgrind error in replmd modify
via 9f053d4... s4-drs: don't try to remove backlinks directly
via 0bf7f95... s4-drs: isRecycled only exists in FL W2K8-R2
via 5305032... s4-drs: use DSDB_FLAG_OWN_MODULE
via 9572535... s4-drs: update comment to refect only forward link in this fn
via 5b31cb2... s4-drs: fixed typo for uSNCreated
via 7a39340... s4-drs: use dsdb_module_guid_by_dn()
via e3054ce... s4-drs: cope better with NULL GUIDS from DRS
via 2e11448... s4-drs: give an error message in repl_meta_data if we don't get a partition control
via 0d5d7f5... s4-drs: treat a zero GUID as not present in replmd_add_fix_la
via 0c2afdd... s4-drs: update highwatermark after successfully encoding the object
via ff6dd4a... s4-drs: send all linked attributes at the end of a replication cycle
via 5bf257f... s4-drs: use the extended linearized form for DRS replication
via 7653f56... s4-drs: implemented sorting functions based on replication flags
via 701148b... s4-drs: we are doing the sorting for getncchanges in the app code now
via cb00e44... s4-drs: give a reason when an AddEntry commit fails
via 9f02898... s4-schema: don't fill in the extended DN with a zero GUID
via d4853fe... sd-schema: order DRS classes on the wire in reverse order
via ca5c3a0... s4-dsdb: added DSDB_FLAG_OWN_MODULE
via e1ffcfc... s4-ldb: added ldb_module_get_ops()
via dd33a22... s4-dsdb: use a common method for finding a link pair
via 340d7e8... s4-drs: fixed the UDV return in getncchanges
via bcc952d... s4-drs: some useful debugging options for getncchanges
via bf8ccd2... s4-dsdb: fill in the correct version number of links that come over DRS
via 5dcb903... s4-dsdb: move checking for single valued links to samba modules
via 3c1259f... s4-dsdb: added dsdb_check_single_valued_link()
via 225bcfa... s4-drs: handle mixtures of old and new style links in getncchanges
via 64802c5... s4-dsdb: added dsdb_dn_is_upgraded_link_val()
via b34db08... s4-ldb: use the RELAX control to disable single value checking on replace
via 26ec526... s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
via fde3f64... s4-drs: added linked attribute replication to getncchanges
via beba977... s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
via 809bcfc... s4-dsdb: minor cleanup in DRS replicated objects code
via 4dbcab4... s4-dsdb: store full meta data from DRS for linked attributes
via 312ef9d... s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
via b1db66a... s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
via f1b6484... s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
via e4a6f5c... s4-dsdb: handle links with no backlinks in replmd_delete
via 5eefff9... s4-dsdb: simplify the linked_attributes module
via e9699e9... s4-dsdb: do the rename after the modify in replmd_delete
via 2b5cd3d... s4-dsdb: some backlinks can be processed immediately
via 3fe9244... s4-dsdb: remove linked_attributes_add
via 9e96ae8... s4-dsdb: add linked attributes meta_data handling to replmd_add
via 348bcfc... s4-dsdb: added replmd_delete, based on Eduardos work
via 5964acf... s4-dsdb: the linked_attributes module no longer handles deletes
via bd5678f... s4-dsdb: repl_meta_data now replaces objectguid in all cases
via 3199e02... s4-dsdb: add a comment on the use of ldb_rename()
via c071af3... s4-dsdb: linked_attributes_modify no longer handles modifies
via 3b05606... s4-dsdb: added support for backlinks in repl_meta_data
via dee6b6f... s4-dsdb: implemeneted replmd_modify_la_replace()
via d5020e3... s4-dsdb: add a TODO item for linked attributes in extended_dn_out
via 41c3c97... s4-dsdb: add support for storing linked attribute meta data in extended DNs
from 9085499... heimdal_build: Explicitly specify 'YES' when enabling external libraries.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 00b39c70f57882a453a8d2e6b0f1f37fd39a2d2a
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Jan 2 08:14:52 2010 +1100
s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs
This allows for more flags in the future
commit cced56736431094db14d07cfe04fd7606541c339
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 21:40:17 2009 +1100
s4-kcc: added a preiodic task to remove deleted objects
we check for deleted objects in each partition every 10 minutes, using
onelevel searches
commit 08bad380351e9753adc4330beb06dd2929113cfc
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 21:39:24 2009 +1100
s4-dsdb: fixed several memory leaks
need to be careful with those temporary contexts
commit 031460b8a228ced18381ca35379aa4ea02a3f764
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 21:38:21 2009 +1100
s4-dsdb: fixed samdb_create_foreign_security_principal() to use the wellknown GUID
This also fixes a memory leak
commit 335af02218fbee7b02cbd1e4e6b40acff288465f
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 21:36:31 2009 +1100
s4-ldb: fixed valgrind error: ares can be freed by callback
commit 8eaed073a7c60986ecd02c3cc4beb53bd66772c6
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 20:05:02 2009 +1100
s4-dsdb: make sure 'whenChanged' is set on modify
We also should preserve (and then replace) whenChanged on delete
commit 9819d280d69e5870d61a177923912eae0c573709
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 20:04:17 2009 +1100
s4-dsdb: added dsdb_tombstone_lifetime()
commit 23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 18:47:51 2009 +1100
s4-dsdb: allow system to remove deleted objects
This will be used by a periodic job to remove tombstoned objects
commit 1c5a268f34af7fdb4fcbd7f94898a1e76aa142b7
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 10:54:03 2009 +1100
s4-ldaptest: need to use MessageElement for modify messages
Without MessageElement() the flags are not set, which is invalid
commit e410a91ff423213feeee52b7357bd95e5f7f4552
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 10:53:36 2009 +1100
s4-ldb: show an error string, as well as error message
This makes it easier to track down error mismatches from the test
suite
commit 4eecfc80bc7f305cc6c57ebc2a56f2aa354a522f
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 10:52:55 2009 +1100
s4-drs: make sure the DNs we put in the db have a extended GUID
commit 6628588dfba353c3d2948d14de2d24edfafc371d
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 30 10:52:14 2009 +1100
s4-dsdb: added dsdb_set_extended_dn_guid()
commit 98d94cca6fdf0f9fbe045fdb213f642244ddc41f
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:41:19 2009 +1100
s4-ldbtest: fixed message element in modify
a flags value of zero is not valid
commit 81e8a18181d3f24ac837ae0295fc2fca927a7ddf
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:40:30 2009 +1100
s4-ldb: allow modules to override error return values
The samldb module overrides the error code for some returns when
handling primaryGroupID. We need to take the error from the async
callback to allow this to work reliably
commit 302dcd022633a928050c916561a6f640216fb247
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:39:29 2009 +1100
s4-ldbmodify: show the error code as well as error string
commit 1ab5020ef238d73d23611ef1da22d14c8ab3dbcc
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:39:05 2009 +1100
s4-ldb: declate ldb_val_to_time()
commit 53e86ac5b27e7e5d13ab671b8ce202bb97b80d3e
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:38:49 2009 +1100
s4-ldb: use safe length limited conversions for int64 and time
commit 708ad42b0b1029a813141d1b1d14c782f7ce6393
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:38:17 2009 +1100
s4-dsdb: use safe length limiting in string->integer conversion
The ldap.py test suite could trigger a read past the end of the struct
ldb_val buffer
commit c3061794ef4d03d5b26d4a221a93722b3ed08197
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:37:17 2009 +1100
s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time()
commit baae6ef9d24a59f794a8cbc9aa0ccdbbeb2ed369
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 29 11:36:37 2009 +1100
s4-ldb: added ldb_val_to_time()
This is intended as a replacement for ldb_string_to_time() for ldb_val
inputs. This ensures it is length limited and includes additional
validity checks
commit e3cf818c277f90df37cab8a2ecbf93e6a92d8cb2
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 17:22:40 2009 +1100
s4-drs: sort linked attributes
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
commit d48237d547470e064b7f5fb464758e7e9eaae17d
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 17:22:12 2009 +1100
s4-drs: re-resolve the DN in linked attribute processing
w2k8-r2 sometimes sends the DN with an old target
commit 5dd6e089f136d3ce04127b930da59913704bf083
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 17:20:13 2009 +1100
s4-drs: use dsdb_module_rename()
Use the new dsdb_module_rename() for DRS rename handling, instead of
ldb_rename(). This stops us going to the top of the module stack on a
rename.
commit 38160deac4d6f4a8ae22fcedcf55114bc0372f31
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 17:19:29 2009 +1100
s4-drs: use dsdb linked attribute parse functions
This makes the code considerably more readable
commit 5e52c7149fb6f4e79541cde719f7f014d8954922
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 17:18:14 2009 +1100
s4-dsdb: added parse functions for DRS linked attribute blobs
commit a81dd03917b5ae74b3b5515cbb37cbafaecc5c28
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 28 14:11:37 2009 +1100
s4-drs: set flag to indicate that we do support linked attributes
commit 36f8ece9de5e5bd9f885bba84ac6377c1ed8f7a9
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 22 12:31:42 2009 +1100
s4-ldb: show the error code as well as errstr
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit db3f0e8ec1bfc6d3f27195ee38f53489501e731e
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Dec 22 12:21:02 2009 +1100
s4-dsdb: fixed valgrind error in replmd modify
We are using the values from a search result, so we need to steal them
onto the msg before we free the search results
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 9f053d43ded23bb72d4c10162a8c6a211831b068
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:28:04 2009 +1100
s4-drs: don't try to remove backlinks directly
backlinks need to be removed as a side effect of removing the forward
link
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 0bf7f952735e848700122c9ced064d211831ba7c
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:27:16 2009 +1100
s4-drs: isRecycled only exists in FL W2K8-R2
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 530503290d029894d3b0f0bc4f3c058752e904fb
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:26:15 2009 +1100
s4-drs: use DSDB_FLAG_OWN_MODULE
We need DRS driven replication changes to update replPropertyMetaData,
so it needs to call into the repl_meta_data module logic
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 9572535940e808d4dd681ee01b04ad589c7e73c9
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:25:27 2009 +1100
s4-drs: update comment to refect only forward link in this fn
This function only update forward links
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 5b31cb20dd49622fa761fd4ae1869bcc0de0330d
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:24:18 2009 +1100
s4-drs: fixed typo for uSNCreated
This broke DRS replication from samba to windows
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 7a39340c8ecf4ac9475ae91f721dc979b19c030d
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:23:18 2009 +1100
s4-drs: use dsdb_module_guid_by_dn()
We should not be going to the top of the module stack
commit e3054ce0fe0f8f62d2f5b2a77893e7a1479128bd
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:21:55 2009 +1100
s4-drs: cope better with NULL GUIDS from DRS
It is valid to get a NULL GUID over DRS for a deleted forward link. We
need to match by DN if possible when seeing if we should update an
existing link.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 2e114484e5abd658b9a8ae1ecb1af6768bd8fc46
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:19:55 2009 +1100
s4-drs: give an error message in repl_meta_data if we don't get a partition control
commit 0d5d7f58473c989bff4d7f7d65da31f9b037de3a
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:18:31 2009 +1100
s4-drs: treat a zero GUID as not present in replmd_add_fix_la
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 0c2afdd5a95c247eb8e7ce7d721ac61fb111220c
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:16:35 2009 +1100
s4-drs: update highwatermark after successfully encoding the object
commit ff6dd4a67fe74349a8e54766f2f0f91ded06a742
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:13:59 2009 +1100
s4-drs: send all linked attributes at the end of a replication cycle
This ensures that a link is not seen before the object it points to
commit 5bf257fa9ba32ec31886be34edff35eb41f885d4
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:12:19 2009 +1100
s4-drs: use the extended linearized form for DRS replication
We were sending zero GUIDs. Not good!
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 7653f56bd48859dce2481ef1e7ee885b25bfc709
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:10:41 2009 +1100
s4-drs: implemented sorting functions based on replication flags
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
commit 701148bbe9de178b068d200d086b1c6ba1045c97
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:06:56 2009 +1100
s4-drs: we are doing the sorting for getncchanges in the app code now
the sorting is quite delicate, and easier to get right in the
getncchanges code
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit cb00e443a3c63889f39132e5e954eb0b95804e74
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:05:50 2009 +1100
s4-drs: give a reason when an AddEntry commit fails
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 9f02898080f5a19930d9adfcce3cf4139e3952e9
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:01:33 2009 +1100
s4-schema: don't fill in the extended DN with a zero GUID
sometimes windows sends us a zero GUID in a DRS DN.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit d4853fed00a9f5e6e5eee5dc1ce0eab3cd9bda37
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 20:59:57 2009 +1100
sd-schema: order DRS classes on the wire in reverse order
windows sends objectclasses in DRS in the opposite order to what LDAP
uses
commit ca5c3a0a02b18787c089c4f32807d4cdf59578df
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 20:59:08 2009 +1100
s4-dsdb: added DSDB_FLAG_OWN_MODULE
This allows you to call dsdb_module_*() functions while including the
current module in the module stack to be used
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e1ffcfc7832768429e2f84ae048476ac0ff8dbba
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 21 21:03:11 2009 +1100
s4-ldb: added ldb_module_get_ops()
This is needed to support DSDB_FLAG_OWN_MODULE
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit dd33a22f1de513277ed1182f70eb81f16eaab543
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Dec 20 11:53:09 2009 +1100
s4-dsdb: use a common method for finding a link pair
Use ^1 everywhere, to ensure it works for both forward and backward
links
commit 340d7e807b2be7fb5c50a0cddf9378aa9bd929bf
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Dec 20 10:27:03 2009 +1100
s4-drs: fixed the UDV return in getncchanges
We should overwrite an existing entry if found
commit bcc952d19dd5e1731386ccd1d7150e4bc306c60c
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Dec 20 00:12:35 2009 +1100
s4-drs: some useful debugging options for getncchanges
Added two debugging parametric options
drs:max object sync =
drs:extra filter =
commit bf8ccd21f1f421f8d76f4882f2c3df8d429413b7
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Dec 20 00:10:40 2009 +1100
s4-dsdb: fill in the correct version number of links that come over DRS
commit 5dcb903f26045656372993822debcfbc956827b0
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 21:42:40 2009 +1100
s4-dsdb: move checking for single valued links to samba modules
This uses the RELAX control and checking of single valued attributes
in ldb modules to avoid problems with multi-valued links where all
values but one are deleted
commit 3c1259f10eb827de05198a8eaf79a4610d1d41e6
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 21:40:55 2009 +1100
s4-dsdb: added dsdb_check_single_valued_link()
This is used in conjunction with the RELAX control, to check for
violations of single value rules for linked attributes
commit 225bcfa4e6ad7efa7596e0324fd3faf1c195f820
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 20:59:04 2009 +1100
s4-drs: handle mixtures of old and new style links in getncchanges
We need to send non-upgraded links using the old format
commit 64802c5e2711eec1a0046098955354e5cd978636
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 20:55:46 2009 +1100
s4-dsdb: added dsdb_dn_is_upgraded_link_val()
This is used to detect if a link has been stored in the w2k3 extended
format
commit b34db0840de701b4d42918a8da952959a6955453
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 20:55:11 2009 +1100
s4-ldb: use the RELAX control to disable single value checking on replace
When using w2k3 linked attributes we are allowed to have multiple
values on a single valued attribute. This happens when the other
values are deleted.
Setting the RELAX control tell the ldb-tdb backend to not check for
this on replace, which means the caller has to check for single valued
violations.
commit 26ec526d02d78fb327fb855ce5ff037cb74af303
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 19:57:37 2009 +1100
s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
When any value of a w2k formatted linked attribute is modified,
upgrade the links.
commit fde3f6437369365af7bb72bcff1666bf0ce98948
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 12:25:09 2009 +1100
s4-drs: added linked attribute replication to getncchanges
commit beba977213daf5ff4004954e03481e970d1749cb
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 12:24:09 2009 +1100
s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
We need this for the linked attribute meta data
commit 809bcfca3d835458010013c0454b16d7f2a9fdf3
Author: Andrew Tridgell <tridge at samba.org>
Date: Sat Dec 19 12:23:22 2009 +1100
s4-dsdb: minor cleanup in DRS replicated objects code
commit 4dbcab45f263e3ccce1d10d20226d7c3c68cdc9a
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 18 20:57:21 2009 +1100
s4-dsdb: store full meta data from DRS for linked attributes
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 312ef9df3cdb6461e051dff4f3fe3d4ae1601392
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 18 20:56:04 2009 +1100
s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit b1db66a501e3b5e5df66e722ad849a821c667d5b
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 18 20:51:37 2009 +1100
s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit f1b6484232cbcd31056b8f905f3b111d0c9069b0
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Dec 18 12:47:31 2009 +1100
s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
We need a separate RMD_LOCAL_USN to allow us to tell what attributes
need to be sent in a getncchanges request. Thanks to Metze for
pointing this out.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e4a6f5c8b8de0429578cd09913f1d41d0a1fd82f
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 23:50:41 2009 +1100
s4-dsdb: handle links with no backlinks in replmd_delete
commit 5eefff915e0c49cbdbecd764b8e0a2cc15d10d93
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 23:02:08 2009 +1100
s4-dsdb: simplify the linked_attributes module
The linked_attributes module only has to deal with renames now, as
other linked attribute updates happen in repl_meta_data. This allows
it to be much simpler.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e9699e9cb9c2a5dc43a85c3d1565e12e0e299038
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 23:00:16 2009 +1100
s4-dsdb: do the rename after the modify in replmd_delete
This makes updating the links a bit easier
commit 2b5cd3dba29043281a6ca04398623a7f1972d71b
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 10:50:34 2009 +1100
s4-dsdb: some backlinks can be processed immediately
backlinks in add and delete operations can be processed immediately,
rather than at the end of a transaction. This can save on backlink
list processing time.
commit 3fe9244796cea72abe8d7ec4ce54acf45ee2da48
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 10:42:44 2009 +1100
s4-dsdb: remove linked_attributes_add
This is now handled in the repl_meta_data module
commit 9e96ae8ddc49e146323e9a44d38f725f4a5fb663
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 17 10:42:15 2009 +1100
s4-dsdb: add linked attributes meta_data handling to replmd_add
This also handles the backlink creation that was previously in the
linked_attributes module
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 348bcfc8ff81a95ff2f1785ba4efdaf2e8a193a4
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 17:24:21 2009 +1100
s4-dsdb: added replmd_delete, based on Eduardos work
This implements repmld_delete(), which handles the meta_data updates
for an object when deleting. A delete gets mapped to a combination
of a rename followed by a modify request, which has the effect of
moving the object into the Deleted Objects container.
This is based on the code from Eduardo Lima
<eduardoll at gmail.com>. Eduardo's code was modified to take account of
the linked attributes changes that Andrew and I have been working on.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 5964acfa741d691c0196f91c0796122ec025f177
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 17:15:23 2009 +1100
s4-dsdb: the linked_attributes module no longer handles deletes
delete handling is now moved into repl_meta_data
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit bd5678f4bebad82f1b949931049bbd8496616777
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 17:14:26 2009 +1100
s4-dsdb: repl_meta_data now replaces objectguid in all cases
We don't want to be debugging two different code paths through the ldb
module stack, so better to always do the work of repl_meta_data, even
for a standalone server
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 3199e02884af3b14348a88e8d8d7bc852212536f
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 12:01:51 2009 +1100
s4-dsdb: add a comment on the use of ldb_rename()
We need to use ldb_rename() and not dsdb_module_rename() here as we
need the rename to be processed by the current module
commit c071af337ae0ff11104ca07ea81a7ffa7a8405bc
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 11:34:58 2009 +1100
s4-dsdb: linked_attributes_modify no longer handles modifies
This functionality has moved into repl_meta_data
commit 3b056061ff7f11e70532b859320638f9c8f5f2c7
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Dec 16 11:34:33 2009 +1100
s4-dsdb: added support for backlinks in repl_meta_data
backlinks need more careful handling now that we store the additional
meta data for deleted links. It is easier to handle this in
repl_meta_data than in linked_attributes.
Eventually linked_attributes will disappear, with the functionality
moved into repl_meta_data.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit dee6b6fb3db03d371356b6d54d63bfde8ef153ae
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Dec 14 21:54:41 2009 +1100
s4-dsdb: implemeneted replmd_modify_la_replace()
We now have the core code for handling storage of linked attribute
meta-data with local modifies
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit d5020e3d917713549cee82d66fbcc78b88cebd6a
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:49:02 2009 +1100
s4-dsdb: add a TODO item for linked attributes in extended_dn_out
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 41c3c979ffc6b8eee795ec0616115b31f5dfd636
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 23:48:30 2009 +1100
s4-dsdb: add support for storing linked attribute meta data in extended DNs
When in functional levels above w2k, we need to store much richer meta
data about linkked attributes. We also need to keep deleted linked
attributes around to allow the deletion to be propogated to other DCs.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/dsdb_dn.c | 69 +
source4/dsdb/common/dsdb_dn.h | 5 +
source4/dsdb/common/util.c | 167 ++-
source4/dsdb/config.mk | 1 +
source4/dsdb/kcc/kcc_deleted.c | 156 ++
source4/dsdb/kcc/kcc_periodic.c | 5 +
source4/dsdb/kcc/kcc_service.h | 2 +
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 5 +
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 1270 ++-------------
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 1799 ++++++++++++++++++--
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 18 +-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 6 +-
source4/dsdb/samdb/ldb_modules/util.c | 81 +-
source4/dsdb/samdb/ldb_modules/util.h | 3 +
source4/dsdb/schema/schema_syntax.c | 38 +-
source4/lib/ldb-samba/ldif_handlers.c | 55 +-
source4/lib/ldb/common/attrib_handlers.c | 61 +-
source4/lib/ldb/common/ldb_modules.c | 10 +-
source4/lib/ldb/common/ldb_msg.c | 27 +
source4/lib/ldb/include/ldb.h | 6 +
source4/lib/ldb/include/ldb_module.h | 1 +
source4/lib/ldb/ldb_tdb/ldb_cache.c | 2 +-
source4/lib/ldb/ldb_tdb/ldb_tdb.c | 17 +-
source4/lib/ldb/ldb_tdb/ldb_tdb.h | 2 +-
source4/lib/ldb/tests/python/ldap.py | 9 +-
source4/lib/ldb/tools/ldbadd.c | 5 +-
source4/lib/ldb/tools/ldbdel.c | 7 +-
source4/lib/ldb/tools/ldbmodify.c | 3 +-
source4/rpc_server/drsuapi/addentry.c | 3 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 5 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 1 -
source4/rpc_server/drsuapi/drsutil.c | 22 +-
source4/rpc_server/drsuapi/getncchanges.c | 421 +++++-
33 files changed, 2776 insertions(+), 1506 deletions(-)
create mode 100644 source4/dsdb/kcc/kcc_deleted.c
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/dsdb_dn.c b/source4/dsdb/common/dsdb_dn.c
index 660eaf7..9023b03 100644
--- a/source4/dsdb/common/dsdb_dn.c
+++ b/source4/dsdb/common/dsdb_dn.c
@@ -325,3 +325,72 @@ int dsdb_dn_string_comparison(struct ldb_context *ldb, void *mem_ctx,
{
return ldb_any_comparison(ldb, mem_ctx, dsdb_dn_string_canonicalise, v1, v2);
}
+
+
+/*
+ convert a dsdb_dn to a linked attribute data blob
+*/
+WERROR dsdb_dn_la_to_blob(struct ldb_context *sam_ctx,
+ const struct dsdb_attribute *schema_attrib,
+ const struct dsdb_schema *schema,
+ TALLOC_CTX *mem_ctx,
+ struct dsdb_dn *dsdb_dn, DATA_BLOB **blob)
+{
+ struct ldb_val v;
+ WERROR werr;
+ struct ldb_message_element val_el;
+ struct drsuapi_DsReplicaAttribute drs;
+
+ /* we need a message_element with just one value in it */
+ v = data_blob_string_const(dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1));
+
+ val_el.name = schema_attrib->lDAPDisplayName;
+ val_el.values = &v;
+ val_el.num_values = 1;
+
+ werr = schema_attrib->syntax->ldb_to_drsuapi(sam_ctx, schema, schema_attrib, &val_el, mem_ctx, &drs);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ if (drs.value_ctr.num_values != 1) {
+ DEBUG(1,(__location__ ": Failed to build DRS blob for linked attribute %s\n",
+ schema_attrib->lDAPDisplayName));
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ *blob = drs.value_ctr.values[0].blob;
+ return WERR_OK;
+}
+
+/*
+ convert a data blob to a dsdb_dn
+ */
+WERROR dsdb_dn_la_from_blob(struct ldb_context *sam_ctx,
+ const struct dsdb_attribute *schema_attrib,
+ const struct dsdb_schema *schema,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
+ struct dsdb_dn **dsdb_dn)
+{
+ WERROR werr;
+ struct ldb_message_element new_el;
+ struct drsuapi_DsReplicaAttribute drs;
+ struct drsuapi_DsAttributeValue val;
+
+ drs.value_ctr.num_values = 1;
+ drs.value_ctr.values = &val;
+ val.blob = blob;
+
+ werr = schema_attrib->syntax->drsuapi_to_ldb(sam_ctx, schema, schema_attrib, &drs, mem_ctx, &new_el);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ if (new_el.num_values != 1) {
+ return WERR_INTERNAL_ERROR;
+ }
+
+ *dsdb_dn = dsdb_dn_parse(mem_ctx, sam_ctx, &new_el.values[0], schema_attrib->syntax->ldap_oid);
+ if (!*dsdb_dn) {
+ return WERR_INTERNAL_ERROR;
+ }
+
+ return WERR_OK;
+}
diff --git a/source4/dsdb/common/dsdb_dn.h b/source4/dsdb/common/dsdb_dn.h
index 53e1053..b713bdd 100644
--- a/source4/dsdb/common/dsdb_dn.h
+++ b/source4/dsdb/common/dsdb_dn.h
@@ -15,3 +15,8 @@ struct dsdb_dn {
#define DSDB_SYNTAX_BINARY_DN "1.2.840.113556.1.4.903"
#define DSDB_SYNTAX_STRING_DN "1.2.840.113556.1.4.904"
#define DSDB_SYNTAX_OR_NAME "1.2.840.113556.1.4.1221"
+
+
+/* RMD_FLAGS component in a DN */
+#define DSDB_RMD_FLAG_DELETED 1
+#define DSDB_RMD_FLAG_INVISIBLE 2
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 561edff..b8ba26a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2061,7 +2061,7 @@ NTSTATUS samdb_create_foreign_security_principal(struct ldb_context *sam_ctx, TA
{
struct ldb_message *msg;
struct ldb_dn *basedn;
- const char *sidstr;
+ char *sidstr;
int ret;
sidstr = dom_sid_string(mem_ctx, sid);
@@ -2070,45 +2070,47 @@ NTSTATUS samdb_create_foreign_security_principal(struct ldb_context *sam_ctx, TA
/* We might have to create a ForeignSecurityPrincipal, even if this user
* is in our own domain */
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(sidstr);
if (msg == NULL) {
+ talloc_free(sidstr);
return NT_STATUS_NO_MEMORY;
}
- /* TODO: Hmmm. This feels wrong. How do I find the base dn to
- * put the ForeignSecurityPrincipals? d_state->domain_dn does
- * not work, this is wrong for the Builtin domain, there's no
- * cn=For...,cn=Builtin,dc={BASEDN}. -- vl
- */
-
- basedn = samdb_search_dn(sam_ctx, mem_ctx, NULL,
- "(&(objectClass=container)(cn=ForeignSecurityPrincipals))");
-
- if (basedn == NULL) {
+ ret = dsdb_wellknown_dn(sam_ctx, sidstr, samdb_base_dn(sam_ctx),
+ DS_GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER,
+ &basedn);
+ if (ret != LDB_SUCCESS) {
DEBUG(0, ("Failed to find DN for "
- "ForeignSecurityPrincipal container\n"));
+ "ForeignSecurityPrincipal container - %s\n", ldb_errstring(sam_ctx)));
+ talloc_free(sidstr);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* add core elements to the ldb_message for the alias */
- msg->dn = ldb_dn_copy(mem_ctx, basedn);
- if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s", sidstr))
+ msg->dn = basedn;
+ if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s", sidstr)) {
+ talloc_free(sidstr);
return NT_STATUS_NO_MEMORY;
+ }
- samdb_msg_add_string(sam_ctx, mem_ctx, msg,
+ samdb_msg_add_string(sam_ctx, msg, msg,
"objectClass",
"foreignSecurityPrincipal");
/* create the alias */
ret = ldb_add(sam_ctx, msg);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to create foreignSecurityPrincipal "
"record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(sam_ctx)));
+ talloc_free(sidstr);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- *ret_dn = msg->dn;
+
+ *ret_dn = talloc_steal(mem_ctx, msg->dn);
+ talloc_free(sidstr);
+
return NT_STATUS_OK;
}
@@ -2147,14 +2149,16 @@ struct ldb_dn *samdb_dns_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_c
if (!ldb_dn_validate(dn)) {
DEBUG(2, ("Failed to validated DN %s\n",
ldb_dn_get_linearized(dn)));
+ talloc_free(tmp_ctx);
return NULL;
}
+ talloc_free(tmp_ctx);
return dn;
}
+
/*
Find the DN of a domain, be it the netbios or DNS name
*/
-
struct ldb_dn *samdb_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
const char *domain_name)
{
@@ -2226,13 +2230,14 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
return LDB_ERR_OPERATIONS_ERROR;
}
- res = talloc_zero(mem_ctx, struct ldb_result);
+ res = talloc_zero(expression, struct ldb_result);
if (!res) {
DEBUG(0, (__location__ ": out of memory\n"));
+ talloc_free(expression);
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ldb_build_search_req(&search_req, ldb, mem_ctx,
+ ret = ldb_build_search_req(&search_req, ldb, expression,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
expression, attrs,
@@ -2240,6 +2245,7 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
res, ldb_search_default_callback,
NULL);
if (ret != LDB_SUCCESS) {
+ talloc_free(expression);
return ret;
}
@@ -2248,12 +2254,14 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
options = talloc(search_req, struct ldb_search_options_control);
if (options == NULL) {
DEBUG(0, (__location__ ": out of memory\n"));
+ talloc_free(expression);
return LDB_ERR_OPERATIONS_ERROR;
}
options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
ret = ldb_request_add_control(search_req, LDB_CONTROL_EXTENDED_DN_OID, true, NULL);
if (ret != LDB_SUCCESS) {
+ talloc_free(expression);
return ret;
}
@@ -2261,16 +2269,19 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
LDB_CONTROL_SEARCH_OPTIONS_OID,
true, options);
if (ret != LDB_SUCCESS) {
+ talloc_free(expression);
return ret;
}
ret = ldb_request(ldb, search_req);
if (ret != LDB_SUCCESS) {
+ talloc_free(expression);
return ret;
}
ret = ldb_wait(search_req->handle, LDB_WAIT_ALL);
if (ret != LDB_SUCCESS) {
+ talloc_free(expression);
return ret;
}
@@ -2278,10 +2289,12 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
partitions module that can return two here with the
search_options control set */
if (res->count < 1) {
+ talloc_free(expression);
return LDB_ERR_NO_SUCH_OBJECT;
}
- *dn = res->msgs[0]->dn;
+ *dn = talloc_steal(mem_ctx, res->msgs[0]->dn);
+ talloc_free(expression);
return LDB_SUCCESS;
}
@@ -2304,6 +2317,7 @@ int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
res = talloc_zero(tmp_ctx, struct ldb_result);
if (!res) {
+ talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -2323,6 +2337,7 @@ int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
return ret;
}
@@ -2331,8 +2346,8 @@ int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
ret = ldb_wait(req->handle, LDB_WAIT_ALL);
}
- talloc_free(req);
*_res = talloc_steal(mem_ctx, res);
+ talloc_free(tmp_ctx);
return ret;
}
@@ -2795,13 +2810,32 @@ int dsdb_functional_level(struct ldb_context *ldb)
}
/*
+ set a GUID in an extended DN structure
+ */
+int dsdb_set_extended_dn_guid(struct ldb_dn *dn, const struct GUID *guid, const char *component_name)
+{
+ struct ldb_val v;
+ NTSTATUS status;
+ int ret;
+
+ status = GUID_to_ndr_blob(guid, dn, &v);
+ if (!NT_STATUS_IS_OK(status)) {
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+
+ ret = ldb_dn_set_extended_component(dn, component_name, &v);
+ data_blob_free(&v);
+ return ret;
+}
+
+/*
return a GUID from a extended DN structure
*/
-NTSTATUS dsdb_get_extended_dn_guid(struct ldb_dn *dn, struct GUID *guid)
+NTSTATUS dsdb_get_extended_dn_guid(struct ldb_dn *dn, struct GUID *guid, const char *component_name)
{
const struct ldb_val *v;
- v = ldb_dn_get_extended_component(dn, "GUID");
+ v = ldb_dn_get_extended_component(dn, component_name);
if (v == NULL) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
@@ -2861,17 +2895,60 @@ NTSTATUS dsdb_get_extended_dn_uint32(struct ldb_dn *dn, uint32_t *val, const cha
}
/*
+ return RMD_FLAGS directly from a ldb_dn
+ returns 0 if not found
+ */
+uint32_t dsdb_dn_rmd_flags(struct ldb_dn *dn)
+{
+ const struct ldb_val *v;
+ char buf[32];
+ v = ldb_dn_get_extended_component(dn, "RMD_FLAGS");
+ if (!v || v->length > sizeof(buf)-1) return 0;
+ strncpy(buf, (const char *)v->data, v->length);
+ buf[v->length] = 0;
+ return strtoul(buf, NULL, 10);
+}
+
+/*
+ return RMD_FLAGS directly from a ldb_val for a DN
+ returns 0 if RMD_FLAGS is not found
+ */
+uint32_t dsdb_dn_val_rmd_flags(struct ldb_val *val)
+{
+ const char *p;
+ uint32_t flags;
+ char *end;
+
+ if (val->length < 13) {
+ return 0;
+ }
+ p = memmem(val->data, val->length-2, "<RMD_FLAGS=", 11);
+ if (!p) {
+ return 0;
+ }
+ flags = strtoul(p+11, &end, 10);
+ if (!end || *end != '>') {
+ /* it must end in a > */
+ return 0;
+ }
+ return flags;
+}
+
+/*
return true if a ldb_val containing a DN in storage form is deleted
*/
bool dsdb_dn_is_deleted_val(struct ldb_val *val)
{
- /* this relies on the sort order and exact format of
- linearized extended DNs */
- if (val->length >= 12 &&
- strncmp((const char *)val->data, "<DELETED=1>;", 12) == 0) {
- return true;
- }
- return false;
+ return (dsdb_dn_val_rmd_flags(val) & DSDB_RMD_FLAG_DELETED) != 0;
+}
+
+/*
+ return true if a ldb_val containing a DN in storage form is
+ in the upgraded w2k3 linked attribute format
+ */
+bool dsdb_dn_is_upgraded_link_val(struct ldb_val *val)
+{
+ return memmem(val->data, val->length, "<RMD_ADDTIME=", 13) != NULL;
}
/*
@@ -2996,3 +3073,29 @@ int dsdb_get_deleted_objects_dn(struct ldb_context *ldb,
talloc_free(nc_root);
return ret;
}
+
+/*
+ return the tombstoneLifetime, in days
+ */
+int dsdb_tombstone_lifetime(struct ldb_context *ldb, uint32_t *lifetime)
+{
+ struct ldb_dn *dn;
+ dn = samdb_config_dn(ldb);
+ if (!dn) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+ dn = ldb_dn_copy(ldb, dn);
+ if (!dn) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ /* see MS-ADTS section 7.1.1.2.4.1.1. There doesn't appear to
+ be a wellknown GUID for this */
+ if (!ldb_dn_add_child_fmt(dn, "CN=Directory Service,CN=Windows NT")) {
+ talloc_free(dn);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ *lifetime = samdb_search_uint(ldb, dn, 180, dn, "tombstoneLifetime", "objectClass=nTDSService");
+ talloc_free(dn);
+ return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index c5d1c24..35a0c84 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -83,6 +83,7 @@ PRIVATE_DEPENDENCIES = \
KCC_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/kcc/, \
kcc_service.o \
kcc_connection.o \
+ kcc_deleted.o \
kcc_periodic.o)
$(eval $(call proto_header_template,$(dsdbsrcdir)/kcc/kcc_service_proto.h,$(KCC_SRV_OBJ_FILES:.o=.c)))
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
new file mode 100644
index 0000000..d19ac0c
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -0,0 +1,156 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ handle removal of deleted objects
+
+ Copyright (C) 2009 Andrew Tridgell
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "smbd/service.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_connection.h"
+#include "dsdb/kcc/kcc_service.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+/*
+ onelevel search with SHOW_DELETED control
+ */
+static int search_onelevel_with_deleted(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_result **_res,
+ struct ldb_dn *basedn,
+ const char * const *attrs)
+{
+ struct ldb_request *req;
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_result *res;
+ int ret;
+
+ tmp_ctx = talloc_new(mem_ctx);
+
+ res = talloc_zero(tmp_ctx, struct ldb_result);
+ if (!res) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+ basedn,
+ LDB_SCOPE_ONELEVEL,
+ NULL,
+ attrs,
--
Samba Shared Repository
More information about the samba-cvs
mailing list