[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Fri Jan 1 23:33:08 MST 2010 

The branch, master has been updated
       via  5047548... s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
       via  e809b72... s4-drs: don't give an error on repsTo delete if add is also specified
       via  0bc902a... s4-sddl: DRS replication needs REVISION_ADS for SDs
      from  a214ebc... ldb: Fix the standalone ldb build.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 504754856eed363dde28cdff821c086754deb7f8
Author: Andrew Tridgell <tridge at samba.org>
Date:   Sat Jan 2 16:53:20 2010 +1100

    s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
    
    w2k8-r2 gives a "schema mismatch" error if the revision is not set to
    REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.
    
    Nadya, please check this!
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit e809b721e9d1a750c3c1bf48882532714af69e5f
Author: Andrew Tridgell <tridge at samba.org>
Date:   Sat Jan 2 16:51:30 2010 +1100

    s4-drs: don't give an error on repsTo delete if add is also specified
    
    w2k8-r2 in dcpromo asks for a delete+add during its initial join.

commit 0bc902ac841ec883fb5a22b1db185d86ae12b114
Author: Andrew Tridgell <tridge at samba.org>
Date:   Sat Jan 2 12:30:48 2010 +1100

    s4-sddl: DRS replication needs REVISION_ADS for SDs
    
    DRS replication with w2k8-r2 fails with a schema mismatch error if we
    set the revision to NT4

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/descriptor.c |    8 ++++++++
 source4/libcli/security/sddl.c              |    2 +-
 source4/rpc_server/drsuapi/updaterefs.c     |    4 +++-
 3 files changed, 12 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index d5a5e36..f07743c 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -285,6 +285,14 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
 	if (!final_sd) {
 		return NULL;
 	}
+
+	if (final_sd->dacl) {
+		final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+	if (final_sd->sacl) {
+		final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+
 	sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid);
 	DEBUG(10, ("Object %s created with desriptor %s\n\n", ldb_dn_get_linearized(dn), sddl_sd));
 
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 2244a3d..c4f8c56 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -304,7 +304,7 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
 
 	acl = talloc_zero(sd, struct security_acl);
 	if (acl == NULL) return NULL;
-	acl->revision = SECURITY_ACL_REVISION_NT4;
+	acl->revision = SECURITY_ACL_REVISION_ADS;
 
 	if (isupper(sddl[0]) && sddl[1] == ':') {
 		/* its an empty ACL */
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index 6e2efed..b1e3d6c 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -105,7 +105,9 @@ static WERROR uref_del_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 		return werr;
 	}
 
-	if (!found && !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK)) {
+	if (!found &&
+	    !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK) &&
+	    !(options & DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE)) {
 		return WERR_DS_DRA_REF_NOT_FOUND;
 	}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list