[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Sun Oct 3 10:04:02 MDT 2010


The branch, master has been updated
       via  fba8e32 s4:patchfile_dotreg.c - use "size_t" when counting characters in DATA_BLOBs
       via  dcb1a06 s4-kdc Remove special case kerberos restriction in the KDC
       via  a095a08 s4:deletetest.py - enhance the tests
       via  b2385e3 s4:ldap.py - remove the delete tests
       via  dda6c35 s4:dsdb python stuff - introduce also here the "show_recycled" control
       via  e3081b9 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control
       via  46282da s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag
       via  779b973 s4:subtree_rename LDB module - also already deleted objects have to be renamed
       via  69b7a87 s4:show_deleted LDB module - also support the "show_recycled" control
       via  e1509ec s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag
       via  2b4f652 s4:subtree_delete LDB module - it is only responsible for non-deleted objects
       via  4768280 s4:objectclass LDB module - fix the "crossRef" delete protection
       via  6c9b25e s4:objectclass LDB module - fix the delete behaviour of server containers
      from  4b16cc9 autobuild: override the editor when marking the commit

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fba8e326f819146d10ca3088083df0cf20b571c1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Oct 3 16:14:34 2010 +0200

    s4:patchfile_dotreg.c - use "size_t" when counting characters in DATA_BLOBs
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Sun Oct  3 16:03:41 UTC 2010 on sn-devel-104

commit dcb1a0698acbd89df0f658778ce95825436d3847
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Oct 3 20:22:38 2010 +1100

    s4-kdc Remove special case kerberos restriction in the KDC
    
    We should avoid using Kerberos or any other recursive auth mechanism
    in ldb backends, but denying Kerberos here won't be enough, so
    remove the special case.  (Typcially we bind using a different password
    space and DIGEST-MD5 or NTLM).
    
    Andrew Bartlett

commit a095a08e252588996c499f071aae2abae419a5c7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Sep 19 17:46:48 2010 +0200

    s4:deletetest.py - enhance the tests
    
    - Integrate the ldap.py delete protection testing code and enhance it
    - Demonstrate the DISALLOW_MOVE_ON_DELETE system flag
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit b2385e3725e9c41820b315c202a559f875b50743
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Sep 25 11:49:17 2010 +0200

    s4:ldap.py - remove the delete tests
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit dda6c354f6f2c1da95cf42cea90f76ce033de38e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Sep 19 22:36:12 2010 +0200

    s4:dsdb python stuff - introduce also here the "show_recycled" control
    
    But also here beside "show_deleted" to not loose compatibility with older
    provisions.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit e3081b92c16198332f5242a0395701ddfa7392e5
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Sep 19 22:20:08 2010 +0200

    s4:dsdb - substitute the "show_deleted" with the "show_recycled" control
    
    We intend to see always all objects with the "show_deleted" control specified.
    To see also recycled objects (beginning with 2008_R2 function level) we need to
    use the new "show_recycled" control.
    
    As far as I see this is only internal code and therefore we don't run into
    problems if we do substitute it.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 46282da011b411daac052e07a576987d155638b1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Sep 19 22:12:23 2010 +0200

    s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag
    
    This is needed since starting with 2008_R2 function level we get another type
    of hidden objects which aren't seen by the "show_deleted" control: recycled
    objects.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 779b97325a1a60e6c72a334d0134ea5178942f7d
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Sep 25 07:42:14 2010 +0200

    s4:subtree_rename LDB module - also already deleted objects have to be renamed
    
    This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
    and the parent is renamed.
    
    To be able to do this we also need to relax the constraint checks (using the
    "isDeleted" proof).
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 69b7a87e98d3ecc937595c1a3cbd3c10abb9c652
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sun Sep 19 18:23:20 2010 +0200

    s4:show_deleted LDB module - also support the "show_recycled" control
    
    MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit e1509ec623480e11760221667c2d8a724e0da05a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Fri Sep 17 12:08:28 2010 +0200

    s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 2b4f6528999243476e8fe25461b54a52f4911683
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Fri Sep 24 18:44:50 2010 +0200

    s4:subtree_delete LDB module - it is only responsible for non-deleted objects
    
    The deleted objects (tombstones, recycled & deleted objects) are handled by
    "repl_meta_data".
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 4768280614b517049ab724026b6867fbee77c6e3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Sep 25 12:02:53 2010 +0200

    s4:objectclass LDB module - fix the "crossRef" delete protection
    
    This is what Windows does
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 6c9b25ea5c1d61db2265ba1d8735ffc27a256f6b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Fri Sep 24 14:13:48 2010 +0200

    s4:objectclass LDB module - fix the delete behaviour of server containers
    
    A typo prevented the right behaviour.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/util.c                         |   16 +-
 source4/dsdb/common/util.h                         |    1 +
 source4/dsdb/kcc/kcc_deleted.c                     |    2 +-
 source4/dsdb/samdb/ldb_modules/acl.c               |    2 +-
 source4/dsdb/samdb/ldb_modules/acl_util.c          |    4 +-
 source4/dsdb/samdb/ldb_modules/extended_dn_store.c |    2 +-
 source4/dsdb/samdb/ldb_modules/linked_attributes.c |    4 +-
 source4/dsdb/samdb/ldb_modules/objectclass.c       |   21 ++-
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |    2 +-
 source4/dsdb/samdb/ldb_modules/operational.c       |    4 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |   51 +++--
 source4/dsdb/samdb/ldb_modules/show_deleted.c      |   73 +++++-
 source4/dsdb/samdb/ldb_modules/subtree_delete.c    |    3 +-
 source4/dsdb/samdb/ldb_modules/subtree_rename.c    |   15 +-
 source4/dsdb/samdb/ldb_modules/util.c              |    4 +-
 source4/dsdb/tests/python/deletetest.py            |  237 ++++++++++++++++++--
 source4/dsdb/tests/python/ldap.py                  |   92 --------
 source4/kdc/db-glue.c                              |   16 --
 source4/lib/registry/patchfile_dotreg.c            |    2 +-
 source4/rpc_server/drsuapi/drsutil.c               |    2 +-
 source4/scripting/bin/upgradeprovision             |    9 +-
 source4/scripting/python/samba/__init__.py         |    4 +-
 22 files changed, 376 insertions(+), 190 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 4e6fe03..523dd8e 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2516,7 +2516,8 @@ int dsdb_find_guid_attr_by_dn(struct ldb_context *ldb,
 	attrs[0] = attribute;
 	attrs[1] = NULL;
 
-	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return ret;
@@ -2590,7 +2591,8 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb,
 
 	ZERO_STRUCTP(sid);
 
-	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return ret;
@@ -3272,7 +3274,8 @@ int dsdb_wellknown_dn(struct ldb_context *samdb, TALLOC_CTX *mem_ctx,
 		return ldb_operr(samdb);
 	}
 
-	ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+	ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return ret;
@@ -3570,6 +3573,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
 		}
 	}
 
+	if (dsdb_flags & DSDB_SEARCH_SHOW_RECYCLED) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_RECYCLED_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
 	if (dsdb_flags & DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT) {
 		ret = ldb_request_add_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID, true, NULL);
 		if (ret != LDB_SUCCESS) {
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index edada70..7ae46ae 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -33,3 +33,4 @@
 #define DSDB_FLAG_AS_SYSTEM		      0x0080
 #define DSDB_TREE_DELETE		      0x0100
 #define DSDB_SEARCH_ONE_ONLY		      0x0200 /* give an error unless 1 record */
+#define DSDB_SEARCH_SHOW_RECYCLED	      0x0400
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 118952a..1726fa4 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -71,7 +71,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
 			continue;
 		}
 		ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs,
-				  DSDB_SEARCH_SHOW_DELETED, NULL);
+				  DSDB_SEARCH_SHOW_RECYCLED, NULL);
 
 		if (ret != LDB_SUCCESS) {
 			DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n",
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2781b4c..149c6b1 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -887,7 +887,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 	ret = dsdb_module_search_dn(module, req, &acl_res, req->op.rename.olddn,
 				    acl_attrs,
 				    DSDB_FLAG_NEXT_MODULE |
-				    DSDB_SEARCH_SHOW_DELETED);
+				    DSDB_SEARCH_SHOW_RECYCLED);
 	/* we sould be able to find the parent */
 	if (ret != LDB_SUCCESS) {
 		DEBUG(10,("acl: failed to find object %s\n",
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 6873e56..6c41602 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -73,7 +73,7 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
 	ret = dsdb_module_search_dn(module, mem_ctx, &acl_res, dn,
 				    acl_attrs,
 				    DSDB_FLAG_NEXT_MODULE |
-				    DSDB_SEARCH_SHOW_DELETED);
+				    DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
 		return ret;
@@ -108,7 +108,7 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module,
 	ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
 				 acl_attrs,
 				 DSDB_FLAG_NEXT_MODULE |
-				 DSDB_SEARCH_SHOW_DELETED,
+				 DSDB_SEARCH_SHOW_RECYCLED,
 				 "objectGUID=%s", GUID_string(mem_ctx, guid));
 
 	if (ret != LDB_SUCCESS || acl_res->count == 0) {
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
index 15af268..fafe511 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
@@ -276,7 +276,7 @@ static int extended_store_replace(struct extended_dn_context *ac,
 	}
 
 	ret = dsdb_request_add_controls(os->search_req,
-					DSDB_SEARCH_SHOW_DELETED|DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+					DSDB_SEARCH_SHOW_RECYCLED|DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(os);
 		return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index b09d0cb..25596f0 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -622,7 +622,7 @@ static int linked_attributes_fix_links(struct ldb_module *module,
 		ret = dsdb_module_search_dn(module, tmp_ctx, &res, dsdb_dn->dn,
 					    attrs,
 					    DSDB_FLAG_NEXT_MODULE |
-					    DSDB_SEARCH_SHOW_DELETED |
+					    DSDB_SEARCH_SHOW_RECYCLED |
 					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
 					    DSDB_SEARCH_REVEAL_INTERNALS);
 		if (ret != LDB_SUCCESS) {
@@ -716,7 +716,7 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques
 	ret = dsdb_module_search_dn(module, req, &res, req->op.rename.olddn,
 				    NULL,
 				    DSDB_FLAG_NEXT_MODULE |
-				    DSDB_SEARCH_SHOW_DELETED);
+				    DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 7541e1d..82c4144 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -709,8 +709,8 @@ static int objectclass_do_add(struct oc_context *ac)
 		if (ldb_attr_cmp(objectclass->lDAPDisplayName, "server") == 0) {
 			systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
 		} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "site") == 0
-				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "serverContainer") == 0
-				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "ntDSDSA") == 0) {
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "serversContainer") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSDSA") == 0) {
 			systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
 
 		} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLink") == 0
@@ -1154,10 +1154,11 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
 		return ret;
 	}
 
-	/* we have to add the show deleted control, as otherwise DRS
+	/* we have to add the show recycled control, as otherwise DRS
 	   deletes will be refused as we will think the target parent
 	   does not exist */
-	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, false, NULL);
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+				      false, NULL);
 
 	if (ret != LDB_SUCCESS) {
 		return ret;
@@ -1423,11 +1424,17 @@ static int objectclass_do_delete(struct oc_context *ac)
 		dn = ldb_msg_find_attr_as_dn(ldb, ac, ac->search_res->message,
 					     "nCName");
 		if ((ldb_dn_compare(dn, ldb_get_default_basedn(ldb)) == 0) ||
-		    (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0) ||
-		    (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0)) {
+		    (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0)) {
 			talloc_free(dn);
 
-			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the three main partitions!",
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the main or configuration partition!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
+		}
+		if (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0) {
+			talloc_free(dn);
+
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the schema partition!",
 					       ldb_dn_get_linearized(ac->req->op.del.dn));
 			return LDB_ERR_UNWILLING_TO_PERFORM;
 		}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 2f43cc2..2024a33 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -349,7 +349,7 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares)
 		return ldb_module_done(ac->req, NULL, NULL, ret);
 	}
 
-	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID,
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
 				      true, NULL);
 	if (ret != LDB_SUCCESS) {
 		return ldb_module_done(ac->req, NULL, NULL, ret);
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 72feacf..687597d 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -209,7 +209,7 @@ static int construct_parent_guid(struct ldb_module *module,
 	/* determine if the object is NC by instance type */
 	ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
 	                            DSDB_FLAG_NEXT_MODULE |
-	                            DSDB_SEARCH_SHOW_DELETED);
+	                            DSDB_SEARCH_SHOW_RECYCLED);
 
 	instanceType = ldb_msg_find_attr_as_uint(res->msgs[0],
 						 "instanceType", 0);
@@ -228,7 +228,7 @@ static int construct_parent_guid(struct ldb_module *module,
 	}
 	ret = dsdb_module_search_dn(module, msg, &parent_res, parent_dn, attrs2,
 	                            DSDB_FLAG_NEXT_MODULE |
-	                            DSDB_SEARCH_SHOW_DELETED);
+	                            DSDB_SEARCH_SHOW_RECYCLED);
 	talloc_free(parent_dn);
 
 	/* not NC, so the object should have a parent*/
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b459405..fdb1941 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1177,7 +1177,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
 
 		ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs2,
 					    DSDB_FLAG_NEXT_MODULE |
-					    DSDB_SEARCH_SHOW_DELETED |
+					    DSDB_SEARCH_SHOW_RECYCLED |
 					    DSDB_SEARCH_SHOW_EXTENDED_DN |
 					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
 					    DSDB_SEARCH_REVEAL_INTERNALS);
@@ -1210,7 +1210,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
 		 */
 		ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
 					    DSDB_FLAG_NEXT_MODULE |
-					    DSDB_SEARCH_SHOW_DELETED |
+					    DSDB_SEARCH_SHOW_RECYCLED |
 					    DSDB_SEARCH_SHOW_EXTENDED_DN |
 					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
 					    DSDB_SEARCH_REVEAL_INTERNALS);
@@ -2053,7 +2053,7 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
 
 	ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
 	                            DSDB_FLAG_NEXT_MODULE |
-	                            DSDB_SEARCH_SHOW_DELETED |
+	                            DSDB_SEARCH_SHOW_RECYCLED |
 				    DSDB_SEARCH_REVEAL_INTERNALS |
 				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
 	if (ret != LDB_SUCCESS) {
@@ -2442,7 +2442,7 @@ static int replmd_delete_remove_link(struct ldb_module *module,
 static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 {
 	int ret = LDB_ERR_OTHER;
-	bool retb;
+	bool retb, disallow_move_on_delete;
 	struct ldb_dn *old_dn, *new_dn;
 	const char *rdn_name;
 	const struct ldb_val *rdn_value, *new_rdn_value;
@@ -2491,7 +2491,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 	   attributes need to be removed */
 	ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, NULL,
 	                            DSDB_FLAG_NEXT_MODULE |
-	                            DSDB_SEARCH_SHOW_DELETED |
+	                            DSDB_SEARCH_SHOW_RECYCLED |
 				    DSDB_SEARCH_REVEAL_INTERNALS |
 				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
 	if (ret != LDB_SUCCESS) {
@@ -2554,16 +2554,31 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 	msg->dn = old_dn;
 
 	if (deletion_state == OBJECT_NOT_DELETED){
+		/* consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag */
+		disallow_move_on_delete =
+			(ldb_msg_find_attr_as_int(old_msg, "systemFlags", 0)
+				& SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+
 		/* work out where we will be renaming this object to */
-		ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn, &new_dn);
-		if (ret != LDB_SUCCESS) {
-			/* this is probably an attempted delete on a partition
-			 * that doesn't allow delete operations, such as the
-			 * schema partition */
-			ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
-						   ldb_dn_get_linearized(old_dn));
-			talloc_free(tmp_ctx);
-			return LDB_ERR_UNWILLING_TO_PERFORM;
+		if (!disallow_move_on_delete) {
+			ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn,
+							  &new_dn);
+			if (ret != LDB_SUCCESS) {
+				/* this is probably an attempted delete on a partition
+				 * that doesn't allow delete operations, such as the
+				 * schema partition */
+				ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
+							   ldb_dn_get_linearized(old_dn));
+				talloc_free(tmp_ctx);
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		} else {
+			new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
+			if (new_dn == NULL) {
+				ldb_module_oom(module);
+				talloc_free(tmp_ctx);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
 		}
 
 		/* get the objects GUID from the search we just did */
@@ -2614,7 +2629,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 				    DSDB_FLAG_NEXT_MODULE |
 				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
 				    DSDB_SEARCH_REVEAL_INTERNALS|
-				    DSDB_SEARCH_SHOW_DELETED);
+				    DSDB_SEARCH_SHOW_RECYCLED);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return ret;
@@ -3263,7 +3278,9 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
 				   replmd_replicated_apply_search_callback,
 				   ar->req);
 	LDB_REQ_SET_LOCATION(search_req);
-	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
+
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+				      true, NULL);
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
@@ -3863,7 +3880,7 @@ linked_attributes[0]:
 	ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
 	                         DSDB_FLAG_NEXT_MODULE |
 				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
-				 DSDB_SEARCH_SHOW_DELETED |
+				 DSDB_SEARCH_SHOW_RECYCLED |
 				 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
 				 DSDB_SEARCH_REVEAL_INTERNALS,
 				 "objectGUID=%s", GUID_string(tmp_ctx, &la->identifier->guid));
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
index 34807cf..5c5d726 100644
--- a/source4/dsdb/samdb/ldb_modules/show_deleted.c
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -4,6 +4,7 @@
    Copyright (C) Simo Sorce  2005
    Copyright (C) Stefan Metzmacher <metze at samba.org> 2007
    Copyright (C) Andrew Bartlett <abartlet at samba.org> 2009
+   Copyright (C) Matthias Dieter Wallnöfer 2010
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -24,7 +25,8 @@
  *
  *  Component: ldb deleted objects control module
  *
- *  Description: this module hides deleted objects, and returns them if the right control is there
+ *  Description: this module hides deleted and recylced objects, and returns
+ *  them if the right control is there
  *
  *  Author: Stefan Metzmacher
  */
@@ -37,7 +39,7 @@
 static int show_deleted_search(struct ldb_module *module, struct ldb_request *req)
 {
 	struct ldb_context *ldb;
-	struct ldb_control *control;
+	struct ldb_control *show_del, *show_rec;
 	struct ldb_request *down_req;
 	struct ldb_parse_tree *new_tree = req->op.search.tree;
 	int ret;
@@ -45,12 +47,18 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
 	ldb = ldb_module_get_ctx(module);
 
 	/* check if there's a show deleted control */
-	control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+	show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+	/* check if there's a show recycled control */
+	show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
 
-	if (! control) {
-		/* FIXME: we could use a constant tree here once we
-		   are sure that no ldb modules modify trees
-		   in-situ */
+	if ((show_del == NULL) && (show_rec == NULL)) {
+		/* Here we have to suppress all deleted objects:
+		 * MS-ADTS 3.1.1.3.4.1
+		 *
+		 * Filter: (&(!(isDeleted=TRUE))(...))
+		 */
+		/* FIXME: we could use a constant tree here once we are sure
+		 * that no ldb modules modify trees in-site */
 		new_tree = talloc(req, struct ldb_parse_tree);
 		if (!new_tree) {
 			return ldb_oom(ldb);
@@ -61,6 +69,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
 		if (!new_tree->u.list.elements) {
 			return ldb_oom(ldb);
 		}
+
 		new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree);
 		new_tree->u.list.elements[0]->operation = LDB_OP_NOT;
 		new_tree->u.list.elements[0]->u.isnot.child =
@@ -71,9 +80,41 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
 		new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
 		new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isDeleted";
 		new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
+
+		new_tree->u.list.elements[1] = req->op.search.tree;
+	} else if ((show_del != NULL) && (show_rec == NULL)) {
+		/* Here we need to suppress all recycled objects:
+		 * MS-ADTS 3.1.1.3.4.1
+		 *
+		 * Filter: (&(!(isRecycled=TRUE))(...))
+		 */
+		/* FIXME: we could use a constant tree here once we are sure
+		 * that no ldb modules modify trees in-site */
+		new_tree = talloc(req, struct ldb_parse_tree);
+		if (!new_tree) {
+			return ldb_oom(ldb);
+		}
+		new_tree->operation = LDB_OP_AND;
+		new_tree->u.list.num_elements = 2;
+		new_tree->u.list.elements = talloc_array(new_tree, struct ldb_parse_tree *, 2);
+		if (!new_tree->u.list.elements) {
+			return ldb_oom(ldb);
+		}
+
+		new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+		new_tree->u.list.elements[0]->operation = LDB_OP_NOT;
+		new_tree->u.list.elements[0]->u.isnot.child =
+			talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+		if (!new_tree->u.list.elements[0]->u.isnot.child) {
+			return ldb_oom(ldb);
+		}
+		new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
+		new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isRecycled";
+		new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
+
 		new_tree->u.list.elements[1] = req->op.search.tree;
 	}
-	
+
 	ret = ldb_build_search_req_ex(&down_req, ldb, req,
 				      req->op.search.base,
 				      req->op.search.scope,
@@ -87,9 +128,12 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
 		return ret;
 	}
 
-	/* mark the control as done */
-	if (control) {
-		control->critical = 0;
+	/* mark the controls as done */
+	if (show_del != NULL) {
+		show_del->critical = 0;
+	}
+	if (show_rec != NULL) {
+		show_rec->critical = 0;
 	}
 
 	/* perform the search */
@@ -110,6 +154,13 @@ static int show_deleted_init(struct ldb_module *module)
 		return ldb_operr(ldb);
 	}
 
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_RECYCLED_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"show_deleted: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
 	return ldb_next_init(module);
 }
 
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
index 9177744..34914d2 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
@@ -53,8 +53,7 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
 	/* see if we have any children */
 	ret = dsdb_module_search(module, req, &res, req->op.del.dn,
 				 LDB_SCOPE_ONELEVEL, attrs,
-				 DSDB_FLAG_NEXT_MODULE |
-				 DSDB_SEARCH_SHOW_DELETED,
+				 DSDB_FLAG_NEXT_MODULE,
 				 "(objectClass=*)");
 	if (ret != LDB_SUCCESS) {
 		talloc_free(res);
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index 97330f8..f6b3625 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -152,7 +152,9 @@ static int check_constraints(struct ldb_message *msg,
 	bool move_op = false;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list