[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Oct 3 10:04:02 MDT 2010
The branch, master has been updated
via fba8e32 s4:patchfile_dotreg.c - use "size_t" when counting characters in DATA_BLOBs
via dcb1a06 s4-kdc Remove special case kerberos restriction in the KDC
via a095a08 s4:deletetest.py - enhance the tests
via b2385e3 s4:ldap.py - remove the delete tests
via dda6c35 s4:dsdb python stuff - introduce also here the "show_recycled" control
via e3081b9 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control
via 46282da s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag
via 779b973 s4:subtree_rename LDB module - also already deleted objects have to be renamed
via 69b7a87 s4:show_deleted LDB module - also support the "show_recycled" control
via e1509ec s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag
via 2b4f652 s4:subtree_delete LDB module - it is only responsible for non-deleted objects
via 4768280 s4:objectclass LDB module - fix the "crossRef" delete protection
via 6c9b25e s4:objectclass LDB module - fix the delete behaviour of server containers
from 4b16cc9 autobuild: override the editor when marking the commit
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fba8e326f819146d10ca3088083df0cf20b571c1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Oct 3 16:14:34 2010 +0200
s4:patchfile_dotreg.c - use "size_t" when counting characters in DATA_BLOBs
Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date: Sun Oct 3 16:03:41 UTC 2010 on sn-devel-104
commit dcb1a0698acbd89df0f658778ce95825436d3847
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Oct 3 20:22:38 2010 +1100
s4-kdc Remove special case kerberos restriction in the KDC
We should avoid using Kerberos or any other recursive auth mechanism
in ldb backends, but denying Kerberos here won't be enough, so
remove the special case. (Typcially we bind using a different password
space and DIGEST-MD5 or NTLM).
Andrew Bartlett
commit a095a08e252588996c499f071aae2abae419a5c7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Sep 19 17:46:48 2010 +0200
s4:deletetest.py - enhance the tests
- Integrate the ldap.py delete protection testing code and enhance it
- Demonstrate the DISALLOW_MOVE_ON_DELETE system flag
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit b2385e3725e9c41820b315c202a559f875b50743
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Sep 25 11:49:17 2010 +0200
s4:ldap.py - remove the delete tests
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit dda6c354f6f2c1da95cf42cea90f76ce033de38e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Sep 19 22:36:12 2010 +0200
s4:dsdb python stuff - introduce also here the "show_recycled" control
But also here beside "show_deleted" to not loose compatibility with older
provisions.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit e3081b92c16198332f5242a0395701ddfa7392e5
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Sep 19 22:20:08 2010 +0200
s4:dsdb - substitute the "show_deleted" with the "show_recycled" control
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 46282da011b411daac052e07a576987d155638b1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Sep 19 22:12:23 2010 +0200
s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag
This is needed since starting with 2008_R2 function level we get another type
of hidden objects which aren't seen by the "show_deleted" control: recycled
objects.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 779b97325a1a60e6c72a334d0134ea5178942f7d
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Sep 25 07:42:14 2010 +0200
s4:subtree_rename LDB module - also already deleted objects have to be renamed
This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
and the parent is renamed.
To be able to do this we also need to relax the constraint checks (using the
"isDeleted" proof).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 69b7a87e98d3ecc937595c1a3cbd3c10abb9c652
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Sep 19 18:23:20 2010 +0200
s4:show_deleted LDB module - also support the "show_recycled" control
MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit e1509ec623480e11760221667c2d8a724e0da05a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Sep 17 12:08:28 2010 +0200
s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 2b4f6528999243476e8fe25461b54a52f4911683
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Sep 24 18:44:50 2010 +0200
s4:subtree_delete LDB module - it is only responsible for non-deleted objects
The deleted objects (tombstones, recycled & deleted objects) are handled by
"repl_meta_data".
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 4768280614b517049ab724026b6867fbee77c6e3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Sep 25 12:02:53 2010 +0200
s4:objectclass LDB module - fix the "crossRef" delete protection
This is what Windows does
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 6c9b25ea5c1d61db2265ba1d8735ffc27a256f6b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Fri Sep 24 14:13:48 2010 +0200
s4:objectclass LDB module - fix the delete behaviour of server containers
A typo prevented the right behaviour.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 16 +-
source4/dsdb/common/util.h | 1 +
source4/dsdb/kcc/kcc_deleted.c | 2 +-
source4/dsdb/samdb/ldb_modules/acl.c | 2 +-
source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +-
source4/dsdb/samdb/ldb_modules/extended_dn_store.c | 2 +-
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 4 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 21 ++-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 2 +-
source4/dsdb/samdb/ldb_modules/operational.c | 4 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 51 +++--
source4/dsdb/samdb/ldb_modules/show_deleted.c | 73 +++++-
source4/dsdb/samdb/ldb_modules/subtree_delete.c | 3 +-
source4/dsdb/samdb/ldb_modules/subtree_rename.c | 15 +-
source4/dsdb/samdb/ldb_modules/util.c | 4 +-
source4/dsdb/tests/python/deletetest.py | 237 ++++++++++++++++++--
source4/dsdb/tests/python/ldap.py | 92 --------
source4/kdc/db-glue.c | 16 --
source4/lib/registry/patchfile_dotreg.c | 2 +-
source4/rpc_server/drsuapi/drsutil.c | 2 +-
source4/scripting/bin/upgradeprovision | 9 +-
source4/scripting/python/samba/__init__.py | 4 +-
22 files changed, 376 insertions(+), 190 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 4e6fe03..523dd8e 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2516,7 +2516,8 @@ int dsdb_find_guid_attr_by_dn(struct ldb_context *ldb,
attrs[0] = attribute;
attrs[1] = NULL;
- ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+ ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
@@ -2590,7 +2591,8 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb,
ZERO_STRUCTP(sid);
- ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+ ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
@@ -3272,7 +3274,8 @@ int dsdb_wellknown_dn(struct ldb_context *samdb, TALLOC_CTX *mem_ctx,
return ldb_operr(samdb);
}
- ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs, DSDB_SEARCH_SHOW_DELETED);
+ ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs,
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
@@ -3570,6 +3573,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
}
}
+ if (dsdb_flags & DSDB_SEARCH_SHOW_RECYCLED) {
+ ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_RECYCLED_OID, true, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
if (dsdb_flags & DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT) {
ret = ldb_request_add_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID, true, NULL);
if (ret != LDB_SUCCESS) {
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index edada70..7ae46ae 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -33,3 +33,4 @@
#define DSDB_FLAG_AS_SYSTEM 0x0080
#define DSDB_TREE_DELETE 0x0100
#define DSDB_SEARCH_ONE_ONLY 0x0200 /* give an error unless 1 record */
+#define DSDB_SEARCH_SHOW_RECYCLED 0x0400
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 118952a..1726fa4 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -71,7 +71,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
continue;
}
ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs,
- DSDB_SEARCH_SHOW_DELETED, NULL);
+ DSDB_SEARCH_SHOW_RECYCLED, NULL);
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n",
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2781b4c..149c6b1 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -887,7 +887,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
ret = dsdb_module_search_dn(module, req, &acl_res, req->op.rename.olddn,
acl_attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
/* we sould be able to find the parent */
if (ret != LDB_SUCCESS) {
DEBUG(10,("acl: failed to find object %s\n",
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 6873e56..6c41602 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -73,7 +73,7 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
ret = dsdb_module_search_dn(module, mem_ctx, &acl_res, dn,
acl_attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
DEBUG(0,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
return ret;
@@ -108,7 +108,7 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module,
ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
acl_attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED,
+ DSDB_SEARCH_SHOW_RECYCLED,
"objectGUID=%s", GUID_string(mem_ctx, guid));
if (ret != LDB_SUCCESS || acl_res->count == 0) {
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
index 15af268..fafe511 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
@@ -276,7 +276,7 @@ static int extended_store_replace(struct extended_dn_context *ac,
}
ret = dsdb_request_add_controls(os->search_req,
- DSDB_SEARCH_SHOW_DELETED|DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+ DSDB_SEARCH_SHOW_RECYCLED|DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
if (ret != LDB_SUCCESS) {
talloc_free(os);
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index b09d0cb..25596f0 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -622,7 +622,7 @@ static int linked_attributes_fix_links(struct ldb_module *module,
ret = dsdb_module_search_dn(module, tmp_ctx, &res, dsdb_dn->dn,
attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS);
if (ret != LDB_SUCCESS) {
@@ -716,7 +716,7 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques
ret = dsdb_module_search_dn(module, req, &res, req->op.rename.olddn,
NULL,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 7541e1d..82c4144 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -709,8 +709,8 @@ static int objectclass_do_add(struct oc_context *ac)
if (ldb_attr_cmp(objectclass->lDAPDisplayName, "server") == 0) {
systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "site") == 0
- || ldb_attr_cmp(objectclass->lDAPDisplayName, "serverContainer") == 0
- || ldb_attr_cmp(objectclass->lDAPDisplayName, "ntDSDSA") == 0) {
+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "serversContainer") == 0
+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSDSA") == 0) {
systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLink") == 0
@@ -1154,10 +1154,11 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
return ret;
}
- /* we have to add the show deleted control, as otherwise DRS
+ /* we have to add the show recycled control, as otherwise DRS
deletes will be refused as we will think the target parent
does not exist */
- ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, false, NULL);
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+ false, NULL);
if (ret != LDB_SUCCESS) {
return ret;
@@ -1423,11 +1424,17 @@ static int objectclass_do_delete(struct oc_context *ac)
dn = ldb_msg_find_attr_as_dn(ldb, ac, ac->search_res->message,
"nCName");
if ((ldb_dn_compare(dn, ldb_get_default_basedn(ldb)) == 0) ||
- (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0) ||
- (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0)) {
+ (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0)) {
talloc_free(dn);
- ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the three main partitions!",
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the main or configuration partition!",
+ ldb_dn_get_linearized(ac->req->op.del.dn));
+ return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
+ }
+ if (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0) {
+ talloc_free(dn);
+
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the schema partition!",
ldb_dn_get_linearized(ac->req->op.del.dn));
return LDB_ERR_UNWILLING_TO_PERFORM;
}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 2f43cc2..2024a33 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -349,7 +349,7 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares)
return ldb_module_done(ac->req, NULL, NULL, ret);
}
- ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID,
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
true, NULL);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 72feacf..687597d 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -209,7 +209,7 @@ static int construct_parent_guid(struct ldb_module *module,
/* determine if the object is NC by instance type */
ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
instanceType = ldb_msg_find_attr_as_uint(res->msgs[0],
"instanceType", 0);
@@ -228,7 +228,7 @@ static int construct_parent_guid(struct ldb_module *module,
}
ret = dsdb_module_search_dn(module, msg, &parent_res, parent_dn, attrs2,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
talloc_free(parent_dn);
/* not NC, so the object should have a parent*/
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b459405..fdb1941 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1177,7 +1177,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs2,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_SHOW_EXTENDED_DN |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS);
@@ -1210,7 +1210,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
*/
ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_SHOW_EXTENDED_DN |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS);
@@ -2053,7 +2053,7 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_REVEAL_INTERNALS |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
if (ret != LDB_SUCCESS) {
@@ -2442,7 +2442,7 @@ static int replmd_delete_remove_link(struct ldb_module *module,
static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
{
int ret = LDB_ERR_OTHER;
- bool retb;
+ bool retb, disallow_move_on_delete;
struct ldb_dn *old_dn, *new_dn;
const char *rdn_name;
const struct ldb_val *rdn_value, *new_rdn_value;
@@ -2491,7 +2491,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
attributes need to be removed */
ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, NULL,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_REVEAL_INTERNALS |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
if (ret != LDB_SUCCESS) {
@@ -2554,16 +2554,31 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
msg->dn = old_dn;
if (deletion_state == OBJECT_NOT_DELETED){
+ /* consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag */
+ disallow_move_on_delete =
+ (ldb_msg_find_attr_as_int(old_msg, "systemFlags", 0)
+ & SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+
/* work out where we will be renaming this object to */
- ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn, &new_dn);
- if (ret != LDB_SUCCESS) {
- /* this is probably an attempted delete on a partition
- * that doesn't allow delete operations, such as the
- * schema partition */
- ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
- ldb_dn_get_linearized(old_dn));
- talloc_free(tmp_ctx);
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ if (!disallow_move_on_delete) {
+ ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn,
+ &new_dn);
+ if (ret != LDB_SUCCESS) {
+ /* this is probably an attempted delete on a partition
+ * that doesn't allow delete operations, such as the
+ * schema partition */
+ ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
+ ldb_dn_get_linearized(old_dn));
+ talloc_free(tmp_ctx);
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ } else {
+ new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
+ if (new_dn == NULL) {
+ ldb_module_oom(module);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
/* get the objects GUID from the search we just did */
@@ -2614,7 +2629,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
DSDB_FLAG_NEXT_MODULE |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS|
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
@@ -3263,7 +3278,9 @@ static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
replmd_replicated_apply_search_callback,
ar->req);
LDB_REQ_SET_LOCATION(search_req);
- ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
+
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+ true, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -3863,7 +3880,7 @@ linked_attributes[0]:
ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
DSDB_FLAG_NEXT_MODULE |
DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
- DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS,
"objectGUID=%s", GUID_string(tmp_ctx, &la->identifier->guid));
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
index 34807cf..5c5d726 100644
--- a/source4/dsdb/samdb/ldb_modules/show_deleted.c
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -4,6 +4,7 @@
Copyright (C) Simo Sorce 2005
Copyright (C) Stefan Metzmacher <metze at samba.org> 2007
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2009
+ Copyright (C) Matthias Dieter Wallnöfer 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -24,7 +25,8 @@
*
* Component: ldb deleted objects control module
*
- * Description: this module hides deleted objects, and returns them if the right control is there
+ * Description: this module hides deleted and recylced objects, and returns
+ * them if the right control is there
*
* Author: Stefan Metzmacher
*/
@@ -37,7 +39,7 @@
static int show_deleted_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
- struct ldb_control *control;
+ struct ldb_control *show_del, *show_rec;
struct ldb_request *down_req;
struct ldb_parse_tree *new_tree = req->op.search.tree;
int ret;
@@ -45,12 +47,18 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
ldb = ldb_module_get_ctx(module);
/* check if there's a show deleted control */
- control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+ show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+ /* check if there's a show recycled control */
+ show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
- if (! control) {
- /* FIXME: we could use a constant tree here once we
- are sure that no ldb modules modify trees
- in-situ */
+ if ((show_del == NULL) && (show_rec == NULL)) {
+ /* Here we have to suppress all deleted objects:
+ * MS-ADTS 3.1.1.3.4.1
+ *
+ * Filter: (&(!(isDeleted=TRUE))(...))
+ */
+ /* FIXME: we could use a constant tree here once we are sure
+ * that no ldb modules modify trees in-site */
new_tree = talloc(req, struct ldb_parse_tree);
if (!new_tree) {
return ldb_oom(ldb);
@@ -61,6 +69,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
if (!new_tree->u.list.elements) {
return ldb_oom(ldb);
}
+
new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree);
new_tree->u.list.elements[0]->operation = LDB_OP_NOT;
new_tree->u.list.elements[0]->u.isnot.child =
@@ -71,9 +80,41 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isDeleted";
new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
+
+ new_tree->u.list.elements[1] = req->op.search.tree;
+ } else if ((show_del != NULL) && (show_rec == NULL)) {
+ /* Here we need to suppress all recycled objects:
+ * MS-ADTS 3.1.1.3.4.1
+ *
+ * Filter: (&(!(isRecycled=TRUE))(...))
+ */
+ /* FIXME: we could use a constant tree here once we are sure
+ * that no ldb modules modify trees in-site */
+ new_tree = talloc(req, struct ldb_parse_tree);
+ if (!new_tree) {
+ return ldb_oom(ldb);
+ }
+ new_tree->operation = LDB_OP_AND;
+ new_tree->u.list.num_elements = 2;
+ new_tree->u.list.elements = talloc_array(new_tree, struct ldb_parse_tree *, 2);
+ if (!new_tree->u.list.elements) {
+ return ldb_oom(ldb);
+ }
+
+ new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+ new_tree->u.list.elements[0]->operation = LDB_OP_NOT;
+ new_tree->u.list.elements[0]->u.isnot.child =
+ talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+ if (!new_tree->u.list.elements[0]->u.isnot.child) {
+ return ldb_oom(ldb);
+ }
+ new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
+ new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isRecycled";
+ new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
+
new_tree->u.list.elements[1] = req->op.search.tree;
}
-
+
ret = ldb_build_search_req_ex(&down_req, ldb, req,
req->op.search.base,
req->op.search.scope,
@@ -87,9 +128,12 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
return ret;
}
- /* mark the control as done */
- if (control) {
- control->critical = 0;
+ /* mark the controls as done */
+ if (show_del != NULL) {
+ show_del->critical = 0;
+ }
+ if (show_rec != NULL) {
+ show_rec->critical = 0;
}
/* perform the search */
@@ -110,6 +154,13 @@ static int show_deleted_init(struct ldb_module *module)
return ldb_operr(ldb);
}
+ ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_RECYCLED_OID);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "show_deleted: Unable to register control with rootdse!\n");
+ return ldb_operr(ldb);
+ }
+
return ldb_next_init(module);
}
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
index 9177744..34914d2 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
@@ -53,8 +53,7 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
/* see if we have any children */
ret = dsdb_module_search(module, req, &res, req->op.del.dn,
LDB_SCOPE_ONELEVEL, attrs,
- DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED,
+ DSDB_FLAG_NEXT_MODULE,
"(objectClass=*)");
if (ret != LDB_SUCCESS) {
talloc_free(res);
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index 97330f8..f6b3625 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -152,7 +152,9 @@ static int check_constraints(struct ldb_message *msg,
bool move_op = false;
--
Samba Shared Repository
More information about the samba-cvs
mailing list