[SCM] Samba Shared Repository - branch master updated

Wed Aug 24 17:11:02 MDT 2011

The branch, master has been updated
       via  68a42bd s4-dsdb: fixed use of RMD flags in ldb search in dirsync module
       via  b2c6b01 s4-dns: fixed dns_update_list for multi-domain forests
       via  08b2aa0 s4-dns: cope with duplicate entries in dns_update_list
       via  345220b s4-dsdb: fixed newlines in DEBUG() calls in cracknames
       via  32c5e3b s4-join: fixed DNS hostname
       via  dea4f39 s4-drs: fixed msdcs DNS name in getncchanges
       via  0859369 s4-libnet: fixed forest DNS name
       via  4f421d0 s4-acl: use dnsforest not dnsdomain for GC names
       via  68100e5 s4-join: setup DNS forest name on join context
       via  717706c s4-dns/spn: fixed DNS and SPN scripts to setup forest DNS name
       via  219271b s4-samdb: added host_dns_name(), domain_dns_name() and forest_dns_name()
       via  5a9dc1d s4-repl: fixed _msdcs DNS name
       via  484fb30 s4-kcc: fixed _msdcs DNS name
       via  9784fbc s4-dsdb: added samdb_ntds_msdcs_dns_name()
       via  42ae193 s4-dns: fixed DNS and SPN update lists for multi-domain support
       via  53b08bf s4-provision: pass the rootDN into guess_names()
       via  27656e9 s4-dsdb: fixed calls to ldb_val_string_cmp()
       via  9f404b3 s4-dsdb: added samdb_dn_to_dns_domain()
       via  bcbb35b s4-dsdb: assert that base DNs are used correctly
       via  1216649 s4-dsdb: enforce NULL DN validity in partition module
       via  171c3cd s4-dsdb: fixed basedn in extended_dn_in module
       via  2c47f0a samba-tool: fixed use of base DNs in ldapcmp
       via  33fb1f8 s4-spnupdate: fixed searches on domain NC
       via  b6e1887 s4-dns: fixed base search on domain NC
       via  6765190 s4-samr: fixed subtree search
       via  8510e40 s4-kdc: fixed subtree search in KDC
       via  68ff9ec s4-dsdb: cleanup use of NULL vs base DN in samldb
       via  4744c12 s4-dsdb: removed unused function in ACL module
       via  559d92a s4-dsdb: fixed all partitions search in cracknames
       via  9f2a41e s4-dns: when searching all partitions the NULL basedn is OK
       via  fb612af pdb-samba4: use ldb_get_default_basedn() instead of NULL
       via  4655a5b pyldb: fixed a warning
      from  fac75f0 s3:winbindd fix a return code check

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 68a42bd76274fbee37270b2eaa34ffb1c96068a9
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 15:53:58 2011 +1000

    s4-dsdb: fixed use of RMD flags in ldb search in dirsync module
    
    I'm pretty sure a SHOW_DELETED was wanted here
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User: Andrew Tridgell <tridge at samba.org>
    Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104

commit b2c6b0122f88767abd6685117066c793e8191b6f
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 15:48:02 2011 +1000

    s4-dns: fixed dns_update_list for multi-domain forests
    
    this should now match the DNS entries of w2k8r2c
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 08b2aa08433d4e4be9764f926fdbec455df3a8ea
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 15:47:27 2011 +1000

    s4-dns: cope with duplicate entries in dns_update_list
    
    this is needed for when DNSFOREST and DNSDOMAIN are the same
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 345220b762af62b071faf9d9b352e928dfe1c375
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 15:46:53 2011 +1000

    s4-dsdb: fixed newlines in DEBUG() calls in cracknames
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 32c5e3b2040ddb10c45ab8e3a326f0d3d7a4c75c
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 13:52:09 2011 +1000

    s4-join: fixed DNS hostname
    
    we need the local hostname, not the remote name

commit dea4f3941b9c4006cc16b949ef5b6657eb009e14
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 13:51:49 2011 +1000

    s4-drs: fixed msdcs DNS name in getncchanges

commit 085936926a446a289b88dfafcfe425c5dfe615b1
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 24 13:51:01 2011 +1000

    s4-libnet: fixed forest DNS name
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 4f421d04064c7f1a3a4052a37c2908a8e5dbeb89
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:43:56 2011 +1000

    s4-acl: use dnsforest not dnsdomain for GC names

commit 68100e5a21adab26dee367b0742a76b485edc16e
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:43:37 2011 +1000

    s4-join: setup DNS forest name on join context

commit 717706cb9691d435071c9883b3da649fcada2ea6
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:41:08 2011 +1000

    s4-dns/spn: fixed DNS and SPN scripts to setup forest DNS name

commit 219271bd154817ccf0cb4706769e07eb5dfa11ee
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:40:45 2011 +1000

    s4-samdb: added host_dns_name(), domain_dns_name() and forest_dns_name()
    
    these will make it easier to get python code right for multi-domain
    support

commit 5a9dc1d216fe419570891099fa7dd922bf025671
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:30:15 2011 +1000

    s4-repl: fixed _msdcs DNS name
    
    another multi-domain fix

commit 484fb303ff2b7e5becd2ad9502ae8645657a3ced
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:29:54 2011 +1000

    s4-kcc: fixed _msdcs DNS name
    
    we need to base this DNS name on the forest DNS name for multi-domain
    support
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 9784fbc378f155b07a08c29d4787b0896165d5db
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:29:08 2011 +1000

    s4-dsdb: added samdb_ntds_msdcs_dns_name()
    
    this gets the DNS name for a NTDS GUID, based on the forest DNS name
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 42ae193e3f8ace2e81b4b754e557ba37dcf2b80e
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:28:29 2011 +1000

    s4-dns: fixed DNS and SPN update lists for multi-domain support
    
    fixed DNS to point at forest root
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit 53b08bfbdb68724aa7cfb26c9d53f6adf8373423
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:27:39 2011 +1000

    s4-provision: pass the rootDN into guess_names()
    
    this gets the correct forest DN during provision
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 27656e912340bc4fa58799da569b7673b2d0adca
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:26:44 2011 +1000

    s4-dsdb: fixed calls to ldb_val_string_cmp()
    
    wrong order of arguments

commit 9f404b3dea7bd34890eb66ff60432e05efdc2f09
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Aug 22 17:00:54 2011 +1000

    s4-dsdb: added samdb_dn_to_dns_domain()
    
    this converts a DC into the equivalent DNS domain. It is used when
    forming t_msdcs NTDS DNS names
    
    Pair-Programmed-With: Amitay Isaacs <amitay at gmail.com>

commit bcbb35b0888696db53f63f095e9bf07e493cb9ee
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:36:22 2011 +1000

    s4-dsdb: assert that base DNs are used correctly
    
    this will catch future programmer errors with incorrect base DNs
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 12166497729252469ac3ffbf0495842cdc85cff0
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:35:45 2011 +1000

    s4-dsdb: enforce NULL DN validity in partition module
    
    windows does not allow a search on the empty DN except for rootDSE
    searches or for phantom_root searches (ie. with --cross-ncs). By
    enforcing this in Samba we make it more likely that our tests and
    utilities will work against windows
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 171c3cdd4a506bfebdcb031d2130d7eb627d2d38
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:34:12 2011 +1000

    s4-dsdb: fixed basedn in extended_dn_in module
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 2c47f0a84528de4c06d0fcf37fc6139219c0efa8
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:33:06 2011 +1000

    samba-tool: fixed use of base DNs in ldapcmp
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 33fb1f85df2bb62bbfdb5b4a859ce0b7261e4e32
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:32:44 2011 +1000

    s4-spnupdate: fixed searches on domain NC
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit b6e18870026a03edfc21a4695824f4c988a14b11
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:32:26 2011 +1000

    s4-dns: fixed base search on domain NC
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 67651905f984745dab4de3944d1c0a988b8d5d50
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:31:43 2011 +1000

    s4-samr: fixed subtree search
    
    this needs to be on the domain NC
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 8510e405f58313f190d8e3dfc3308e4a49530f9b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:31:13 2011 +1000

    s4-kdc: fixed subtree search in KDC
    
    use ldb_get_default_basedn() with a subtree search
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 68ff9ecd010c938da0a7d347a00cfef80a9999a0
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:30:28 2011 +1000

    s4-dsdb: cleanup use of NULL vs base DN in samldb
    
    NULL should be used when doing all partition searches. The default
    basedn should be used when wanting just the domain NC
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 4744c12d2cfdaf47ac5884951ad86b9451f7075e
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:29:13 2011 +1000

    s4-dsdb: removed unused function in ACL module
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 559d92a8dfb0759326f154dbe14d05a3df0ce4d3
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:28:49 2011 +1000

    s4-dsdb: fixed all partitions search in cracknames
    
    when searching all partitions we must use the NULL basedn, or we will
    miss partitions in multi-domain setups
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 9f2a41eea8ad3e4e586152aeeb36fd6b287e7b24
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:27:55 2011 +1000

    s4-dns: when searching all partitions the NULL basedn is OK
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit fb612af6553748ca725cfbb0d8c24948d10f47a2
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:27:14 2011 +1000

    pdb-samba4: use ldb_get_default_basedn() instead of NULL
    
    this makes pdb-samba4 safe for multi-domain setups
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

commit 4655a5bf7c875c9cd2e4c70362e0ecac8b8a0152
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Aug 19 17:26:33 2011 +1000

    pyldb: fixed a warning
    
    Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/pyldb.c                                    |    4 +-
 source3/passdb/pdb_samba4.c                        |    6 +-
 source4/dns_server/dns_server.c                    |    9 +--
 source4/dsdb/common/util.c                         |   74 ++++++++++++++++++++
 source4/dsdb/kcc/kcc_periodic.c                    |    4 +-
 source4/dsdb/repl/drepl_extended.c                 |    7 +-
 source4/dsdb/repl/drepl_out_helpers.c              |   12 +---
 source4/dsdb/repl/drepl_partitions.c               |    9 ++-
 source4/dsdb/samdb/cracknames.c                    |   30 ++++----
 source4/dsdb/samdb/ldb_modules/acl_util.c          |   39 ----------
 source4/dsdb/samdb/ldb_modules/dirsync.c           |    4 +-
 source4/dsdb/samdb/ldb_modules/extended_dn_in.c    |   16 +++--
 source4/dsdb/samdb/ldb_modules/partition.c         |    3 +
 source4/dsdb/samdb/ldb_modules/samldb.c            |   25 +++++--
 source4/dsdb/samdb/ldb_modules/util.c              |    5 ++
 source4/dsdb/schema/schema_syntax.c                |    4 +-
 source4/dsdb/tests/python/acl.py                   |    6 +-
 source4/kdc/db-glue.c                              |    4 +-
 source4/libnet/libnet_become_dc.c                  |    2 +-
 source4/libnet/py_net.c                            |    3 +-
 source4/rpc_server/drsuapi/getncchanges.c          |    5 +-
 source4/rpc_server/samr/dcesrv_samr.c              |    2 +-
 source4/scripting/bin/samba_dnsupdate              |   14 +++--
 source4/scripting/bin/samba_spnupdate              |    9 ++-
 source4/scripting/python/samba/join.py             |    8 +-
 source4/scripting/python/samba/netcmd/ldapcmp.py   |   30 ++++-----
 .../scripting/python/samba/provision/__init__.py   |    4 +-
 source4/scripting/python/samba/samdb.py            |   15 ++++
 source4/setup/dns_update_list                      |   43 ++++++++----
 source4/setup/spn_update_list                      |    4 +-
 30 files changed, 241 insertions(+), 159 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index 72680c1..d456acb 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -2290,8 +2290,8 @@ static int py_ldb_msg_element_cmp(PyLdbMessageElementObject *self, PyLdbMessageE
 
 static PyObject *py_ldb_msg_element_iter(PyLdbMessageElementObject *self)
 {
-	struct ldb_message_element *el = ldb_msg_element_to_set(NULL,
-		pyldb_MessageElement_AsMessageElement(self));
+	PyObject *el = ldb_msg_element_to_set(NULL,
+					      pyldb_MessageElement_AsMessageElement(self));
 	return PyObject_GetIter(el);
 }
 
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index a45c687..7a1c635 100644
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -602,7 +602,7 @@ static NTSTATUS pdb_samba4_getsamupriv(struct pdb_samba4_state *state,
 		"badPwdCount", "logonCount", "countryCode", "codePage",
 		"unicodePwd", "dBCSPwd", NULL };
 
-	int rc = dsdb_search_one(state->ldb, mem_ctx, msg, NULL, LDB_SCOPE_SUBTREE, attrs, 0, "%s", filter); 
+	int rc = dsdb_search_one(state->ldb, mem_ctx, msg, ldb_get_default_basedn(state->ldb), LDB_SCOPE_SUBTREE, attrs, 0, "%s", filter);
 	if (rc != LDB_SUCCESS) {
 		DEBUG(10, ("ldap_search failed %s\n",
 			   ldb_errstring(state->ldb)));
@@ -866,7 +866,7 @@ static NTSTATUS pdb_samba4_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	rc = dsdb_search_one(state->ldb, tmp_ctx, &msg, NULL, LDB_SCOPE_SUBTREE, attrs, 0, "%s", expression);
+	rc = dsdb_search_one(state->ldb, tmp_ctx, &msg, ldb_get_default_basedn(state->ldb), LDB_SCOPE_SUBTREE, attrs, 0, "%s", expression);
 	if (rc == LDB_ERR_NO_SUCH_OBJECT) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_NO_SUCH_GROUP;
@@ -1825,7 +1825,7 @@ static bool pdb_samba4_search_filter(struct pdb_methods *m,
 		return false;
 	}
 
-	rc = dsdb_search(state->ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs, 0, "%s", expression);
+	rc = dsdb_search(state->ldb, tmp_ctx, &res, ldb_get_default_basedn(state->ldb), LDB_SCOPE_SUBTREE, attrs, 0, "%s", expression);
 	if (rc != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		DEBUG(10, ("dsdb_search failed: %s\n",
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 0c36c20..e164035 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -601,7 +601,6 @@ static void dns_task_init(struct task_server *task)
 	struct interface *ifaces;
 	int ret;
 	struct ldb_result *res;
-	struct ldb_dn *rootdn;
 	static const char * const attrs[] = { "name", NULL};
 	unsigned int i;
 
@@ -641,14 +640,8 @@ static void dns_task_init(struct task_server *task)
 		return;
 	}
 
-	rootdn = ldb_dn_new(dns, dns->samdb, "");
-	if (rootdn == NULL) {
-		task_server_terminate(task, "dns: out of memory", true);
-		return;
-	}
-
 	// TODO: this search does not work against windows
-	ret = dsdb_search(dns->samdb, dns, &res, rootdn, LDB_SCOPE_SUBTREE,
+	ret = dsdb_search(dns->samdb, dns, &res, NULL, LDB_SCOPE_SUBTREE,
 			  attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS, "(objectClass=dnsZone)");
 	if (ret != LDB_SUCCESS) {
 		task_server_terminate(task,
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 22f092c..f64e624 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2354,6 +2354,77 @@ struct ldb_dn *samdb_dns_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_c
 	return dn;
 }
 
+
+/*
+  Find the DNS equivalent of a DN, in dotted DNS form
+*/
+char *samdb_dn_to_dns_domain(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
+{
+	int i, num_components = ldb_dn_get_comp_num(dn);
+	char *dns_name = talloc_strdup(mem_ctx, "");
+	if (dns_name == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i<num_components; i++) {
+		const struct ldb_val *v = ldb_dn_get_component_val(dn, i);
+		char *s;
+		if (v == NULL) {
+			talloc_free(dns_name);
+			return NULL;
+		}
+		s = talloc_asprintf_append_buffer(dns_name, "%*.*s.",
+						  (int)v->length, (int)v->length, (char *)v->data);
+		if (s == NULL) {
+			talloc_free(dns_name);
+			return NULL;
+		}
+		dns_name = s;
+	}
+
+	/* remove the last '.' */
+	if (dns_name[0] != 0) {
+		dns_name[strlen(dns_name)-1] = 0;
+	}
+
+	return dns_name;
+}
+
+/*
+  Find the DNS _msdcs name for a given NTDS GUID. The resulting DNS
+  name is based on the forest DNS name
+*/
+char *samdb_ntds_msdcs_dns_name(struct ldb_context *samdb,
+				TALLOC_CTX *mem_ctx,
+				const struct GUID *ntds_guid)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *guid_str;
+	struct ldb_dn *forest_dn;
+	const char *dnsforest;
+	char *ret;
+
+	guid_str = GUID_string(tmp_ctx, ntds_guid);
+	if (guid_str == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	forest_dn = ldb_get_root_basedn(samdb);
+	if (forest_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	dnsforest = samdb_dn_to_dns_domain(tmp_ctx, forest_dn);
+	if (dnsforest == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	ret = talloc_asprintf(mem_ctx, "%s._msdcs.%s", guid_str, dnsforest);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
 /*
   Find the DN of a domain, be it the netbios or DNS name 
 */
@@ -3875,6 +3946,9 @@ int dsdb_search(struct ldb_context *ldb,
 	char *expression = NULL;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
+	/* cross-partitions searches with a basedn break multi-domain support */
+	SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
+
 	res = talloc_zero(tmp_ctx, struct ldb_result);
 	if (!res) {
 		talloc_free(tmp_ctx);
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index 8b74bab..2654f9f 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -356,9 +356,7 @@ NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
 		r1 = &reps[count].ctr.ctr1;
 
 		r1->other_info               = talloc_zero(reps, struct repsFromTo1OtherInfo);
-		r1->other_info->dns_name     = talloc_asprintf(r1->other_info, "%s._msdcs.%s",
-							       GUID_string(mem_ctx, &ntds_guid),
-							       lpcfg_dnsdomain(s->task->lp_ctx));
+		r1->other_info->dns_name     = samdb_ntds_msdcs_dns_name(s->samdb, reps, &ntds_guid);
 		r1->source_dsa_obj_guid      = ntds_guid;
 		r1->source_dsa_invocation_id = invocation_id;
 		r1->replica_flags = kccsrv_replica_flags(s);
diff --git a/source4/dsdb/repl/drepl_extended.c b/source4/dsdb/repl/drepl_extended.c
index 4d64594..69cccb8 100644
--- a/source4/dsdb/repl/drepl_extended.c
+++ b/source4/dsdb/repl/drepl_extended.c
@@ -93,10 +93,9 @@ static WERROR drepl_create_extended_source_dsa(struct dreplsrv_service *service,
 		return WERR_NOMEM;
 	}
 
-	sdsa->repsFrom1->other_info->dns_name =
-		talloc_asprintf(sdsa->repsFrom1->other_info, "%s._msdcs.%s",
-				GUID_string(sdsa->repsFrom1->other_info, &sdsa->repsFrom1->source_dsa_obj_guid),
-				lpcfg_dnsdomain(service->task->lp_ctx));
+	sdsa->repsFrom1->other_info->dns_name = samdb_ntds_msdcs_dns_name(ldb,
+									  sdsa->repsFrom1->other_info,
+									  &sdsa->repsFrom1->source_dsa_obj_guid);
 	if (!sdsa->repsFrom1->other_info->dns_name) {
 		talloc_free(sdsa);
 		return WERR_NOMEM;
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 7b513a8..19d0957 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -691,7 +691,6 @@ static void dreplsrv_update_refs_trigger(struct tevent_req *req)
 	struct dreplsrv_partition *partition = state->op->source_dsa->partition;
 	struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
 	struct drsuapi_DsReplicaUpdateRefs *r;
-	char *ntds_guid_str;
 	char *ntds_dns_name;
 	struct tevent_req *subreq;
 
@@ -700,15 +699,9 @@ static void dreplsrv_update_refs_trigger(struct tevent_req *req)
 		return;
 	}
 
-	ntds_guid_str = GUID_string(r, &service->ntds_guid);
-	if (tevent_req_nomem(ntds_guid_str, req)) {
-		return;
-	}
-
-	ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
-					ntds_guid_str,
-					lpcfg_dnsdomain(service->task->lp_ctx));
+	ntds_dns_name = samdb_ntds_msdcs_dns_name(service->samdb, r, &service->ntds_guid);
 	if (tevent_req_nomem(ntds_dns_name, req)) {
+		talloc_free(r);
 		return;
 	}
 
@@ -728,6 +721,7 @@ static void dreplsrv_update_refs_trigger(struct tevent_req *req)
 							   drsuapi->drsuapi_handle,
 							   r);
 	if (tevent_req_nomem(subreq, req)) {
+		talloc_free(r);
 		return;
 	}
 	tevent_req_set_callback(subreq, dreplsrv_update_refs_done, req);
diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
index 470a88f..e0f4045 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -107,6 +107,7 @@ NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
 	int ret;
 	const char *hostname;
 	struct ldb_dn *dn;
+	struct ldb_dn *forest_dn;
 
 	*target_principal = NULL;
 
@@ -148,9 +149,15 @@ NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
 	 * on it's record, it must also have GC/hostname/realm
 	 * servicePrincipalName */
 
+	forest_dn = ldb_get_root_basedn(s->samdb);
+	if (forest_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
 	*target_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
 					    hostname,
-					    lpcfg_dnsdomain(s->task->lp_ctx));
+					    samdb_dn_to_dns_domain(tmp_ctx, forest_dn));
 	talloc_free(tmp_ctx);
 	return NT_STATUS_OK;
 }
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 21a473d..1e70a77 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -113,20 +113,20 @@ static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, stru
 			 directory_attrs, "(objectClass=nTDSService)");
 
 	if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) {
-		DEBUG(1, ("ldb_search: dn: %s not found: %s", service_dn_str, ldb_errstring(ldb_ctx)));
+		DEBUG(1, ("ldb_search: dn: %s not found: %s\n", service_dn_str, ldb_errstring(ldb_ctx)));
 		return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 	} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
-		DEBUG(1, ("ldb_search: dn: %s not found", service_dn_str));
+		DEBUG(1, ("ldb_search: dn: %s not found\n", service_dn_str));
 		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
 	} else if (res->count != 1) {
 		talloc_free(res);
-		DEBUG(1, ("ldb_search: dn: %s not found", service_dn_str));
+		DEBUG(1, ("ldb_search: dn: %s not found\n", service_dn_str));
 		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
 	}
 
 	spnmappings = ldb_msg_find_element(res->msgs[0], "sPNMappings");
 	if (!spnmappings || spnmappings->num_values == 0) {
-		DEBUG(1, ("ldb_search: dn: %s no sPNMappings attribute", service_dn_str));
+		DEBUG(1, ("ldb_search: dn: %s no sPNMappings attribute\n", service_dn_str));
 		talloc_free(tmp_ctx);
 		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
 	}
@@ -195,7 +195,7 @@ static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_c
 	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, 
 				    name, KRB5_PRINCIPAL_PARSE_NO_REALM, &principal);
 	if (ret) {
-		DEBUG(2, ("Could not parse principal: %s: %s",
+		DEBUG(2, ("Could not parse principal: %s: %s\n",
 			  name, smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
 							   ret, mem_ctx)));
 		return WERR_NOMEM;
@@ -307,7 +307,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 				     ldb_binary_encode_string(mem_ctx, realm));
 
 	if (ldb_ret != LDB_SUCCESS) {
-		DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s", ldb_errstring(sam_ctx)));
+		DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
 		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 		krb5_free_principal(smb_krb5_context->krb5_context, principal);
 		return WERR_OK;
@@ -802,7 +802,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 					     "%s", domain_filter);
 
 		if (ldb_ret != LDB_SUCCESS) {
-			DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s", ldb_errstring(sam_ctx)));
+			DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
 			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 			return WERR_OK;
 		}
@@ -837,7 +837,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 			search_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL);
 		} else {
 			dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
-			search_dn = ldb_get_root_basedn(sam_ctx);
+			search_dn = NULL;
 		}
 		if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){
 			 dsdb_flags = dsdb_flags| DSDB_SEARCH_SHOW_DELETED;
@@ -851,7 +851,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 				  dsdb_flags,
 				  "%s", result_filter);
 		if (ret != LDB_SUCCESS) {
-			DEBUG(2, ("DsCrackNameOneFilter phantom root search failed: %s",
+			DEBUG(2, ("DsCrackNameOneFilter phantom root search failed: %s\n",
 				  ldb_errstring(sam_ctx)));
 			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 			return WERR_OK;
@@ -868,7 +868,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 					  result_attrs);
 	} else {
 		/* Can't happen */
-		DEBUG(0, ("LOGIC ERROR: DsCrackNameOneFilter domain ref search not available: This can't happen..."));
+		DEBUG(0, ("LOGIC ERROR: DsCrackNameOneFilter domain ref search not available: This can't happen...\n"));
 		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 		return WERR_OK;
 	}
@@ -895,7 +895,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
 		return WERR_OK;
 	case -1:
-		DEBUG(2, ("DsCrackNameOneFilter result search failed: %s", ldb_errstring(sam_ctx)));
+		DEBUG(2, ("DsCrackNameOneFilter result search failed: %s\n", ldb_errstring(sam_ctx)));
 		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 		return WERR_OK;
 	default:
@@ -974,7 +974,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 						     "(ncName=%s)", ldb_dn_get_linearized(result->dn));
 
 			if (ldb_ret != LDB_SUCCESS) {
-				DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s", ldb_errstring(sam_ctx)));
+				DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
 				info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 				return WERR_OK;
 			}
@@ -1015,7 +1015,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 							     ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
 
 				if (ldb_ret != LDB_SUCCESS) {
-					DEBUG(2, ("DsCrackNameOneFilter domain search failed: %s", ldb_errstring(sam_ctx)));
+					DEBUG(2, ("DsCrackNameOneFilter domain search failed: %s\n", ldb_errstring(sam_ctx)));
 					info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 					return WERR_OK;
 				}
@@ -1038,7 +1038,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
 							     "(ncName=%s)", ldb_dn_get_linearized(domain_res->msgs[0]->dn));
 
 				if (ldb_ret != LDB_SUCCESS) {
-					DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s", ldb_errstring(sam_ctx)));
+					DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
 					info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 					return WERR_OK;
 				}
@@ -1348,7 +1348,7 @@ WERROR dcesrv_drsuapi_ListRoles(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx
 		names[i].dns_domain_name = samdb_dn_to_dnshostname(sam_ctx, mem_ctx,
 								   server_dn);
 		if(!names[i].dns_domain_name) {
-			DEBUG(4, ("list_roles: Failed to find dNSHostName for server %s",
+			DEBUG(4, ("list_roles: Failed to find dNSHostName for server %s\n",
 				  ldb_dn_get_linearized(server_dn)));
 		}
 		names[i].result_name = talloc_strdup(mem_ctx, ldb_dn_get_linearized(role_owner_dn));
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 58d3ecd..cce504d 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -88,45 +88,6 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
 						guid);
 }
 
-int dsdb_module_check_access_on_guid(struct ldb_module *module,
-				     TALLOC_CTX *mem_ctx,
-				     struct GUID *guid,
-				     uint32_t access_mask,
-				     const struct GUID *oc_guid,
-				     struct ldb_request *parent)
-{
-	int ret;
-	struct ldb_result *acl_res;
-	static const char *acl_attrs[] = {
-		"nTSecurityDescriptor",
-		"objectSid",
-		NULL
-	};
-	struct ldb_context *ldb = ldb_module_get_ctx(module);
-	struct auth_session_info *session_info
-		= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
-	if(!session_info) {
-		return ldb_operr(ldb);
-	}
-	ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
-				 acl_attrs,
-				 DSDB_FLAG_NEXT_MODULE |
-				 DSDB_SEARCH_SHOW_RECYCLED,
-				 parent,
-				 "objectGUID=%s", GUID_string(mem_ctx, guid));
-
-	if (ret != LDB_SUCCESS || acl_res->count == 0) {
-		DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid)));
-		return ret;
-	}
-	return dsdb_check_access_on_dn_internal(ldb, acl_res,
-						mem_ctx,
-						session_info->security_token,
-						acl_res->msgs[0]->dn,
-						access_mask,
-						oc_guid);
-}
-
 int acl_check_access_on_attribute(struct ldb_module *module,
 				  TALLOC_CTX *mem_ctx,
 				  struct security_descriptor *sd,
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index 6a5703a..676aaff 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -845,8 +845,8 @@ static int dirsync_search_callback(struct ldb_request *req, struct ldb_reply *ar
 		}
 
 		flags = DSDB_FLAG_NEXT_MODULE |
-				DSDB_RMD_FLAG_DELETED |
-				DSDB_SEARCH_SHOW_EXTENDED_DN;
+			DSDB_SEARCH_SHOW_DELETED |
+			DSDB_SEARCH_SHOW_EXTENDED_DN;
 
 		if (dsc->assystem) {
 			flags = flags | DSDB_FLAG_AS_SYSTEM;
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 760dd64..998634f 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -336,6 +336,7 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
 	enum ldb_scope scope;
 	struct ldb_dn *base_dn;
 	const char *expression;
+	uint32_t dsdb_flags;
 
 	if (tree->operation != LDB_OP_EQUALITY) {
 		return LDB_SUCCESS;
@@ -395,14 +396,20 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
 		return LDB_SUCCESS;
 	}
 
+	dsdb_flags = DSDB_FLAG_NEXT_MODULE |
+		DSDB_SEARCH_SHOW_DELETED |
+		DSDB_SEARCH_SHOW_EXTENDED_DN;
+
 	if (guid_val) {
 		expression = talloc_asprintf(filter_ctx, "objectGUID=%s", ldb_binary_encode(filter_ctx, *guid_val));
 		scope = LDB_SCOPE_SUBTREE;
 		base_dn = NULL;
+		dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
 	} else if (sid_val) {
 		expression = talloc_asprintf(filter_ctx, "objectSID=%s", ldb_binary_encode(filter_ctx, *sid_val));
 		scope = LDB_SCOPE_SUBTREE;
 		base_dn = NULL;
+		dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
 	} else {
 		/* fallback to searching using the string DN as the base DN */
 		expression = "objectClass=*";
@@ -416,10 +423,7 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
 				 base_dn,
 				 scope,
 				 no_attrs,
-				 DSDB_FLAG_NEXT_MODULE |
-				 DSDB_SEARCH_SHOW_DELETED |
-				 DSDB_SEARCH_SHOW_EXTENDED_DN |
-				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS,


-- 
Samba Shared Repository
