[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sat May 3 02:21:04 MDT 2014
The branch, master has been updated
via d7c22d5 ldb: make the successful ldb_transaction_start() message clearer
via 81ca9ab s3:passdb: improve a debug message in pdb_default_sid_to_id()
via 09fbc6c s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
via 1cfc02d s4:samr: allow builtin groups for samr_OpenGroup.
via 7c2bf8d selftest: Add tests for dbcheck detection and removal of partial objects
via b19d80d dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
from 4b324f7 s3: Always cache idmapping results of pdb backend.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d7c22d56d3f8be9b8293dd481fb450e3cf2343d3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 17 09:33:26 2014 +1200
ldb: make the successful ldb_transaction_start() message clearer
Change-Id: I00d0705484c3b53f55c4a8ec2953e92329b7408e
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat May 3 10:20:52 CEST 2014 on sn-devel-104
commit 81ca9ab53b232529911ccdc3e427dffdae78bfa9
Author: Michael Adam <obnox at samba.org>
Date: Wed Apr 30 12:14:46 2014 +0200
s3:passdb: improve a debug message in pdb_default_sid_to_id()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 09fbc6c085e68348c6cc6798acf44b184d7d44bc
Author: Michael Adam <obnox at samba.org>
Date: Wed Apr 30 12:10:01 2014 +0200
s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1cfc02d786b2d88ed1cafc10c501d5a97f254ec2
Author: Michael Adam <obnox at samba.org>
Date: Tue Apr 29 13:31:42 2014 +0200
s4:samr: allow builtin groups for samr_OpenGroup.
This fixes nsswitch getgrgid for builtins.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7c2bf8d2bc5230e4bd98cc5a0f1b8f3cc56a3f77
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Apr 4 10:40:35 2014 +1300
selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh
Andrew Bartlett
Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b19d80d0a97faffc165f068612f74d4ef8d7e5da
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 3 14:50:05 2014 +1300
dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb.c | 12 +-
selftest/tests.py | 1 +
source3/passdb/pdb_interface.c | 8 +-
source4/dsdb/kcc/kcc_deleted.c | 2 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 40 +-
source4/rpc_server/samr/dcesrv_samr.c | 23 +-
.../etc/smb.conf.template | 16 +
.../private/dns_update_list | 0
.../private/hklm.ldb.dump | 80 +
.../private/idmap.ldb.dump | 48 +
.../release-4-1-6-partial-object/private/krb5.conf | 4 +
.../private/named.conf.update | 7 +
.../private/privilege.ldb.dump | 156 +
.../private/randseed.tdb.dump | 0
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |29104 +++++++++++++
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |43468 ++++++++++++++++++++
...AINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 928 +
...ESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 488 +
.../sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 6036 +++
.../private/sam.ldb.d/metadata.tdb.dump | 4 +
.../private/sam.ldb.dump | 40 +
.../private/schannel_store.tdb.dump | 0
.../private/secrets.keytab | Bin 0 -> 1222 bytes
.../private/secrets.ldb.dump | 44 +
.../private/secrets.tdb.dump | 16 +
.../private/share.ldb.dump | 32 +
.../private/smbd.tmp/msg/names.tdb.dump | 52 +
.../private/spn_update_list | 0
.../private/tls/admincert.pem | 17 +
.../private/tls/admincertupn.pem | 17 +
.../private/tls/adminkey.pem | 15 +
.../private/tls/ca.pem | 14 +
.../private/tls/cert.pem | 15 +
.../private/tls/dhparms.pem | 5 +
.../private/tls/kdc.pem | 17 +
.../private/tls/key.pem | 15 +
.../private/wins_config.ldb.dump | 8 +
testprogs/blackbox/dbcheck-oldrelease.sh | 4 +-
wscript | 2 +-
39 files changed, 80712 insertions(+), 26 deletions(-)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/dns_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/randseed.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/metadata.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/schannel_store.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.keytab
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/share.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/smbd.tmp/msg/names.tdb.dump
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/spn_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincert.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincertupn.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/adminkey.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/ca.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/cert.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/dhparms.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/kdc.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/key.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/wins_config.ldb.dump
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 36f1c37..c49513c 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -371,10 +371,14 @@ int ldb_transaction_start(struct ldb_context *ldb)
ldb_strerror(status),
status);
}
- }
- if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
- ldb_errstring(module->ldb));
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
+ ldb_errstring(module->ldb));
+ }
+ } else {
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
+ }
}
return status;
}
diff --git a/selftest/tests.py b/selftest/tests.py
index 7b37111..88a08c9 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -62,6 +62,7 @@ planpythontestsuite("none", "wafsamba.tests.test_suite", extra_path=[os.path.joi
plantestsuite("samba4.blackbox.dbcheck.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
plantestsuite("samba4.blackbox.dbcheck.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
plantestsuite("samba4.blackbox.dbcheck.release-4-1-0rc3", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-1-0rc3', configuration])
+plantestsuite("samba4.blackbox.dbcheck.release-4-1-6-partial-object", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-1-6-partial-object', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
planpythontestsuite("none", "samba.tests.upgradeprovision")
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index a984fcb..e2057e3 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1519,12 +1519,16 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
id->id = uid;
break;
default:
- DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
+ DEBUG(5, ("SID %s belongs to our domain, and "
+ "an object exists in the database, "
+ "but it is neither a user nor a "
+ "group (got type %d).\n",
sid_string_dbg(sid), type));
ret = false;
}
} else {
- DEBUG(5, ("SID %s is or domain, but is unmapped\n",
+ DEBUG(5, ("SID %s belongs to our domain, but there is "
+ "no corresponding object in the database.\n",
sid_string_dbg(sid)));
}
goto done;
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 63bb97c..331d4fb 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -128,7 +128,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
whenChanged = ldb_string_to_time(tstring);
}
if (t - whenChanged > tombstoneLifetime*60*60*24) {
- ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED);
+ ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED|DSDB_MODIFY_RELAX);
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to remove deleted object %s\n",
ldb_dn_get_linearized(res->msgs[i]->dn)));
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b01c956..83dabdf 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2991,6 +2991,20 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
return ldb_next_request(module, req);
}
+ /*
+ * We have to allow dbcheck to remove an object that
+ * is beyond repair, and to do so totally. This could
+ * mean we we can get a partial object from the other
+ * DC, causing havoc, so dbcheck suggests
+ * re-replication first. dbcheck sets both DBCHECK
+ * and RELAX in this situation.
+ */
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)
+ && ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+ /* really, really remove it */
+ return ldb_next_request(module, req);
+ }
+
tmp_ctx = talloc_new(ldb);
if (!tmp_ctx) {
ldb_oom(ldb);
@@ -3034,17 +3048,25 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
}
if (next_deletion_state == OBJECT_REMOVED) {
- struct auth_session_info *session_info =
- (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
- ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
- ldb_dn_get_linearized(old_msg->dn));
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ /*
+ * We have to prevent objects being deleted, even if
+ * the administrator really wants them gone, as
+ * without the tombstone, we can get a partial object
+ * from the other DC, causing havoc.
+ *
+ * The only other valid case is when the 180 day
+ * timeout has expired, when relax is specified.
+ */
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+ /* it is already deleted - really remove it this time */
+ talloc_free(tmp_ctx);
+ return ldb_next_request(module, req);
}
- /* it is already deleted - really remove it this time */
- talloc_free(tmp_ctx);
- return ldb_next_request(module, req);
+ ldb_asprintf_errstring(ldb, "Refusing to delete tombstone object %s. "
+ "This check is to prevent corruption of the replicated state.",
+ ldb_dn_get_linearized(old_msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
}
rdn_name = ldb_dn_get_rdn_name(old_dn);
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 3e58a44..eacbe7d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1746,13 +1746,22 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC
}
/* search for the group record */
- ret = gendb_search(d_state->sam_ctx,
- mem_ctx, d_state->domain_dn, &msgs, attrs,
- "(&(objectSid=%s)(objectClass=group)"
- "(|(groupType=%d)(groupType=%d)))",
- ldap_encode_ndr_dom_sid(mem_ctx, sid),
- GTYPE_SECURITY_UNIVERSAL_GROUP,
- GTYPE_SECURITY_GLOBAL_GROUP);
+ if (d_state->builtin) {
+ ret = gendb_search(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn, &msgs, attrs,
+ "(&(objectSid=%s)(objectClass=group)"
+ "(groupType=%d))",
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+ } else {
+ ret = gendb_search(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn, &msgs, attrs,
+ "(&(objectSid=%s)(objectClass=group)"
+ "(|(groupType=%d)(groupType=%d)))",
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
+ GTYPE_SECURITY_UNIVERSAL_GROUP,
+ GTYPE_SECURITY_GLOBAL_GROUP);
+ }
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
new file mode 100644
index 0000000..17b81fd
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
@@ -0,0 +1,16 @@
+
+[global]
+ netbios name = LOCALDC
+ workgroup = SAMBADOMAIN
+ realm = SAMBA.EXAMPLE.COM
+ private dir = @@PREFIX@@/private
+ lock dir = @@PREFIX@@/
+ posix:eadb = @@PREFIX@@/private/eadb.tdb
+
+[sysvol]
+ path = @@PREFIX@@/sysvol
+ read only = no
+
+[netlogon]
+ path = @@PREFIX@@/sysvol/samba.example.com/scripts
+ read only = no
diff --git a/source4/selftest/provisions/release-4-0-0/private/dns_update_list b/source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
similarity index 100%
copy from source4/selftest/provisions/release-4-0-0/private/dns_update_list
copy to source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
new file mode 100644
index 0000000..3d54547
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
@@ -0,0 +1,80 @@
+{
+key(78) = "DN=KEY=TERMINAL SERVER,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(111) = "g\19\01&\01\00\00\00key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0F\00\00\00Terminal Server\00"
+}
+{
+key(86) = "DN=KEY=PARAMETERS,KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(114) = "g\19\01&\01\00\00\00key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(87) = "DN=KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(115) = "g\19\01&\01\00\00\00key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(40) = "DN=KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(67) = "g\19\01&\01\00\00\00key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\09\00\00\00Microsoft\00"
+}
+{
+key(74) = "DN=KEY=CURRENTVERSION,KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(106) = "g\19\01&\01\00\00\00key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(68) = "DN=KEY=PRINT,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(91) = "g\19\01&\01\00\00\00key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\05\00\00\00Print\00"
+}
+{
+key(59) = "DN=KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(85) = "g\19\01&\01\00\00\00key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Services\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(80) = "g\19\01&\02\00\00\00 at ATTRIBUTES\00key\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00value\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(81) = "g\19\01&\01\00\00\00key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\11\00\00\00CurrentControlSet\00"
+}
+{
+key(77) = "DN=KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(109) = "g\19\01&\01\00\00\00key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0E\00\00\00ProductOptions\00"
+}
+{
+key(71) = "DN=KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(96) = "g\19\01&\01\00\00\00key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Alerter\00"
+}
+{
+key(114) = "DN=VALUE=REFUSEPASSWORDCHANGE,KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(193) = "g\19\01&\03\00\00\00value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\0A\00\00\000x00000000\00type\00\01\00\00\00\01\00\00\004\00value\00\01\00\00\00\14\00\00\00RefusePasswordChange\00"
+}
+{
+key(95) = "DN=VALUE=PRODUCTTYPE,KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(164) = "g\19\01&\03\00\00\00value=ProductType,key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\09\00\00\00LanmanNT\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0B\00\00\00ProductType\00"
+}
+{
+key(55) = "DN=KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(83) = "g\19\01&\01\00\00\00key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Windows NT\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(82) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004722.0Z\00sequenceNumber\00\01\00\00\00\02\00\00\0020\00"
+}
+{
+key(58) = "DN=KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(83) = "g\19\01&\01\00\00\00key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Control\00"
+}
+{
+key(95) = "DN=VALUE=CURRENTVERSION,KEY=CURRENTVERSION,KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(162) = "g\19\01&\03\00\00\00value=CurrentVersion,key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00data\00\01\00\00\00\04\00\00\006.1\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(72) = "DN=KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(98) = "g\19\01&\01\00\00\00key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Netlogon\00"
+}
+{
+key(24) = "DN=KEY=SYSTEM,HIVE=NONE\00"
+data(48) = "g\19\01&\01\00\00\00key=SYSTEM,hive=NONE\00key\00\01\00\00\00\06\00\00\00SYSTEM\00"
+}
+{
+key(26) = "DN=KEY=SOFTWARE,HIVE=NONE\00"
+data(52) = "g\19\01&\01\00\00\00key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\08\00\00\00SOFTWARE\00"
+}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
new file mode 100644
index 0000000..71e714c
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
@@ -0,0 +1,48 @@
+{
+key(13) = "DN=CN=CONFIG\00"
+data(90) = "g\19\01&\03\00\00\00CN=CONFIG\00cn\00\01\00\00\00\06\00\00\00CONFIG\00lowerBound\00\01\00\00\00\07\00\00\003000000\00upperBound\00\01\00\00\00\07\00\00\004000000\00"
+}
+{
+key(26) = "DN=@INDEX:XIDNUMBER:65534\00"
+data(77) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:65534\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00"
+data(150) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+data(234) = "g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-500\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\F4\01\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\04\00\00\001000\00"
+}
+{
+key(14) = "DN=CN=S-1-5-7\00"
+data(145) = "g\19\01&\05\00\00\00CN=S-1-5-7\00cn\00\01\00\00\00\07\00\00\00S-1-5-7\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\0C\00\00\00\01\01\00\00\00\00\00\05\07\00\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\05\00\00\0065534\00"
+}
+{
+key(24) = "DN=@INDEX:XIDNUMBER:100\00"
+data(112) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:100\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\006\00"
+}
+{
+key(25) = "DN=@INDEX:XIDNUMBER:1000\00"
+data(113) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:1000\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(38) = "DN=@INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00"
+data(89) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+data(233) = "g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00"
+data(150) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(14) = "DN=@INDEXLIST\00"
+data(60) = "g\19\01&\01\00\00\00 at INDEXLIST\00 at IDXATTR\00\02\00\00\00\09\00\00\00xidNumber\00\09\00\00\00objectSid\00"
+}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
new file mode 100644
index 0000000..8c1ad96
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
@@ -0,0 +1,4 @@
+[libdefaults]
+ default_realm = SAMBA.EXAMPLE.COM
+ dns_lookup_realm = false
+ dns_lookup_kdc = true
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
new file mode 100644
index 0000000..1f3ca4a
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
@@ -0,0 +1,7 @@
+/* this file is auto-generated - do not edit */
+update-policy {
+ grant SAMBA.EXAMPLE.COM ms-self * A AAAA;
+ grant Administrator at SAMBA.EXAMPLE.COM wildcard * A AAAA SRV CNAME;
+ grant PROMOTEDVDC$@samba.example.com wildcard * A AAAA SRV CNAME;
+ grant LOCALDC$@samba.example.com wildcard * A AAAA SRV CNAME;
+};
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
new file mode 100644
index 0000000..b3efd0f
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
@@ -0,0 +1,156 @@
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00"
+data(97) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-550\00"
+data(214) = "g\19\01&\04\00\00\00sid=S-1-5-32-550\00comment\00\01\00\00\00\0F\00\00\00Print Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00&\02\00\00\00privilege\00\03\00\00\00\15\00\00\00SeLoadDriverPrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00"
+data(122) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00"
+data(95) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00"
+data(97) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(88) = "g\19\01&\02\00\00\00 at ATTRIBUTES\00comment\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00privilege\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-551\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-548\00"
+data(166) = "g\19\01&\04\00\00\00sid=S-1-5-32-548\00comment\00\01\00\00\00\11\00\00\00Account Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00$\02\00\00\00privilege\00\01\00\00\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00"
+data(101) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(43) = "DN=@INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00"
+data(100) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00"
+data(109) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00"
+data(109) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\009\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00"
+data(120) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-551\00"
+data(234) = "g\19\01&\04\00\00\00sid=S-1-5-32-551\00comment\00\01\00\00\00\10\00\00\00Backup Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00'\02\00\00\00privilege\00\04\00\00\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(48) = "DN=@INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00"
+data(105) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(50) = "DN=@INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00"
+data(128) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-544\00"
+data(804) = "g\19\01&\04\00\00\00sid=S-1-5-32-544\00comment\00\01\00\00\00\0E\00\00\00Administrators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00 \02\00\00\00privilege\00\18\00\00\00\13\00\00\00SeSecurityPrivilege\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\15\00\00\00SeSystemtimePrivilege\00\13\00\00\00SeShutdownPrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\18\00\00\00SeTakeOwnershipPrivilege\00\10\00\00\00SeDebugPrivilege\00\1C\00\00\00SeSystemEnvironmentPrivilege\00\18\00\00\00SeSystemProfilePrivilege\00\1F\00\00\00SeProfileSingleProcessPrivilege\00\1F\00\00\00SeIncreaseBasePriorityPrivilege\00\15\00\00\00SeLoadDriverPrivilege\00\19\00\00\00SeCreatePagefilePrivilege\00\18\00\00\00SeIncreaseQuotaPrivilege\00\17\00\00\00SeChangeNotifyPrivilege\00\11\00\00\00SeUndockPrivilege\00\17\00\00\00SeManageVolumePrivilege\00\16\00\00\00SeImpersonatePrivilege\00\17\00\00\00SeCr
eateGlobalPrivilege\00\1B\00\00\00SeEnableDelegationPrivilege\00\17\00\00\00SeInteractiveLogonRight\00\13\00\00\00SeNetworkLogonRight\00\1D\00\00\00SeRemoteInteractiveLogonRight\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00"
+data(137) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-549\00"
+data(290) = "g\19\01&\04\00\00\00sid=S-1-5-32-549\00comment\00\01\00\00\00\10\00\00\00Server Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00%\02\00\00\00privilege\00\06\00\00\00\11\00\00\00SeBackupPrivilege\00\15\00\00\00SeSystemtimePrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00"
+data(160) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\04\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00"
+data(101) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00"
+data(124) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-548\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(49) = "DN=@INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00"
+data(106) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00"
+data(120) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00"
+}
+{
+key(39) = "DN=@INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00"
+data(138) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-554\00"
+data(217) = "g\19\01&\04\00\00\00sid=S-1-5-32-554\00comment\00\01\00\00\00\22\00\00\00Pre-Windows 2000 Compatible Access\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00*\02\00\00\00privilege\00\02\00\00\00\1D\00\00\00SeRemoteInteractiveLogonRight\00\17\00\00\00SeChangeNotifyPrivilege\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-550\00"
+}
--
Samba Shared Repository
More information about the samba-cvs
mailing list