[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Sat May 3 02:21:04 MDT 2014


The branch, master has been updated
       via  d7c22d5 ldb: make the successful ldb_transaction_start() message clearer
       via  81ca9ab s3:passdb: improve a debug message in pdb_default_sid_to_id()
       via  09fbc6c s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
       via  1cfc02d s4:samr: allow builtin groups for samr_OpenGroup.
       via  7c2bf8d selftest: Add tests for dbcheck detection and removal of partial objects
       via  b19d80d dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
      from  4b324f7 s3: Always cache idmapping results of pdb backend.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d7c22d56d3f8be9b8293dd481fb450e3cf2343d3
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Apr 17 09:33:26 2014 +1200

    ldb: make the successful ldb_transaction_start() message clearer
    
    Change-Id: I00d0705484c3b53f55c4a8ec2953e92329b7408e
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Sat May  3 10:20:52 CEST 2014 on sn-devel-104

commit 81ca9ab53b232529911ccdc3e427dffdae78bfa9
Author: Michael Adam <obnox at samba.org>
Date:   Wed Apr 30 12:14:46 2014 +0200

    s3:passdb: improve a debug message in pdb_default_sid_to_id()
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 09fbc6c085e68348c6cc6798acf44b184d7d44bc
Author: Michael Adam <obnox at samba.org>
Date:   Wed Apr 30 12:10:01 2014 +0200

    s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 1cfc02d786b2d88ed1cafc10c501d5a97f254ec2
Author: Michael Adam <obnox at samba.org>
Date:   Tue Apr 29 13:31:42 2014 +0200

    s4:samr: allow builtin groups for samr_OpenGroup.
    
    This fixes nsswitch getgrgid for builtins.
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 7c2bf8d2bc5230e4bd98cc5a0f1b8f3cc56a3f77
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Apr 4 10:40:35 2014 +1300

    selftest: Add tests for dbcheck detection and removal of partial objects
    
    To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
    and a whitelist for dbcheck-oldrelease.sh
    
    Andrew Bartlett
    
    Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit b19d80d0a97faffc165f068612f74d4ef8d7e5da
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Apr 3 14:50:05 2014 +1300

    dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
    
    This kind of deletion can cause us to then replicate back a partial
    object.  We allow dbcheck to directly remove totally corrupt objects
    (missing an objectclass) by specifying both DBCHECK and RELAX, and the
    tombstone sweep after 180 days is done with the RELAX control.
    
    Andrew Bartlett
    
    Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/common/ldb.c                               |   12 +-
 selftest/tests.py                                  |    1 +
 source3/passdb/pdb_interface.c                     |    8 +-
 source4/dsdb/kcc/kcc_deleted.c                     |    2 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |   40 +-
 source4/rpc_server/samr/dcesrv_samr.c              |   23 +-
 .../etc/smb.conf.template                          |   16 +
 .../private/dns_update_list                        |    0
 .../private/hklm.ldb.dump                          |   80 +
 .../private/idmap.ldb.dump                         |   48 +
 .../release-4-1-6-partial-object/private/krb5.conf |    4 +
 .../private/named.conf.update                      |    7 +
 .../private/privilege.ldb.dump                     |  156 +
 .../private/randseed.tdb.dump                      |    0
 ...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |29104 +++++++++++++
 ...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |43468 ++++++++++++++++++++
 ...AINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |  928 +
 ...ESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |  488 +
 .../sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump  | 6036 +++
 .../private/sam.ldb.d/metadata.tdb.dump            |    4 +
 .../private/sam.ldb.dump                           |   40 +
 .../private/schannel_store.tdb.dump                |    0
 .../private/secrets.keytab                         |  Bin 0 -> 1222 bytes
 .../private/secrets.ldb.dump                       |   44 +
 .../private/secrets.tdb.dump                       |   16 +
 .../private/share.ldb.dump                         |   32 +
 .../private/smbd.tmp/msg/names.tdb.dump            |   52 +
 .../private/spn_update_list                        |    0
 .../private/tls/admincert.pem                      |   17 +
 .../private/tls/admincertupn.pem                   |   17 +
 .../private/tls/adminkey.pem                       |   15 +
 .../private/tls/ca.pem                             |   14 +
 .../private/tls/cert.pem                           |   15 +
 .../private/tls/dhparms.pem                        |    5 +
 .../private/tls/kdc.pem                            |   17 +
 .../private/tls/key.pem                            |   15 +
 .../private/wins_config.ldb.dump                   |    8 +
 testprogs/blackbox/dbcheck-oldrelease.sh           |    4 +-
 wscript                                            |    2 +-
 39 files changed, 80712 insertions(+), 26 deletions(-)
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
 copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/dns_update_list (100%)
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
 copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/randseed.tdb.dump (100%)
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/metadata.tdb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.dump
 copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/schannel_store.tdb.dump (100%)
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.keytab
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.tdb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/share.ldb.dump
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/smbd.tmp/msg/names.tdb.dump
 copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/spn_update_list (100%)
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincert.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincertupn.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/adminkey.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/ca.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/cert.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/dhparms.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/kdc.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/key.pem
 create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/wins_config.ldb.dump


Changeset truncated at 500 lines:

diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 36f1c37..c49513c 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -371,10 +371,14 @@ int ldb_transaction_start(struct ldb_context *ldb)
 				ldb_strerror(status),
 				status);
 		}
-	}
-	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { 
-		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s", 
-			  ldb_errstring(module->ldb));				
+		if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+			ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
+				  ldb_errstring(module->ldb));
+		}
+	} else {
+		if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+			ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
+		}
 	}
 	return status;
 }
diff --git a/selftest/tests.py b/selftest/tests.py
index 7b37111..88a08c9 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -62,6 +62,7 @@ planpythontestsuite("none", "wafsamba.tests.test_suite", extra_path=[os.path.joi
 plantestsuite("samba4.blackbox.dbcheck.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
 plantestsuite("samba4.blackbox.dbcheck.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
 plantestsuite("samba4.blackbox.dbcheck.release-4-1-0rc3", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-1-0rc3', configuration])
+plantestsuite("samba4.blackbox.dbcheck.release-4-1-6-partial-object", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-1-6-partial-object', configuration])
 plantestsuite("samba4.blackbox.upgradeprovision.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
 plantestsuite("samba4.blackbox.upgradeprovision.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
 planpythontestsuite("none", "samba.tests.upgradeprovision")
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index a984fcb..e2057e3 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1519,12 +1519,16 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
 				id->id = uid;
 				break;
 			default:
-				DEBUG(5, ("SID %s is our domain, but is not mapped to a user or group (got %d)\n",
+				DEBUG(5, ("SID %s belongs to our domain, and "
+					  "an object exists in the database, "
+					   "but it is neither a user nor a "
+					   "group (got type %d).\n",
 					  sid_string_dbg(sid), type));
 				ret = false;
 			}
 		} else {
-			DEBUG(5, ("SID %s is or domain, but is unmapped\n",
+			DEBUG(5, ("SID %s belongs to our domain, but there is "
+				  "no corresponding object in the database.\n",
 				  sid_string_dbg(sid)));
 		}
 		goto done;
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 63bb97c..331d4fb 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -128,7 +128,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
 				whenChanged = ldb_string_to_time(tstring);
 			}
 			if (t - whenChanged > tombstoneLifetime*60*60*24) {
-				ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED);
+				ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED|DSDB_MODIFY_RELAX);
 				if (ret != LDB_SUCCESS) {
 					DEBUG(1,(__location__ ": Failed to remove deleted object %s\n",
 						 ldb_dn_get_linearized(res->msgs[i]->dn)));
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b01c956..83dabdf 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2991,6 +2991,20 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
 		return ldb_next_request(module, req);
 	}
 
+	/*
+	 * We have to allow dbcheck to remove an object that
+	 * is beyond repair, and to do so totally.  This could
+	 * mean we we can get a partial object from the other
+	 * DC, causing havoc, so dbcheck suggests
+	 * re-replication first.  dbcheck sets both DBCHECK
+	 * and RELAX in this situation.
+	 */
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)
+	    && ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		/* really, really remove it */
+		return ldb_next_request(module, req);
+	}
+
 	tmp_ctx = talloc_new(ldb);
 	if (!tmp_ctx) {
 		ldb_oom(ldb);
@@ -3034,17 +3048,25 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
 	}
 
 	if (next_deletion_state == OBJECT_REMOVED) {
-		struct auth_session_info *session_info =
-				(struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
-		if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
-			ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
-					ldb_dn_get_linearized(old_msg->dn));
-			return LDB_ERR_UNWILLING_TO_PERFORM;
+		/*
+		 * We have to prevent objects being deleted, even if
+		 * the administrator really wants them gone, as
+		 * without the tombstone, we can get a partial object
+		 * from the other DC, causing havoc.
+		 *
+		 * The only other valid case is when the 180 day
+		 * timeout has expired, when relax is specified.
+		 */
+		if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+			/* it is already deleted - really remove it this time */
+			talloc_free(tmp_ctx);
+			return ldb_next_request(module, req);
 		}
 
-		/* it is already deleted - really remove it this time */
-		talloc_free(tmp_ctx);
-		return ldb_next_request(module, req);
+		ldb_asprintf_errstring(ldb, "Refusing to delete tombstone object %s.  "
+				       "This check is to prevent corruption of the replicated state.",
+				       ldb_dn_get_linearized(old_msg->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
 
 	rdn_name = ldb_dn_get_rdn_name(old_dn);
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 3e58a44..eacbe7d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1746,13 +1746,22 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC
 	}
 
 	/* search for the group record */
-	ret = gendb_search(d_state->sam_ctx,
-			   mem_ctx, d_state->domain_dn, &msgs, attrs,
-			   "(&(objectSid=%s)(objectClass=group)"
-			   "(|(groupType=%d)(groupType=%d)))",
-			   ldap_encode_ndr_dom_sid(mem_ctx, sid),
-			   GTYPE_SECURITY_UNIVERSAL_GROUP,
-			   GTYPE_SECURITY_GLOBAL_GROUP);
+	if (d_state->builtin) {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(groupType=%d))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+	} else {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(|(groupType=%d)(groupType=%d)))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_UNIVERSAL_GROUP,
+				   GTYPE_SECURITY_GLOBAL_GROUP);
+	}
 	if (ret == 0) {
 		return NT_STATUS_NO_SUCH_GROUP;
 	}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
new file mode 100644
index 0000000..17b81fd
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
@@ -0,0 +1,16 @@
+
+[global]
+	netbios name = LOCALDC
+	workgroup = SAMBADOMAIN
+	realm = SAMBA.EXAMPLE.COM
+	private dir = @@PREFIX@@/private
+	lock dir = @@PREFIX@@/
+	posix:eadb = @@PREFIX@@/private/eadb.tdb
+
+[sysvol]
+	path = @@PREFIX@@/sysvol
+	read only = no
+
+[netlogon]
+	path = @@PREFIX@@/sysvol/samba.example.com/scripts
+	read only = no
diff --git a/source4/selftest/provisions/release-4-0-0/private/dns_update_list b/source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
similarity index 100%
copy from source4/selftest/provisions/release-4-0-0/private/dns_update_list
copy to source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
new file mode 100644
index 0000000..3d54547
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
@@ -0,0 +1,80 @@
+{
+key(78) = "DN=KEY=TERMINAL SERVER,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(111) = "g\19\01&\01\00\00\00key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0F\00\00\00Terminal Server\00"
+}
+{
+key(86) = "DN=KEY=PARAMETERS,KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(114) = "g\19\01&\01\00\00\00key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(87) = "DN=KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(115) = "g\19\01&\01\00\00\00key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(40) = "DN=KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(67) = "g\19\01&\01\00\00\00key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\09\00\00\00Microsoft\00"
+}
+{
+key(74) = "DN=KEY=CURRENTVERSION,KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(106) = "g\19\01&\01\00\00\00key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(68) = "DN=KEY=PRINT,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(91) = "g\19\01&\01\00\00\00key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\05\00\00\00Print\00"
+}
+{
+key(59) = "DN=KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(85) = "g\19\01&\01\00\00\00key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Services\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(80) = "g\19\01&\02\00\00\00 at ATTRIBUTES\00key\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00value\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(81) = "g\19\01&\01\00\00\00key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\11\00\00\00CurrentControlSet\00"
+}
+{
+key(77) = "DN=KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(109) = "g\19\01&\01\00\00\00key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0E\00\00\00ProductOptions\00"
+}
+{
+key(71) = "DN=KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(96) = "g\19\01&\01\00\00\00key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Alerter\00"
+}
+{
+key(114) = "DN=VALUE=REFUSEPASSWORDCHANGE,KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(193) = "g\19\01&\03\00\00\00value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\0A\00\00\000x00000000\00type\00\01\00\00\00\01\00\00\004\00value\00\01\00\00\00\14\00\00\00RefusePasswordChange\00"
+}
+{
+key(95) = "DN=VALUE=PRODUCTTYPE,KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(164) = "g\19\01&\03\00\00\00value=ProductType,key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\09\00\00\00LanmanNT\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0B\00\00\00ProductType\00"
+}
+{
+key(55) = "DN=KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(83) = "g\19\01&\01\00\00\00key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Windows NT\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(82) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004722.0Z\00sequenceNumber\00\01\00\00\00\02\00\00\0020\00"
+}
+{
+key(58) = "DN=KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(83) = "g\19\01&\01\00\00\00key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Control\00"
+}
+{
+key(95) = "DN=VALUE=CURRENTVERSION,KEY=CURRENTVERSION,KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(162) = "g\19\01&\03\00\00\00value=CurrentVersion,key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE\00data\00\01\00\00\00\04\00\00\006.1\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(72) = "DN=KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(98) = "g\19\01&\01\00\00\00key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Netlogon\00"
+}
+{
+key(24) = "DN=KEY=SYSTEM,HIVE=NONE\00"
+data(48) = "g\19\01&\01\00\00\00key=SYSTEM,hive=NONE\00key\00\01\00\00\00\06\00\00\00SYSTEM\00"
+}
+{
+key(26) = "DN=KEY=SOFTWARE,HIVE=NONE\00"
+data(52) = "g\19\01&\01\00\00\00key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\08\00\00\00SOFTWARE\00"
+}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
new file mode 100644
index 0000000..71e714c
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
@@ -0,0 +1,48 @@
+{
+key(13) = "DN=CN=CONFIG\00"
+data(90) = "g\19\01&\03\00\00\00CN=CONFIG\00cn\00\01\00\00\00\06\00\00\00CONFIG\00lowerBound\00\01\00\00\00\07\00\00\003000000\00upperBound\00\01\00\00\00\07\00\00\004000000\00"
+}
+{
+key(26) = "DN=@INDEX:XIDNUMBER:65534\00"
+data(77) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:65534\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00"
+data(150) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+data(234) = "g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-500\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\F4\01\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\04\00\00\001000\00"
+}
+{
+key(14) = "DN=CN=S-1-5-7\00"
+data(145) = "g\19\01&\05\00\00\00CN=S-1-5-7\00cn\00\01\00\00\00\07\00\00\00S-1-5-7\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\0C\00\00\00\01\01\00\00\00\00\00\05\07\00\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\05\00\00\0065534\00"
+}
+{
+key(24) = "DN=@INDEX:XIDNUMBER:100\00"
+data(112) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:100\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\006\00"
+}
+{
+key(25) = "DN=@INDEX:XIDNUMBER:1000\00"
+data(113) = "g\19\01&\02\00\00\00 at INDEX:XIDNUMBER:1000\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(38) = "DN=@INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00"
+data(89) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+data(233) = "g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00"
+data(150) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(14) = "DN=@INDEXLIST\00"
+data(60) = "g\19\01&\01\00\00\00 at INDEXLIST\00 at IDXATTR\00\02\00\00\00\09\00\00\00xidNumber\00\09\00\00\00objectSid\00"
+}
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
new file mode 100644
index 0000000..8c1ad96
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
@@ -0,0 +1,4 @@
+[libdefaults]
+	default_realm = SAMBA.EXAMPLE.COM
+	dns_lookup_realm = false
+	dns_lookup_kdc = true
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
new file mode 100644
index 0000000..1f3ca4a
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
@@ -0,0 +1,7 @@
+/* this file is auto-generated - do not edit */
+update-policy {
+	grant SAMBA.EXAMPLE.COM ms-self * A AAAA;
+	grant Administrator at SAMBA.EXAMPLE.COM wildcard * A AAAA SRV CNAME;
+	grant PROMOTEDVDC$@samba.example.com wildcard * A AAAA SRV CNAME;
+	grant LOCALDC$@samba.example.com wildcard * A AAAA SRV CNAME;
+};
diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
new file mode 100644
index 0000000..b3efd0f
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
@@ -0,0 +1,156 @@
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00"
+data(97) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-550\00"
+data(214) = "g\19\01&\04\00\00\00sid=S-1-5-32-550\00comment\00\01\00\00\00\0F\00\00\00Print Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00&\02\00\00\00privilege\00\03\00\00\00\15\00\00\00SeLoadDriverPrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00"
+data(122) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00"
+data(95) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00"
+data(97) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(88) = "g\19\01&\02\00\00\00 at ATTRIBUTES\00comment\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00privilege\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-551\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-548\00"
+data(166) = "g\19\01&\04\00\00\00sid=S-1-5-32-548\00comment\00\01\00\00\00\11\00\00\00Account Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00$\02\00\00\00privilege\00\01\00\00\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00"
+data(101) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(43) = "DN=@INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00"
+data(100) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00"
+data(109) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00"
+data(109) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) = "g\19\01&\02\00\00\00 at BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\009\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00"
+data(120) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-551\00"
+data(234) = "g\19\01&\04\00\00\00sid=S-1-5-32-551\00comment\00\01\00\00\00\10\00\00\00Backup Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00'\02\00\00\00privilege\00\04\00\00\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(48) = "DN=@INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00"
+data(105) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(50) = "DN=@INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00"
+data(128) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-544\00"
+data(804) = "g\19\01&\04\00\00\00sid=S-1-5-32-544\00comment\00\01\00\00\00\0E\00\00\00Administrators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00 \02\00\00\00privilege\00\18\00\00\00\13\00\00\00SeSecurityPrivilege\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\15\00\00\00SeSystemtimePrivilege\00\13\00\00\00SeShutdownPrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\18\00\00\00SeTakeOwnershipPrivilege\00\10\00\00\00SeDebugPrivilege\00\1C\00\00\00SeSystemEnvironmentPrivilege\00\18\00\00\00SeSystemProfilePrivilege\00\1F\00\00\00SeProfileSingleProcessPrivilege\00\1F\00\00\00SeIncreaseBasePriorityPrivilege\00\15\00\00\00SeLoadDriverPrivilege\00\19\00\00\00SeCreatePagefilePrivilege\00\18\00\00\00SeIncreaseQuotaPrivilege\00\17\00\00\00SeChangeNotifyPrivilege\00\11\00\00\00SeUndockPrivilege\00\17\00\00\00SeManageVolumePrivilege\00\16\00\00\00SeImpersonatePrivilege\00\17\00\00\00SeCr
 eateGlobalPrivilege\00\1B\00\00\00SeEnableDelegationPrivilege\00\17\00\00\00SeInteractiveLogonRight\00\13\00\00\00SeNetworkLogonRight\00\1D\00\00\00SeRemoteInteractiveLogonRight\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00"
+data(137) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-549\00"
+data(290) = "g\19\01&\04\00\00\00sid=S-1-5-32-549\00comment\00\01\00\00\00\10\00\00\00Server Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00%\02\00\00\00privilege\00\06\00\00\00\11\00\00\00SeBackupPrivilege\00\15\00\00\00SeSystemtimePrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00"
+data(160) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\04\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00"
+data(101) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00"
+data(124) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-548\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00"
+data(102) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(49) = "DN=@INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00"
+data(106) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00"
+data(120) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00"
+}
+{
+key(39) = "DN=@INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00"
+data(138) = "g\19\01&\02\00\00\00 at INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-554\00"
+data(217) = "g\19\01&\04\00\00\00sid=S-1-5-32-554\00comment\00\01\00\00\00\22\00\00\00Pre-Windows 2000 Compatible Access\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05 \00\00\00*\02\00\00\00privilege\00\02\00\00\00\1D\00\00\00SeRemoteInteractiveLogonRight\00\17\00\00\00SeChangeNotifyPrivilege\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00"
+data(103) = "g\19\01&\02\00\00\00 at INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00 at IDXVERSION\00\01\00\00\00\01\00\00\002\00 at IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-550\00"
+}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list