The branch, master has been updated via 0c36259... s4-schema: fixed the sorting of schema attributes via ec7dc6a... s4-torture: update uuid_compare test for new behaviour via ad35153... s4-drs: Implement constraints on ATTID values in prefixMap via 911cefd... s4-tort: Test handling of different ATTID values in prefixMap interface. via 35b8808... Adapted acl module to skip checks if as_system control is provided. via 9f6c818... s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM control via 7685bbb... s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM via 11e2c57... s4-dsdb-util: Utility function to process ldb_request in transaction via 516316b... s4-schema: Implement msDS-IntId attribute generation via a409c0f... s4-schema: Constraints on msDS-IntId attribute via 4e8ad28... s4-schema: Set ATTID in schema cache from "msDS-IntId" via 14bac3a... Revert "s4-drs: cope with bogus empty attributes from w2k8-r2" via ee48f58... s4-tort: Tests for "msDS-IntId" attribute implemented via c113be8... s4-tort: Move Schema tests from ldap.py into separate module via d9606d6... s4-drs: Fix bug - prefixMap is not updated when adding new OIDs. via 03a1451... s4-drstest: Don't remove temp LDB so it can be reviewed if necessary via 452fc0d... s4-repl: give a reason why the prepare commit failed via 92d75a4... s4-kcc: don't crash with a NULL ntds connection list via 60acce5... s4-repl: only try to replicate for NCs that we are a master for via 87f28cc... s4-torture: another unsigned comparison bug via ec74ffa... s4-schema: a unsigned comparison bug in the schema code via d370810... s4-drs: another two unsigned comparison bugs via a106fef... librpc: fixed the GUID_compare() function via 2a4a159... s4-repl: lower debug level of a common message via 47560bf... s4-dsdb: don't use a non-constant format string for a printf format via a070119... s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() calls via 9d56f65... s4-dsdb: added dsdb_get_extended_dn_uint64() via e89a2db... s4-dsdb: use varargs expression in dsdb_module_search() via 2c88ffb... s4-dsdb: added two new dsdb_get_extended_dn_*() helper functions via dbda2c2... s4-provision: added a note about where invocationIDs come from via 882768c... s4-dsdb: give us an invocationID when in standalone mode from 1b5389a... s3: Fix an error case in cli_negprot
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0c362597c0f933b3612bb17328c0a13b73d72e43 Author: Andrew Tridgell <tri...@samba.org> Date: Mon Dec 21 23:36:23 2009 +1100 s4-schema: fixed the sorting of schema attributes another case of unsigned int subtracting breaking sorts. This one surfaced now as attributeID_id now can be larger than 2^31 commit ec7dc6a619d7fca83a49065c45fdbc0fa93249a0 Author: Andrew Tridgell <tri...@samba.org> Date: Mon Dec 21 23:19:08 2009 +1100 s4-torture: update uuid_compare test for new behaviour commit ad35153ef40ade858302dab2877353682604265b Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sat Dec 19 01:49:31 2009 +0200 s4-drs: Implement constraints on ATTID values in prefixMap Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 911cefd48be67878dea89f905bc7de1cd3f7c40f Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sat Dec 19 01:48:41 2009 +0200 s4-tort: Test handling of different ATTID values in prefixMap interface. It turns out ATTID values are separated in ranges. Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 35b8808b94808f5d689c2b034ff5c21c739c11a4 Author: Nadezhda Ivanova <nadezhda.ivan...@postpath.com> Date: Fri Dec 18 18:00:15 2009 +0200 Adapted acl module to skip checks if as_system control is provided. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 9f6c81874f6e63f30432814e4f443a69c4e04429 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 18:15:49 2009 +0200 s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM control Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 7685bbbc4ea2ffc522a1582a561477dad2c862b2 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 18:14:38 2009 +0200 s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM This function is intended to be used when data needs to be modified skipping access checks. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 11e2c5777dc1bd8af1f696e04d0712fe43e7a21a Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 18:11:48 2009 +0200 s4-dsdb-util: Utility function to process ldb_request in transaction This function is to be used later for manually crafted ldb_requests from within dsdb layer Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 516316b107e309a32362b7de9b010b73545480e0 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 03:46:39 2009 +0200 s4-schema: Implement msDS-IntId attribute generation Signed-off-by: Andrew Tridgell <tri...@samba.org> commit a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Thu Dec 17 23:26:47 2009 +0200 s4-schema: Constraints on msDS-IntId attribute This attribute can not be modified on existing schema object. msDS-IntId is not allowed during attribute creation also. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 4e8ad284f5813413fdec8426f11e24570d22549b Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 04:08:52 2009 +0200 s4-schema: Set ATTID in schema cache from "msDS-IntId" According to http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx some Attributes OIDs may not use prefixMap. Setting ATTID in Schema Cache here should work, although this code snippet should be moved in separate function. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 14bac3a3e6a9308d9088559cf8f898b6ac4b4d68 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 03:58:29 2009 +0200 Revert "s4-drs: cope with bogus empty attributes from w2k8-r2" This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c. Next patch should fix the "not recognized ATTIDs" problem Signed-off-by: Andrew Tridgell <tri...@samba.org> commit ee48f583b5f7a7acdf4857d69db49dfa36992f4d Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Thu Dec 17 19:27:47 2009 +0200 s4-tort: Tests for "msDS-IntId" attribute implemented Signed-off-by: Andrew Tridgell <tri...@samba.org> commit c113be8526fe5a4b67410a557201717ee2a385eb Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Mon Dec 14 01:52:18 2009 +0200 s4-tort: Move Schema tests from ldap.py into separate module Signed-off-by: Andrew Tridgell <tri...@samba.org> commit d9606d64ddad4e593b02310b392cd11ff4114aa1 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 18 03:53:13 2009 +0200 s4-drs: Fix bug - prefixMap is not updated when adding new OIDs. The bug is that prefixMap is updated only memory when adding new Classs/Attribute that has and OID not in prefixMap already. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 03a1451bbc663a4dbb102d5e150b92acbe7f9599 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Fri Dec 4 03:58:59 2009 +0200 s4-drstest: Don't remove temp LDB so it can be reviewed if necessary This test makes temp directory which is not removed so why not just leave LDB also. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 452fc0d6f44eea0876c3671400d8a8713d00ddce Author: Andrew Tridgell <tri...@samba.org> Date: Mon Dec 21 20:58:09 2009 +1100 s4-repl: give a reason why the prepare commit failed commit 92d75a4bfb1d666950f39aba19fcc4d97c2234ad Author: Andrew Tridgell <tri...@samba.org> Date: Mon Dec 21 20:57:21 2009 +1100 s4-kcc: don't crash with a NULL ntds connection list commit 60acce584bf75c54c71813c93b6c607ef32c867d Author: Andrew Tridgell <tri...@samba.org> Date: Sun Dec 20 11:06:23 2009 +1100 s4-repl: only try to replicate for NCs that we are a master for commit 87f28cc2671cf0211b0f1b286b719c5baf9e8111 Author: Andrew Tridgell <tri...@samba.org> Date: Sun Dec 20 10:27:17 2009 +1100 s4-torture: another unsigned comparison bug commit ec74ffa8f08d85c55ec7fc592101a21340b9a97d Author: Andrew Tridgell <tri...@samba.org> Date: Sun Dec 20 10:26:21 2009 +1100 s4-schema: a unsigned comparison bug in the schema code commit d3708109a141f5d6468a89e35176cb56e7a8d821 Author: Andrew Tridgell <tri...@samba.org> Date: Sun Dec 20 10:26:06 2009 +1100 s4-drs: another two unsigned comparison bugs commit a106fefcfb0cb60ce439884d8cd0c920d2fb193a Author: Andrew Tridgell <tri...@samba.org> Date: Sun Dec 20 10:25:46 2009 +1100 librpc: fixed the GUID_compare() function When comparing two unsigned values you can't just subtract them. Imagine you are comparing: "uint32_t u1" and "uint32_t u2". If you use "u1 - u2" and u2 is zero, then the signed integer result will depend on the top bit of u1. This error occurs in a few places in Samba. For DRS replication it resulted in corrupt uptodateness vectors. commit 2a4a159a8443ebaae53f5902a0f5c1f8536a6edd Author: Andrew Tridgell <tri...@samba.org> Date: Sat Dec 19 23:32:48 2009 +1100 s4-repl: lower debug level of a common message commit 47560bfda9932efa6b225a223aba662a4d72e637 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Dec 19 20:58:00 2009 +1100 s4-dsdb: don't use a non-constant format string for a printf format commit a070119de34274e6122461d9cc0e9829b5fb6865 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Dec 19 20:56:41 2009 +1100 s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() calls commit 9d56f656d4f593289340a876445785cdfefd3d91 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Dec 19 12:23:42 2009 +1100 s4-dsdb: added dsdb_get_extended_dn_uint64() commit e89a2db4f24ee70c45e0636e9baa8b6212a27cde Author: Andrew Tridgell <tri...@samba.org> Date: Fri Dec 18 20:55:23 2009 +1100 s4-dsdb: use varargs expression in dsdb_module_search() Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 2c88ffb8f1f3691d29a88ab263dde5b07f4f400a Author: Andrew Tridgell <tri...@samba.org> Date: Fri Dec 18 20:54:23 2009 +1100 s4-dsdb: added two new dsdb_get_extended_dn_*() helper functions Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit dbda2c2db5a3c0c39134fde1ae58ceadf473a87f Author: Andrew Tridgell <tri...@samba.org> Date: Fri Dec 18 14:45:58 2009 +1100 s4-provision: added a note about where invocationIDs come from Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 882768c8785995acccbdf562be99a68fc0dde33b Author: Andrew Tridgell <tri...@samba.org> Date: Fri Dec 18 13:47:46 2009 +1100 s4-dsdb: give us an invocationID when in standalone mode To allow us to use the repl_meta_data module in standalone mode (and thus not have two module stacks to test), we need a invocationID stored somewhere when standalone. This creates a random one, and stores it in @SAMBA_DSDB. Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: librpc/ndr/uuid.c | 10 +- source4/dsdb/common/util.c | 126 ++++++ source4/dsdb/kcc/kcc_connection.c | 6 +- source4/dsdb/repl/drepl_notify.c | 2 +- source4/dsdb/repl/drepl_partitions.c | 7 +- source4/dsdb/repl/replicated_objects.c | 20 +- source4/dsdb/samdb/ldb_modules/acl.c | 24 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 +- source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 80 ++++- source4/dsdb/samdb/ldb_modules/schema_data.c | 175 ++++++++- source4/dsdb/samdb/ldb_modules/util.c | 28 +- source4/dsdb/samdb/ldb_modules/util.h | 1 + source4/dsdb/schema/prefixmap.h | 11 + source4/dsdb/schema/schema_init.c | 23 +- source4/dsdb/schema/schema_prefixmap.c | 24 ++ source4/dsdb/schema/schema_query.c | 3 +- source4/dsdb/schema/schema_set.c | 12 +- source4/lib/ldb/tests/python/ldap.py | 133 ------ source4/lib/ldb/tests/python/ldap_schema.py | 500 +++++++++++++++++++++++ source4/scripting/python/samba/provision.py | 2 + source4/selftest/tests.sh | 1 + source4/torture/drs/unit/prefixmap_tests.c | 45 ++- source4/torture/ndr/ndr.c | 13 +- source4/torture/raw/qfileinfo.c | 2 +- 24 files changed, 1038 insertions(+), 218 deletions(-) create mode 100755 source4/lib/ldb/tests/python/ldap_schema.py Changeset truncated at 500 lines: diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c index 429a1b1..1899afb 100644 --- a/librpc/ndr/uuid.c +++ b/librpc/ndr/uuid.c @@ -241,23 +241,23 @@ _PUBLIC_ bool GUID_equal(const struct GUID *u1, const struct GUID *u2) _PUBLIC_ int GUID_compare(const struct GUID *u1, const struct GUID *u2) { if (u1->time_low != u2->time_low) { - return u1->time_low - u2->time_low; + return u1->time_low > u2->time_low ? 1 : -1; } if (u1->time_mid != u2->time_mid) { - return u1->time_mid - u2->time_mid; + return u1->time_mid > u2->time_mid ? 1 : -1; } if (u1->time_hi_and_version != u2->time_hi_and_version) { - return u1->time_hi_and_version - u2->time_hi_and_version; + return u1->time_hi_and_version > u2->time_hi_and_version ? 1 : -1; } if (u1->clock_seq[0] != u2->clock_seq[0]) { - return u1->clock_seq[0] - u2->clock_seq[0]; + return u1->clock_seq[0] > u2->clock_seq[0] ? 1 : -1; } if (u1->clock_seq[1] != u2->clock_seq[1]) { - return u1->clock_seq[1] - u2->clock_seq[1]; + return u1->clock_seq[1] > u2->clock_seq[1] ? 1 : -1; } return memcmp(u1->node, u2->node, 6); diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 61d065b..561edff 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -997,6 +997,81 @@ int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_m } /* + * Handle ldb_request in transaction + */ +static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, + struct ldb_request *req) +{ + int ret; + + ret = ldb_transaction_start(sam_ldb); + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_request(sam_ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + if (ret == LDB_SUCCESS) { + return ldb_transaction_commit(sam_ldb); + } + ldb_transaction_cancel(sam_ldb); + + return ret; +} + +/* + * replace elements in a record using LDB_CONTROL_AS_SYSTEM + * used to skip access checks on operations + * that are performed by the system + */ +int samdb_replace_as_system(struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg) +{ + int i; + int ldb_ret; + struct ldb_request *req = NULL; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + + ldb_ret = ldb_msg_sanity_check(sam_ldb, msg); + if (ldb_ret != LDB_SUCCESS) { + return ldb_ret; + } + + ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx, + msg, + NULL, + NULL, + ldb_op_default_callback, + NULL); + + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + /* do request and auto start a transaction */ + ldb_ret = dsdb_autotransaction_request(sam_ldb, req); + + talloc_free(req); + return ldb_ret; +} + +/* return a default security descriptor */ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx) @@ -2735,6 +2810,57 @@ NTSTATUS dsdb_get_extended_dn_guid(struct ldb_dn *dn, struct GUID *guid) } /* + return a uint64_t from a extended DN structure + */ +NTSTATUS dsdb_get_extended_dn_uint64(struct ldb_dn *dn, uint64_t *val, const char *component_name) +{ + const struct ldb_val *v; + char *s; + + v = ldb_dn_get_extended_component(dn, component_name); + if (v == NULL) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + s = talloc_strndup(dn, (const char *)v->data, v->length); + NT_STATUS_HAVE_NO_MEMORY(s); + + *val = strtoull(s, NULL, 0); + + talloc_free(s); + return NT_STATUS_OK; +} + +/* + return a NTTIME from a extended DN structure + */ +NTSTATUS dsdb_get_extended_dn_nttime(struct ldb_dn *dn, NTTIME *nttime, const char *component_name) +{ + return dsdb_get_extended_dn_uint64(dn, nttime, component_name); +} + +/* + return a uint32_t from a extended DN structure + */ +NTSTATUS dsdb_get_extended_dn_uint32(struct ldb_dn *dn, uint32_t *val, const char *component_name) +{ + const struct ldb_val *v; + char *s; + + v = ldb_dn_get_extended_component(dn, component_name); + if (v == NULL) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + s = talloc_strndup(dn, (const char *)v->data, v->length); + NT_STATUS_HAVE_NO_MEMORY(s); + + *val = strtoul(s, NULL, 0); + + talloc_free(s); + return NT_STATUS_OK; +} + +/* return true if a ldb_val containing a DN in storage form is deleted */ bool dsdb_dn_is_deleted_val(struct ldb_val *val) diff --git a/source4/dsdb/kcc/kcc_connection.c b/source4/dsdb/kcc/kcc_connection.c index ee9a05a..7319804 100644 --- a/source4/dsdb/kcc/kcc_connection.c +++ b/source4/dsdb/kcc/kcc_connection.c @@ -133,7 +133,7 @@ void kccsrv_apply_connections(struct kccsrv_service *s, { int i, j, deleted = 0, added = 0, ret; - for (i = 0; i < ntds_list->count; i++) { + for (i = 0; ntds_list && i < ntds_list->count; i++) { struct kcc_connection *ntds = &ntds_list->servers[i]; for (j = 0; j < dsa_list->count; j++) { struct kcc_connection *dsa = &dsa_list->servers[j]; @@ -152,13 +152,13 @@ void kccsrv_apply_connections(struct kccsrv_service *s, for (i = 0; i < dsa_list->count; i++) { struct kcc_connection *dsa = &dsa_list->servers[i]; - for (j = 0; j < ntds_list->count; j++) { + for (j = 0; ntds_list && j < ntds_list->count; j++) { struct kcc_connection *ntds = &ntds_list->servers[j]; if (GUID_equal(&dsa->dsa_guid, &ntds->dsa_guid)) { break; } } - if (j == ntds_list->count) { + if (ntds_list == NULL || j == ntds_list->count) { ret = kccsrv_add_connection(s, dsa); if (ret == LDB_SUCCESS) { added++; diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c index e8652dc..fe3b2d2 100644 --- a/source4/dsdb/repl/drepl_notify.c +++ b/source4/dsdb/repl/drepl_notify.c @@ -404,7 +404,7 @@ WERROR dreplsrv_notify_schedule(struct dreplsrv_service *service, uint32_t next_ W_ERROR_HAVE_NO_MEMORY(new_te); tmp_mem = talloc_new(service); - DEBUG(2,("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n", + DEBUG(4,("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n", next_interval, (service->notify.te?"re":""), nt_time_string(tmp_mem, timeval_to_nttime(&next_time)))); diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c index 85412a7..5b8227e 100644 --- a/source4/dsdb/repl/drepl_partitions.c +++ b/source4/dsdb/repl/drepl_partitions.c @@ -39,16 +39,15 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s) struct ldb_dn *basedn; struct ldb_result *r; struct ldb_message_element *el; - static const char *attrs[] = { "namingContexts", NULL }; + static const char *attrs[] = { "hasMasterNCs", NULL }; uint32_t i; int ret; - basedn = ldb_dn_new(s, s->samdb, NULL); + basedn = samdb_ntds_settings_dn(s->samdb); W_ERROR_HAVE_NO_MEMORY(basedn); ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs, "(objectClass=*)"); - talloc_free(basedn); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } else if (r->count != 1) { @@ -56,7 +55,7 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s) return WERR_FOOBAR; } - el = ldb_msg_find_element(r->msgs[0], "namingContexts"); + el = ldb_msg_find_element(r->msgs[0], "hasMasterNCs"); if (!el) { return WERR_FOOBAR; } diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index 1efbd29..c72b107 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -128,15 +128,6 @@ static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg->elements, e); - if (!NT_STATUS_IS_OK(status) && a->value_ctr.num_values == 0) { - /* w2k8-r2 occasionally sends bogus empty - attributes with rubbish attribute IDs. The - only think we can do is discard these */ - DEBUG(0,(__location__ ": Discarding bogus empty DsReplicaAttribute with attid 0x%x\n", - a->attid)); - ZERO_STRUCTP(e); - continue; - } W_ERROR_NOT_OK_RETURN(status); m->attid = a->attid; @@ -157,14 +148,6 @@ static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } } - /* delete any empty elements */ - for (i=0; i < msg->num_elements; i++) { - if (msg->elements[i].name == NULL) { - ldb_msg_remove_element(msg, &msg->elements[i]); - i--; - } - } - if (rdn_m) { struct ldb_message_element *el; el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName); @@ -319,7 +302,8 @@ WERROR dsdb_extended_replicated_objects_commit(struct ldb_context *ldb, ret = ldb_transaction_prepare_commit(ldb); if (ret != LDB_SUCCESS) { - DEBUG(0,(__location__ " Failed to prepare commit of transaction\n")); + DEBUG(0,(__location__ " Failed to prepare commit of transaction: %s\n", + ldb_errstring(ldb))); return WERR_FOOBAR; } diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index b70b895..a329836 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -447,8 +447,10 @@ static int acl_allowedAttributes(struct ldb_module *module, if (ac->allowedAttributesEffective) { struct security_descriptor *sd; struct dom_sid *sid = NULL; + struct ldb_control *as_system = ldb_request_get_control(ac->req, + LDB_CONTROL_AS_SYSTEM_OID); ldb_msg_remove_attr(msg, "allowedAttributesEffective"); - if (ac->user_type == SECURITY_SYSTEM) { + if (ac->user_type == SECURITY_SYSTEM || as_system) { for (i=0; attr_list && attr_list[i]; i++) { ldb_msg_add_string(msg, "allowedAttributesEffective", attr_list[i]); } @@ -559,10 +561,12 @@ static int acl_childClassesEffective(struct ldb_module *module, const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *sclass; struct security_descriptor *sd; + struct ldb_control *as_system = ldb_request_get_control(ac->req, + LDB_CONTROL_AS_SYSTEM_OID); struct dom_sid *sid = NULL; int i, j, ret; - if (ac->user_type == SECURITY_SYSTEM) { + if (ac->user_type == SECURITY_SYSTEM || as_system) { return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective"); } @@ -635,6 +639,8 @@ static int acl_sDRightsEffective(struct ldb_module *module, struct ldb_message_element *rightsEffective; int ret; struct security_descriptor *sd; + struct ldb_control *as_system = ldb_request_get_control(ac->req, + LDB_CONTROL_AS_SYSTEM_OID); struct dom_sid *sid = NULL; uint32_t flags = 0; @@ -644,7 +650,7 @@ static int acl_sDRightsEffective(struct ldb_module *module, if (ret != LDB_SUCCESS) { return ret; } - if (ac->user_type == SECURITY_SYSTEM) { + if (ac->user_type == SECURITY_SYSTEM || as_system) { flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL; } else { @@ -699,8 +705,9 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req) const struct GUID *guid; struct object_tree *root = NULL; struct object_tree *new_node = NULL; + struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - if (what_is_user(module) == SECURITY_SYSTEM) { + if (what_is_user(module) == SECURITY_SYSTEM || as_system) { return ldb_next_request(module, req); } @@ -752,6 +759,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) struct ldb_result *acl_res; struct security_descriptor *sd; struct dom_sid *sid = NULL; + struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); TALLOC_CTX *tmp_ctx = talloc_new(req); static const char *acl_attrs[] = { "nTSecurityDescriptor", @@ -765,7 +773,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) { DEBUG(10, ("ldb:acl_modify: %s\n", req->op.mod.message->elements[0].name)); } - if (what_is_user(module) == SECURITY_SYSTEM) { + if (what_is_user(module) == SECURITY_SYSTEM || as_system) { return ldb_next_request(module, req); } if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -890,9 +898,10 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) int ret; struct ldb_dn *parent = ldb_dn_get_parent(req, req->op.del.dn); struct ldb_context *ldb; + struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn))); - if (what_is_user(module) == SECURITY_SYSTEM) { + if (what_is_user(module) == SECURITY_SYSTEM || as_system) { return ldb_next_request(module, req); } @@ -934,6 +943,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) const struct GUID *guid; struct object_tree *root = NULL; struct object_tree *new_node = NULL; + struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); TALLOC_CTX *tmp_ctx = talloc_new(req); NTSTATUS status; uint32_t access_granted; @@ -945,7 +955,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) }; DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn))); - if (what_is_user(module) == SECURITY_SYSTEM) { + if (what_is_user(module) == SECURITY_SYSTEM || as_system) { return ldb_next_request(module, req); } if (ldb_dn_is_special(req->op.rename.olddn)) { diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 3ae165c..3d31cc3 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -336,7 +336,7 @@ static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMeta return -1; } - return m1->attid - m2->attid; + return m1->attid > m2->attid ? 1 : -1; } static int replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1, @@ -390,8 +390,10 @@ static int replmd_ldb_message_element_attid_sort(const struct ldb_message_elemen if (!a1 || !a2) { return strcasecmp(e1->name, e2->name); } - - return a1->attributeID_id - a2->attributeID_id; + if (a1->attributeID_id == a2->attributeID_id) { + return 0; + } + return a1->attributeID_id > a2->attributeID_id ? 1 : -1; } static void replmd_ldb_message_sort(struct ldb_message *msg, diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c index ee7e42e..bfa2599 100644 --- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c +++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c @@ -38,6 +38,7 @@ #include "dsdb/samdb/ldb_modules/util.h" #include "dsdb/samdb/samdb.h" +#include "librpc/ndr/libndr.h" static int read_at_rootdse_record(struct ldb_context *ldb, struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_message **msg) @@ -135,6 +136,55 @@ static int prepare_modules_line(struct ldb_context *ldb, return ret; } + + +/* + initialise the invocationID for a standalone server + */ +static int initialise_invocation_id(struct ldb_module *module, struct GUID *guid) +{ + struct ldb_message *msg; + struct ldb_context *ldb = ldb_module_get_ctx(module); + int ret; + + *guid = GUID_random(); + + msg = ldb_msg_new(module); + if (msg == NULL) { + ldb_module_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } + msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB"); + if (!msg->dn) { + ldb_module_oom(module); + talloc_free(msg); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = dsdb_msg_add_guid(msg, guid, "invocationID"); + if (ret != LDB_SUCCESS) { + ldb_module_oom(module); + talloc_free(msg); + return ret; + } + msg->elements[0].flags = LDB_FLAG_MOD_ADD; + + ret = ldb_modify(ldb, msg); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to setup standalone invocationID - %s", + ldb_errstring(ldb)); + talloc_free(msg); + return ret; + } + + DEBUG(1,("Initialised standalone invocationID to %s\n", + GUID_string(msg, guid))); + + talloc_free(msg); + + return LDB_SUCCESS; +} + + static int samba_dsdb_init(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -213,7 +263,7 @@ static int samba_dsdb_init(struct ldb_module *module) static const char *openldap_backend_modules[] = { "entryuuid", "paged_searches", NULL }; - static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", NULL }; -- Samba Shared Repository