The branch, master has been updated
via 0c36259... s4-schema: fixed the sorting of schema attributes
via ec7dc6a... s4-torture: update uuid_compare test for new behaviour
via ad35153... s4-drs: Implement constraints on ATTID values in
prefixMap
via 911cefd... s4-tort: Test handling of different ATTID values in
prefixMap interface.
via 35b8808... Adapted acl module to skip checks if as_system control
is provided.
via 9f6c818... s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM
control
via 7685bbb... s4-dsdb-util: Execute ldb_request using
LDB_CONTROL_AS_SYSTEM
via 11e2c57... s4-dsdb-util: Utility function to process ldb_request in
transaction
via 516316b... s4-schema: Implement msDS-IntId attribute generation
via a409c0f... s4-schema: Constraints on msDS-IntId attribute
via 4e8ad28... s4-schema: Set ATTID in schema cache from "msDS-IntId"
via 14bac3a... Revert "s4-drs: cope with bogus empty attributes from
w2k8-r2"
via ee48f58... s4-tort: Tests for "msDS-IntId" attribute implemented
via c113be8... s4-tort: Move Schema tests from ldap.py into separate
module
via d9606d6... s4-drs: Fix bug - prefixMap is not updated when adding
new OIDs.
via 03a1451... s4-drstest: Don't remove temp LDB so it can be reviewed
if necessary
via 452fc0d... s4-repl: give a reason why the prepare commit failed
via 92d75a4... s4-kcc: don't crash with a NULL ntds connection list
via 60acce5... s4-repl: only try to replicate for NCs that we are a
master for
via 87f28cc... s4-torture: another unsigned comparison bug
via ec74ffa... s4-schema: a unsigned comparison bug in the schema code
via d370810... s4-drs: another two unsigned comparison bugs
via a106fef... librpc: fixed the GUID_compare() function
via 2a4a159... s4-repl: lower debug level of a common message
via 47560bf... s4-dsdb: don't use a non-constant format string for a
printf format
via a070119... s4-dsdb: added DSDB_MODIFY_RELAX flag to the
dsdb_module_*() calls
via 9d56f65... s4-dsdb: added dsdb_get_extended_dn_uint64()
via e89a2db... s4-dsdb: use varargs expression in dsdb_module_search()
via 2c88ffb... s4-dsdb: added two new dsdb_get_extended_dn_*() helper
functions
via dbda2c2... s4-provision: added a note about where invocationIDs
come from
via 882768c... s4-dsdb: give us an invocationID when in standalone mode
from 1b5389a... s3: Fix an error case in cli_negprot
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0c362597c0f933b3612bb17328c0a13b73d72e43
Author: Andrew Tridgell <tri...@samba.org>
Date: Mon Dec 21 23:36:23 2009 +1100
s4-schema: fixed the sorting of schema attributes
another case of unsigned int subtracting breaking sorts. This one
surfaced now as attributeID_id now can be larger than 2^31
commit ec7dc6a619d7fca83a49065c45fdbc0fa93249a0
Author: Andrew Tridgell <tri...@samba.org>
Date: Mon Dec 21 23:19:08 2009 +1100
s4-torture: update uuid_compare test for new behaviour
commit ad35153ef40ade858302dab2877353682604265b
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Sat Dec 19 01:49:31 2009 +0200
s4-drs: Implement constraints on ATTID values in prefixMap
Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 911cefd48be67878dea89f905bc7de1cd3f7c40f
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Sat Dec 19 01:48:41 2009 +0200
s4-tort: Test handling of different ATTID values in prefixMap interface.
It turns out ATTID values are separated in ranges.
Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 35b8808b94808f5d689c2b034ff5c21c739c11a4
Author: Nadezhda Ivanova <nadezhda.ivan...@postpath.com>
Date: Fri Dec 18 18:00:15 2009 +0200
Adapted acl module to skip checks if as_system control is provided.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 9f6c81874f6e63f30432814e4f443a69c4e04429
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 18:15:49 2009 +0200
s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM control
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 7685bbbc4ea2ffc522a1582a561477dad2c862b2
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 18:14:38 2009 +0200
s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM
This function is intended to be used when data needs
to be modified skipping access checks.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 11e2c5777dc1bd8af1f696e04d0712fe43e7a21a
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 18:11:48 2009 +0200
s4-dsdb-util: Utility function to process ldb_request in transaction
This function is to be used later for manually crafted
ldb_requests from within dsdb layer
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 516316b107e309a32362b7de9b010b73545480e0
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 03:46:39 2009 +0200
s4-schema: Implement msDS-IntId attribute generation
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit a409c0f0372e5a1d81b4acda5c0fc24ccbe68a7e
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Thu Dec 17 23:26:47 2009 +0200
s4-schema: Constraints on msDS-IntId attribute
This attribute can not be modified on existing schema object.
msDS-IntId is not allowed during attribute creation also.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 4e8ad284f5813413fdec8426f11e24570d22549b
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 04:08:52 2009 +0200
s4-schema: Set ATTID in schema cache from "msDS-IntId"
According to
http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx
some Attributes OIDs may not use prefixMap.
Setting ATTID in Schema Cache here should work, although
this code snippet should be moved in separate function.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 14bac3a3e6a9308d9088559cf8f898b6ac4b4d68
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 03:58:29 2009 +0200
Revert "s4-drs: cope with bogus empty attributes from w2k8-r2"
This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c.
Next patch should fix the "not recognized ATTIDs" problem
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit ee48f583b5f7a7acdf4857d69db49dfa36992f4d
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Thu Dec 17 19:27:47 2009 +0200
s4-tort: Tests for "msDS-IntId" attribute implemented
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit c113be8526fe5a4b67410a557201717ee2a385eb
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Mon Dec 14 01:52:18 2009 +0200
s4-tort: Move Schema tests from ldap.py into separate module
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit d9606d64ddad4e593b02310b392cd11ff4114aa1
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 18 03:53:13 2009 +0200
s4-drs: Fix bug - prefixMap is not updated when adding new OIDs.
The bug is that prefixMap is updated only memory when
adding new Classs/Attribute that has and OID not in
prefixMap already.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 03a1451bbc663a4dbb102d5e150b92acbe7f9599
Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com>
Date: Fri Dec 4 03:58:59 2009 +0200
s4-drstest: Don't remove temp LDB so it can be reviewed if necessary
This test makes temp directory which is not removed
so why not just leave LDB also.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 452fc0d6f44eea0876c3671400d8a8713d00ddce
Author: Andrew Tridgell <tri...@samba.org>
Date: Mon Dec 21 20:58:09 2009 +1100
s4-repl: give a reason why the prepare commit failed
commit 92d75a4bfb1d666950f39aba19fcc4d97c2234ad
Author: Andrew Tridgell <tri...@samba.org>
Date: Mon Dec 21 20:57:21 2009 +1100
s4-kcc: don't crash with a NULL ntds connection list
commit 60acce584bf75c54c71813c93b6c607ef32c867d
Author: Andrew Tridgell <tri...@samba.org>
Date: Sun Dec 20 11:06:23 2009 +1100
s4-repl: only try to replicate for NCs that we are a master for
commit 87f28cc2671cf0211b0f1b286b719c5baf9e8111
Author: Andrew Tridgell <tri...@samba.org>
Date: Sun Dec 20 10:27:17 2009 +1100
s4-torture: another unsigned comparison bug
commit ec74ffa8f08d85c55ec7fc592101a21340b9a97d
Author: Andrew Tridgell <tri...@samba.org>
Date: Sun Dec 20 10:26:21 2009 +1100
s4-schema: a unsigned comparison bug in the schema code
commit d3708109a141f5d6468a89e35176cb56e7a8d821
Author: Andrew Tridgell <tri...@samba.org>
Date: Sun Dec 20 10:26:06 2009 +1100
s4-drs: another two unsigned comparison bugs
commit a106fefcfb0cb60ce439884d8cd0c920d2fb193a
Author: Andrew Tridgell <tri...@samba.org>
Date: Sun Dec 20 10:25:46 2009 +1100
librpc: fixed the GUID_compare() function
When comparing two unsigned values you can't just subtract
them.
Imagine you are comparing: "uint32_t u1" and "uint32_t u2". If you use
"u1 - u2" and u2 is zero, then the signed integer result will depend
on the top bit of u1.
This error occurs in a few places in Samba. For DRS replication it
resulted in corrupt uptodateness vectors.
commit 2a4a159a8443ebaae53f5902a0f5c1f8536a6edd
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Dec 19 23:32:48 2009 +1100
s4-repl: lower debug level of a common message
commit 47560bfda9932efa6b225a223aba662a4d72e637
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Dec 19 20:58:00 2009 +1100
s4-dsdb: don't use a non-constant format string for a printf format
commit a070119de34274e6122461d9cc0e9829b5fb6865
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Dec 19 20:56:41 2009 +1100
s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() calls
commit 9d56f656d4f593289340a876445785cdfefd3d91
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Dec 19 12:23:42 2009 +1100
s4-dsdb: added dsdb_get_extended_dn_uint64()
commit e89a2db4f24ee70c45e0636e9baa8b6212a27cde
Author: Andrew Tridgell <tri...@samba.org>
Date: Fri Dec 18 20:55:23 2009 +1100
s4-dsdb: use varargs expression in dsdb_module_search()
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 2c88ffb8f1f3691d29a88ab263dde5b07f4f400a
Author: Andrew Tridgell <tri...@samba.org>
Date: Fri Dec 18 20:54:23 2009 +1100
s4-dsdb: added two new dsdb_get_extended_dn_*() helper functions
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit dbda2c2db5a3c0c39134fde1ae58ceadf473a87f
Author: Andrew Tridgell <tri...@samba.org>
Date: Fri Dec 18 14:45:58 2009 +1100
s4-provision: added a note about where invocationIDs come from
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 882768c8785995acccbdf562be99a68fc0dde33b
Author: Andrew Tridgell <tri...@samba.org>
Date: Fri Dec 18 13:47:46 2009 +1100
s4-dsdb: give us an invocationID when in standalone mode
To allow us to use the repl_meta_data module in standalone mode (and
thus not have two module stacks to test), we need a invocationID
stored somewhere when standalone. This creates a random one, and
stores it in @SAMBA_DSDB.
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
librpc/ndr/uuid.c | 10 +-
source4/dsdb/common/util.c | 126 ++++++
source4/dsdb/kcc/kcc_connection.c | 6 +-
source4/dsdb/repl/drepl_notify.c | 2 +-
source4/dsdb/repl/drepl_partitions.c | 7 +-
source4/dsdb/repl/replicated_objects.c | 20 +-
source4/dsdb/samdb/ldb_modules/acl.c | 24 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 80 ++++-
source4/dsdb/samdb/ldb_modules/schema_data.c | 175 ++++++++-
source4/dsdb/samdb/ldb_modules/util.c | 28 +-
source4/dsdb/samdb/ldb_modules/util.h | 1 +
source4/dsdb/schema/prefixmap.h | 11 +
source4/dsdb/schema/schema_init.c | 23 +-
source4/dsdb/schema/schema_prefixmap.c | 24 ++
source4/dsdb/schema/schema_query.c | 3 +-
source4/dsdb/schema/schema_set.c | 12 +-
source4/lib/ldb/tests/python/ldap.py | 133 ------
source4/lib/ldb/tests/python/ldap_schema.py | 500 +++++++++++++++++++++++
source4/scripting/python/samba/provision.py | 2 +
source4/selftest/tests.sh | 1 +
source4/torture/drs/unit/prefixmap_tests.c | 45 ++-
source4/torture/ndr/ndr.c | 13 +-
source4/torture/raw/qfileinfo.c | 2 +-
24 files changed, 1038 insertions(+), 218 deletions(-)
create mode 100755 source4/lib/ldb/tests/python/ldap_schema.py
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c
index 429a1b1..1899afb 100644
--- a/librpc/ndr/uuid.c
+++ b/librpc/ndr/uuid.c
@@ -241,23 +241,23 @@ _PUBLIC_ bool GUID_equal(const struct GUID *u1, const
struct GUID *u2)
_PUBLIC_ int GUID_compare(const struct GUID *u1, const struct GUID *u2)
{
if (u1->time_low != u2->time_low) {
- return u1->time_low - u2->time_low;
+ return u1->time_low > u2->time_low ? 1 : -1;
}
if (u1->time_mid != u2->time_mid) {
- return u1->time_mid - u2->time_mid;
+ return u1->time_mid > u2->time_mid ? 1 : -1;
}
if (u1->time_hi_and_version != u2->time_hi_and_version) {
- return u1->time_hi_and_version - u2->time_hi_and_version;
+ return u1->time_hi_and_version > u2->time_hi_and_version ? 1 :
-1;
}
if (u1->clock_seq[0] != u2->clock_seq[0]) {
- return u1->clock_seq[0] - u2->clock_seq[0];
+ return u1->clock_seq[0] > u2->clock_seq[0] ? 1 : -1;
}
if (u1->clock_seq[1] != u2->clock_seq[1]) {
- return u1->clock_seq[1] - u2->clock_seq[1];
+ return u1->clock_seq[1] > u2->clock_seq[1] ? 1 : -1;
}
return memcmp(u1->node, u2->node, 6);
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 61d065b..561edff 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -997,6 +997,81 @@ int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX
*mem_ctx, struct ldb_m
}
/*
+ * Handle ldb_request in transaction
+ */
+static int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
+ struct ldb_request *req)
+{
+ int ret;
+
+ ret = ldb_transaction_start(sam_ldb);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_request(sam_ldb, req);
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
+
+ if (ret == LDB_SUCCESS) {
+ return ldb_transaction_commit(sam_ldb);
+ }
+ ldb_transaction_cancel(sam_ldb);
+
+ return ret;
+}
+
+/*
+ * replace elements in a record using LDB_CONTROL_AS_SYSTEM
+ * used to skip access checks on operations
+ * that are performed by the system
+ */
+int samdb_replace_as_system(struct ldb_context *sam_ldb,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg)
+{
+ int i;
+ int ldb_ret;
+ struct ldb_request *req = NULL;
+
+ /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+ for (i=0;i<msg->num_elements;i++) {
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+
+
+ ldb_ret = ldb_msg_sanity_check(sam_ldb, msg);
+ if (ldb_ret != LDB_SUCCESS) {
+ return ldb_ret;
+ }
+
+ ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx,
+ msg,
+ NULL,
+ NULL,
+ ldb_op_default_callback,
+ NULL);
+
+ if (ldb_ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ldb_ret;
+ }
+
+ ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID,
false, NULL);
+ if (ldb_ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ldb_ret;
+ }
+
+ /* do request and auto start a transaction */
+ ldb_ret = dsdb_autotransaction_request(sam_ldb, req);
+
+ talloc_free(req);
+ return ldb_ret;
+}
+
+/*
return a default security descriptor
*/
struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX
*mem_ctx)
@@ -2735,6 +2810,57 @@ NTSTATUS dsdb_get_extended_dn_guid(struct ldb_dn *dn,
struct GUID *guid)
}
/*
+ return a uint64_t from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_uint64(struct ldb_dn *dn, uint64_t *val, const
char *component_name)
+{
+ const struct ldb_val *v;
+ char *s;
+
+ v = ldb_dn_get_extended_component(dn, component_name);
+ if (v == NULL) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+ s = talloc_strndup(dn, (const char *)v->data, v->length);
+ NT_STATUS_HAVE_NO_MEMORY(s);
+
+ *val = strtoull(s, NULL, 0);
+
+ talloc_free(s);
+ return NT_STATUS_OK;
+}
+
+/*
+ return a NTTIME from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_nttime(struct ldb_dn *dn, NTTIME *nttime, const
char *component_name)
+{
+ return dsdb_get_extended_dn_uint64(dn, nttime, component_name);
+}
+
+/*
+ return a uint32_t from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_uint32(struct ldb_dn *dn, uint32_t *val, const
char *component_name)
+{
+ const struct ldb_val *v;
+ char *s;
+
+ v = ldb_dn_get_extended_component(dn, component_name);
+ if (v == NULL) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ s = talloc_strndup(dn, (const char *)v->data, v->length);
+ NT_STATUS_HAVE_NO_MEMORY(s);
+
+ *val = strtoul(s, NULL, 0);
+
+ talloc_free(s);
+ return NT_STATUS_OK;
+}
+
+/*
return true if a ldb_val containing a DN in storage form is deleted
*/
bool dsdb_dn_is_deleted_val(struct ldb_val *val)
diff --git a/source4/dsdb/kcc/kcc_connection.c
b/source4/dsdb/kcc/kcc_connection.c
index ee9a05a..7319804 100644
--- a/source4/dsdb/kcc/kcc_connection.c
+++ b/source4/dsdb/kcc/kcc_connection.c
@@ -133,7 +133,7 @@ void kccsrv_apply_connections(struct kccsrv_service *s,
{
int i, j, deleted = 0, added = 0, ret;
- for (i = 0; i < ntds_list->count; i++) {
+ for (i = 0; ntds_list && i < ntds_list->count; i++) {
struct kcc_connection *ntds = &ntds_list->servers[i];
for (j = 0; j < dsa_list->count; j++) {
struct kcc_connection *dsa = &dsa_list->servers[j];
@@ -152,13 +152,13 @@ void kccsrv_apply_connections(struct kccsrv_service *s,
for (i = 0; i < dsa_list->count; i++) {
struct kcc_connection *dsa = &dsa_list->servers[i];
- for (j = 0; j < ntds_list->count; j++) {
+ for (j = 0; ntds_list && j < ntds_list->count; j++) {
struct kcc_connection *ntds = &ntds_list->servers[j];
if (GUID_equal(&dsa->dsa_guid, &ntds->dsa_guid)) {
break;
}
}
- if (j == ntds_list->count) {
+ if (ntds_list == NULL || j == ntds_list->count) {
ret = kccsrv_add_connection(s, dsa);
if (ret == LDB_SUCCESS) {
added++;
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index e8652dc..fe3b2d2 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -404,7 +404,7 @@ WERROR dreplsrv_notify_schedule(struct dreplsrv_service
*service, uint32_t next_
W_ERROR_HAVE_NO_MEMORY(new_te);
tmp_mem = talloc_new(service);
- DEBUG(2,("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n",
+ DEBUG(4,("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n",
next_interval,
(service->notify.te?"re":""),
nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
diff --git a/source4/dsdb/repl/drepl_partitions.c
b/source4/dsdb/repl/drepl_partitions.c
index 85412a7..5b8227e 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -39,16 +39,15 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
struct ldb_dn *basedn;
struct ldb_result *r;
struct ldb_message_element *el;
- static const char *attrs[] = { "namingContexts", NULL };
+ static const char *attrs[] = { "hasMasterNCs", NULL };
uint32_t i;
int ret;
- basedn = ldb_dn_new(s, s->samdb, NULL);
+ basedn = samdb_ntds_settings_dn(s->samdb);
W_ERROR_HAVE_NO_MEMORY(basedn);
ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
"(objectClass=*)");
- talloc_free(basedn);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
} else if (r->count != 1) {
@@ -56,7 +55,7 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
return WERR_FOOBAR;
}
- el = ldb_msg_find_element(r->msgs[0], "namingContexts");
+ el = ldb_msg_find_element(r->msgs[0], "hasMasterNCs");
if (!el) {
return WERR_FOOBAR;
}
diff --git a/source4/dsdb/repl/replicated_objects.c
b/source4/dsdb/repl/replicated_objects.c
index 1efbd29..c72b107 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -128,15 +128,6 @@ static WERROR dsdb_convert_object_ex(struct ldb_context
*ldb,
}
status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a,
msg->elements, e);
- if (!NT_STATUS_IS_OK(status) && a->value_ctr.num_values == 0) {
- /* w2k8-r2 occasionally sends bogus empty
- attributes with rubbish attribute IDs. The
- only think we can do is discard these */
- DEBUG(0,(__location__ ": Discarding bogus empty
DsReplicaAttribute with attid 0x%x\n",
- a->attid));
- ZERO_STRUCTP(e);
- continue;
- }
W_ERROR_NOT_OK_RETURN(status);
m->attid = a->attid;
@@ -157,14 +148,6 @@ static WERROR dsdb_convert_object_ex(struct ldb_context
*ldb,
}
}
- /* delete any empty elements */
- for (i=0; i < msg->num_elements; i++) {
- if (msg->elements[i].name == NULL) {
- ldb_msg_remove_element(msg, &msg->elements[i]);
- i--;
- }
- }
-
if (rdn_m) {
struct ldb_message_element *el;
el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
@@ -319,7 +302,8 @@ WERROR dsdb_extended_replicated_objects_commit(struct
ldb_context *ldb,
ret = ldb_transaction_prepare_commit(ldb);
if (ret != LDB_SUCCESS) {
- DEBUG(0,(__location__ " Failed to prepare commit of
transaction\n"));
+ DEBUG(0,(__location__ " Failed to prepare commit of
transaction: %s\n",
+ ldb_errstring(ldb)));
return WERR_FOOBAR;
}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c
b/source4/dsdb/samdb/ldb_modules/acl.c
index b70b895..a329836 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -447,8 +447,10 @@ static int acl_allowedAttributes(struct ldb_module *module,
if (ac->allowedAttributesEffective) {
struct security_descriptor *sd;
struct dom_sid *sid = NULL;
+ struct ldb_control *as_system = ldb_request_get_control(ac->req,
+
LDB_CONTROL_AS_SYSTEM_OID);
ldb_msg_remove_attr(msg, "allowedAttributesEffective");
- if (ac->user_type == SECURITY_SYSTEM) {
+ if (ac->user_type == SECURITY_SYSTEM || as_system) {
for (i=0; attr_list && attr_list[i]; i++) {
ldb_msg_add_string(msg,
"allowedAttributesEffective", attr_list[i]);
}
@@ -559,10 +561,12 @@ static int acl_childClassesEffective(struct ldb_module
*module,
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
const struct dsdb_class *sclass;
struct security_descriptor *sd;
+ struct ldb_control *as_system = ldb_request_get_control(ac->req,
+
LDB_CONTROL_AS_SYSTEM_OID);
struct dom_sid *sid = NULL;
int i, j, ret;
- if (ac->user_type == SECURITY_SYSTEM) {
+ if (ac->user_type == SECURITY_SYSTEM || as_system) {
return acl_childClasses(module, sd_msg, msg,
"allowedChildClassesEffective");
}
@@ -635,6 +639,8 @@ static int acl_sDRightsEffective(struct ldb_module *module,
struct ldb_message_element *rightsEffective;
int ret;
struct security_descriptor *sd;
+ struct ldb_control *as_system = ldb_request_get_control(ac->req,
+
LDB_CONTROL_AS_SYSTEM_OID);
struct dom_sid *sid = NULL;
uint32_t flags = 0;
@@ -644,7 +650,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
if (ret != LDB_SUCCESS) {
return ret;
}
- if (ac->user_type == SECURITY_SYSTEM) {
+ if (ac->user_type == SECURITY_SYSTEM || as_system) {
flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL |
SECINFO_DACL;
}
else {
@@ -699,8 +705,9 @@ static int acl_add(struct ldb_module *module, struct
ldb_request *req)
const struct GUID *guid;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
+ struct ldb_control *as_system = ldb_request_get_control(req,
LDB_CONTROL_AS_SYSTEM_OID);
- if (what_is_user(module) == SECURITY_SYSTEM) {
+ if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
return ldb_next_request(module, req);
}
@@ -752,6 +759,7 @@ static int acl_modify(struct ldb_module *module, struct
ldb_request *req)
struct ldb_result *acl_res;
struct security_descriptor *sd;
struct dom_sid *sid = NULL;
+ struct ldb_control *as_system = ldb_request_get_control(req,
LDB_CONTROL_AS_SYSTEM_OID);
TALLOC_CTX *tmp_ctx = talloc_new(req);
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
@@ -765,7 +773,7 @@ static int acl_modify(struct ldb_module *module, struct
ldb_request *req)
{
DEBUG(10, ("ldb:acl_modify: %s\n",
req->op.mod.message->elements[0].name));
}
- if (what_is_user(module) == SECURITY_SYSTEM) {
+ if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
return ldb_next_request(module, req);
}
if (ldb_dn_is_special(req->op.mod.message->dn)) {
@@ -890,9 +898,10 @@ static int acl_delete(struct ldb_module *module, struct
ldb_request *req)
int ret;
struct ldb_dn *parent = ldb_dn_get_parent(req, req->op.del.dn);
struct ldb_context *ldb;
+ struct ldb_control *as_system = ldb_request_get_control(req,
LDB_CONTROL_AS_SYSTEM_OID);
DEBUG(10, ("ldb:acl_delete: %s\n",
ldb_dn_get_linearized(req->op.del.dn)));
- if (what_is_user(module) == SECURITY_SYSTEM) {
+ if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
return ldb_next_request(module, req);
}
@@ -934,6 +943,7 @@ static int acl_rename(struct ldb_module *module, struct
ldb_request *req)
const struct GUID *guid;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
+ struct ldb_control *as_system = ldb_request_get_control(req,
LDB_CONTROL_AS_SYSTEM_OID);
TALLOC_CTX *tmp_ctx = talloc_new(req);
NTSTATUS status;
uint32_t access_granted;
@@ -945,7 +955,7 @@ static int acl_rename(struct ldb_module *module, struct
ldb_request *req)
};
DEBUG(10, ("ldb:acl_rename: %s\n",
ldb_dn_get_linearized(req->op.rename.olddn)));
- if (what_is_user(module) == SECURITY_SYSTEM) {
+ if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
return ldb_next_request(module, req);
}
if (ldb_dn_is_special(req->op.rename.olddn)) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 3ae165c..3d31cc3 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -336,7 +336,7 @@ static int replmd_replPropertyMetaData1_attid_sort(const
struct replPropertyMeta
return -1;
}
- return m1->attid - m2->attid;
+ return m1->attid > m2->attid ? 1 : -1;
}
static int replmd_replPropertyMetaDataCtr1_sort(struct
replPropertyMetaDataCtr1 *ctr1,
@@ -390,8 +390,10 @@ static int replmd_ldb_message_element_attid_sort(const
struct ldb_message_elemen
if (!a1 || !a2) {
return strcasecmp(e1->name, e2->name);
}
-
- return a1->attributeID_id - a2->attributeID_id;
+ if (a1->attributeID_id == a2->attributeID_id) {
+ return 0;
+ }
+ return a1->attributeID_id > a2->attributeID_id ? 1 : -1;
}
static void replmd_ldb_message_sort(struct ldb_message *msg,
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index ee7e42e..bfa2599 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -38,6 +38,7 @@
#include "dsdb/samdb/ldb_modules/util.h"
#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
static int read_at_rootdse_record(struct ldb_context *ldb, struct ldb_module
*module, TALLOC_CTX *mem_ctx,
struct ldb_message **msg)
@@ -135,6 +136,55 @@ static int prepare_modules_line(struct ldb_context *ldb,
return ret;
}
+
+
+/*
+ initialise the invocationID for a standalone server
+ */
+static int initialise_invocation_id(struct ldb_module *module, struct GUID
*guid)
+{
+ struct ldb_message *msg;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int ret;
+
+ *guid = GUID_random();
+
+ msg = ldb_msg_new(module);
+ if (msg == NULL) {
+ ldb_module_oom(module);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB");
+ if (!msg->dn) {
+ ldb_module_oom(module);
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ret = dsdb_msg_add_guid(msg, guid, "invocationID");
+ if (ret != LDB_SUCCESS) {
+ ldb_module_oom(module);
+ talloc_free(msg);
+ return ret;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_ADD;
+
+ ret = ldb_modify(ldb, msg);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to setup standalone
invocationID - %s",
+ ldb_errstring(ldb));
+ talloc_free(msg);
+ return ret;
+ }
+
+ DEBUG(1,("Initialised standalone invocationID to %s\n",
+ GUID_string(msg, guid)));
+
+ talloc_free(msg);
+
+ return LDB_SUCCESS;
+}
+
+
static int samba_dsdb_init(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
@@ -213,7 +263,7 @@ static int samba_dsdb_init(struct ldb_module *module)
static const char *openldap_backend_modules[] = {
"entryuuid", "paged_searches", NULL };
- static const char *samba_dsdb_attrs[] = { "backendType", "serverRole",
NULL };
--
Samba Shared Repository
