The branch, master has been updated via 5047548... s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb via e809b72... s4-drs: don't give an error on repsTo delete if add is also specified via 0bc902a... s4-sddl: DRS replication needs REVISION_ADS for SDs from a214ebc... ldb: Fix the standalone ldb build.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 504754856eed363dde28cdff821c086754deb7f8 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 2 16:53:20 2010 +1100 s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb w2k8-r2 gives a "schema mismatch" error if the revision is not set to REVISION_ADS and you replicate the ntsecuritydescriptor using DRS. Nadya, please check this! Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit e809b721e9d1a750c3c1bf48882532714af69e5f Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 2 16:51:30 2010 +1100 s4-drs: don't give an error on repsTo delete if add is also specified w2k8-r2 in dcpromo asks for a delete+add during its initial join. commit 0bc902ac841ec883fb5a22b1db185d86ae12b114 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 2 12:30:48 2010 +1100 s4-sddl: DRS replication needs REVISION_ADS for SDs DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4 ----------------------------------------------------------------------- Summary of changes: source4/dsdb/samdb/ldb_modules/descriptor.c | 8 ++++++++ source4/libcli/security/sddl.c | 2 +- source4/rpc_server/drsuapi/updaterefs.c | 4 +++- 3 files changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index d5a5e36..f07743c 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -285,6 +285,14 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module, if (!final_sd) { return NULL; } + + if (final_sd->dacl) { + final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS; + } + if (final_sd->sacl) { + final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS; + } + sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid); DEBUG(10, ("Object %s created with desriptor %s\n\n", ldb_dn_get_linearized(dn), sddl_sd)); diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index 2244a3d..c4f8c56 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -304,7 +304,7 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, acl = talloc_zero(sd, struct security_acl); if (acl == NULL) return NULL; - acl->revision = SECURITY_ACL_REVISION_NT4; + acl->revision = SECURITY_ACL_REVISION_ADS; if (isupper(sddl[0]) && sddl[1] == ':') { /* its an empty ACL */ diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index 6e2efed..b1e3d6c 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -105,7 +105,9 @@ static WERROR uref_del_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, return werr; } - if (!found && !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK)) { + if (!found && + !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK) && + !(options & DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE)) { return WERR_DS_DRA_REF_NOT_FOUND; } -- Samba Shared Repository