The branch, master has been updated
via 5047548... s4-dsdb: force REVISION_ADS for new and updated ACLs in
dsdb
via e809b72... s4-drs: don't give an error on repsTo delete if add is
also specified
via 0bc902a... s4-sddl: DRS replication needs REVISION_ADS for SDs
from a214ebc... ldb: Fix the standalone ldb build.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 504754856eed363dde28cdff821c086754deb7f8
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 2 16:53:20 2010 +1100
s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.
Nadya, please check this!
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit e809b721e9d1a750c3c1bf48882532714af69e5f
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 2 16:51:30 2010 +1100
s4-drs: don't give an error on repsTo delete if add is also specified
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
commit 0bc902ac841ec883fb5a22b1db185d86ae12b114
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 2 12:30:48 2010 +1100
s4-sddl: DRS replication needs REVISION_ADS for SDs
DRS replication with w2k8-r2 fails with a schema mismatch error if we
set the revision to NT4
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/descriptor.c | 8 ++++++++
source4/libcli/security/sddl.c | 2 +-
source4/rpc_server/drsuapi/updaterefs.c | 4 +++-
3 files changed, 12 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c
b/source4/dsdb/samdb/ldb_modules/descriptor.c
index d5a5e36..f07743c 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -285,6 +285,14 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module
*module,
if (!final_sd) {
return NULL;
}
+
+ if (final_sd->dacl) {
+ final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+ }
+ if (final_sd->sacl) {
+ final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
+ }
+
sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid);
DEBUG(10, ("Object %s created with desriptor %s\n\n",
ldb_dn_get_linearized(dn), sddl_sd));
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 2244a3d..c4f8c56 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -304,7 +304,7 @@ static struct security_acl *sddl_decode_acl(struct
security_descriptor *sd,
acl = talloc_zero(sd, struct security_acl);
if (acl == NULL) return NULL;
- acl->revision = SECURITY_ACL_REVISION_NT4;
+ acl->revision = SECURITY_ACL_REVISION_ADS;
if (isupper(sddl[0]) && sddl[1] == ':') {
/* its an empty ACL */
diff --git a/source4/rpc_server/drsuapi/updaterefs.c
b/source4/rpc_server/drsuapi/updaterefs.c
index 6e2efed..b1e3d6c 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -105,7 +105,9 @@ static WERROR uref_del_dest(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
return werr;
}
- if (!found && !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK)) {
+ if (!found &&
+ !(options & DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK) &&
+ !(options & DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE)) {
return WERR_DS_DRA_REF_NOT_FOUND;
}
--
Samba Shared Repository
