The branch, master has been updated
via 4a5e9cf s4:subtree_rename LDB module - fix the move/rename
constraints
via 4659b07 s4-drs: In dcesrv_drsuapi_DsRemoveDSServer use the subtree
control to delete the NTDS entry
via dd90216 s4-dsdb: avoid printing a pointless debug line
via 87e7802 s4-drsuapi: crackname search also for deleted objects
via 1b97b2f s4: create a small script to test drsuapi/crackname
from fd33829 tevent: change the version to 0.9.14 after the tevent_queue
changes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4a5e9cf0ed909faef1325efff4581a4c5ee8d736
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Fri Apr 29 11:38:56 2011 +0200
s4:subtree_rename LDB module - fix the move/rename constraints
s4:subtree_rename LDB module - fix the move/rename constraints
By the inspiration of an email request by ekacnet I have rechecked the
move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the
MS-ADTS technical documentation.
It really turns out that the constraint checking is only performed on
the root object of a request.
In addition add my copyright notice (I've written these constraint checks).
Autobuild-User: Matthieu Patou <[email protected]>
Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
commit 4659b07eb9608acaf5b49d8919c98e224d2b805c
Author: Matthieu Patou <[email protected]>
Date: Wed Aug 10 01:36:01 2011 +0400
s4-drs: In dcesrv_drsuapi_DsRemoveDSServer use the subtree control to
delete the NTDS entry
This entry has most of the time subelements (connections between DCs)
that will forbid a simple (non recursive) delete
commit dd902164d270be60ccafb296105f4c1d5edd87df
Author: Matthieu Patou <[email protected]>
Date: Mon Aug 8 14:41:54 2011 +0400
s4-dsdb: avoid printing a pointless debug line
commit 87e7802722e62b5df1d8f63d49f4a54eaf3f61cd
Author: Matthieu Patou <[email protected]>
Date: Sun Jul 31 00:54:01 2011 +0400
s4-drsuapi: crackname search also for deleted objects
commit 1b97b2f8ffce2bd7c93155bab337dd90665f7013
Author: Matthieu Patou <[email protected]>
Date: Sun Jul 31 00:48:06 2011 +0400
s4: create a small script to test drsuapi/crackname
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/cracknames.c | 5 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +-
source4/dsdb/samdb/ldb_modules/subtree_rename.c | 17 ++---
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 +-
source4/scripting/devel/crackname | 75 +++++++++++++++++++++++
5 files changed, 89 insertions(+), 13 deletions(-)
create mode 100755 source4/scripting/devel/crackname
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index d922482..21a473d 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -839,13 +839,16 @@ static WERROR DsCrackNameOneFilter(struct ldb_context
*sam_ctx, TALLOC_CTX *mem_
dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
search_dn = ldb_get_root_basedn(sam_ctx);
}
+ if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){
+ dsdb_flags = dsdb_flags| DSDB_SEARCH_SHOW_DELETED;
+ }
/* search with the 'phantom root' flag */
ret = dsdb_search(sam_ctx, mem_ctx, &res,
search_dn,
LDB_SCOPE_SUBTREE,
result_attrs,
- DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+ dsdb_flags,
"%s", result_filter);
if (ret != LDB_SUCCESS) {
DEBUG(2, ("DsCrackNameOneFilter phantom root search
failed: %s",
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 706ca33..54741e6 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -4188,7 +4188,7 @@ static int replmd_replicated_uptodate_modify(struct
replmd_replicated_request *a
*/
nrf_el->flags = LDB_FLAG_MOD_REPLACE;
- if (DEBUGLVL(4)) {
+ if (CHECK_DEBUGLVL(4)) {
char *s = ldb_ldif_message_string(ldb, ar,
LDB_CHANGETYPE_MODIFY, msg);
DEBUG(4, ("DRS replication uptodate modify message:\n%s\n", s));
talloc_free(s);
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index f26a99e..a4714ac 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -3,6 +3,7 @@
Copyright (C) Andrew Bartlett <[email protected]> 2006-2007
Copyright (C) Stefan Metzmacher <[email protected]> 2007
+ Copyright (C) Matthias Dieter Wallnöfer <[email protected]> 2010-2011
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -319,9 +320,12 @@ static int subtree_rename_search_callback(struct
ldb_request *req,
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ldb_dn_compare(ares->message->dn, ac->list->olddn) == 0) {
- /* this was already stored by the
- * subtree_rename_search() */
-
+ /*
+ * This is the root entry of the originating move
+ * respectively rename request. It has been already
+ * stored in the list using "subtree_rename_search()".
+ * Only this one is subject to constraint checking.
+ */
ret = check_constraints(ares->message, ac,
ac->list->olddn,
ac->list->newdn);
@@ -356,13 +360,6 @@ static int subtree_rename_search_callback(struct
ldb_request *req,
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
-
- ret = check_constraints(ares->message, ac,
- store->olddn, store->newdn);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
break;
case LDB_REPLY_REFERRAL:
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 5dbb238..b170ec3 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -25,6 +25,7 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "libcli/security/security.h"
#include "libcli/security/session.h"
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
@@ -502,7 +503,7 @@ static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct
dcesrv_call_state *dce_call
}
if (r->in.req->req1.commit) {
- ret = ldb_delete(b_state->sam_ctx, ntds_dn);
+ ret = dsdb_delete(b_state->sam_ctx, ntds_dn,
DSDB_TREE_DELETE);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
diff --git a/source4/scripting/devel/crackname
b/source4/scripting/devel/crackname
new file mode 100755
index 0000000..133b853
--- /dev/null
+++ b/source4/scripting/devel/crackname
@@ -0,0 +1,75 @@
+#!/usr/bin/env python
+
+# Copyright Matthieu Patou <[email protected]> 2011
+# script to call a DRSUAPI crackname
+# this is useful for plugfest testing and replication debug
+
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.dcerpc import drsuapi, misc
+
+def do_DsBind(drs):
+ '''make a DsBind call, returning the binding handle'''
+ bind_info = drsuapi.DsBindInfoCtr()
+ bind_info.length = 28
+ bind_info.info = drsuapi.DsBindInfo28()
+ bind_info.info.supported_extensions = 0
+ (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID),
bind_info)
+ return handle
+
+
+########### main code ###########
+if __name__ == "__main__":
+ parser = OptionParser("crackname server [options]")
+ sambaopts = options.SambaOptions(parser)
+ parser.add_option_group(sambaopts)
+ credopts = options.CredentialsOptionsDouble(parser)
+ parser.add_option_group(credopts)
+
+ parser.add_option("", "--name", type='str',
+ default='{ED9F5546-9729-4B04-9385-3FCFE2B17BA1}',
help="name to crack")
+ parser.add_option("", "--outformat", type='int',
+ default=drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ help='format desired')
+ parser.add_option("", "--informat", type='int',
+ default=drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+ help='format offered')
+
+ (opts, args) = parser.parse_args()
+
+ lp = sambaopts.get_loadparm()
+ creds = credopts.get_credentials(lp)
+
+ if len(args) != 1:
+ parser.error("You must supply a server")
+
+ if creds.is_anonymous():
+ parser.error("You must supply credentials")
+
+ server = args[0]
+
+ binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
+
+ drs = drsuapi.drsuapi(binding_str, lp, creds)
+ drs_handle = do_DsBind(drs)
+ print "DRS Handle: %s" % drs_handle
+
+ req = drsuapi.DsNameRequest1()
+ names = drsuapi.DsNameString()
+ names.str = opts.name
+
+ req.codepage = 1252
+ req.language = 1033
+ req.format_flags = 0
+ req.format_offered = opts.informat
+ req.format_desired = opts.outformat
+ req.count = 1
+ req.names = [names]
+
+ (result, ctr) = drs.DsCrackNames(drs_handle, 1, req)
+ print ctr.array[0].status
+ print ctr.array[0].result_name
--
Samba Shared Repository
