The branch, master has been updated
via 601f382 s4:drsuapi/getncchanges: the default for isRecycled is FALSE
via 7d13f7d s4-drsuapi: we store boolean in upppercase so we need to
test them in uppercase
via 34d549d s4-kcc: Remove also deleted objects that are not in the
Deleted Object container
via ea9fb5c s4-ldb: Add isRecycled when is defined in the schema
from 271c7d9 s4:rpc-dnsserver: Set the rank for the new DNS record
correctly
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 601f3822d5c86f30aff185bc2a5ed7d4803cac51
Author: Stefan Metzmacher <[email protected]>
Date: Tue Nov 15 12:42:22 2011 +0100
s4:drsuapi/getncchanges: the default for isRecycled is FALSE
metze
Autobuild-User: Matthieu Patou <[email protected]>
Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
commit 7d13f7d4a1c01513702beeb4f62892a86238b283
Author: Matthieu Patou <[email protected]>
Date: Mon Nov 14 18:32:41 2011 +0100
s4-drsuapi: we store boolean in upppercase so we need to test them in
uppercase
Signed-off-by: Stefan Metzmacher <[email protected]>
commit 34d549de34a10129dfb1d3a2f788f15c8110d3d4
Author: Matthieu Patou <[email protected]>
Date: Tue Nov 15 12:38:51 2011 +0100
s4-kcc: Remove also deleted objects that are not in the Deleted Object
container
For the configuration container we do a full scan at every run of the
kcc-delete service. For the base DN we introduce a new parameter that
avoid the full scan to kick just when samba starts.
Signed-off-by: Stefan Metzmacher <[email protected]>
commit ea9fb5cad84595aca3544df521607616aec9041d
Author: Matthieu Patou <[email protected]>
Date: Tue Nov 1 23:12:47 2011 +0100
s4-ldb: Add isRecycled when is defined in the schema
Signed-off-by: Stefan Metzmacher <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/kcc/kcc_deleted.c | 38 +++++++++++++++++++++-
source4/dsdb/kcc/kcc_service.h | 2 +
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 12 +++++--
source4/rpc_server/drsuapi/getncchanges.c | 8 ++--
4 files changed, 51 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 5d2585d..0e1a428 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -44,8 +44,12 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s,
TALLOC_CTX *mem_ctx)
struct kccsrv_partition *part;
int ret;
uint32_t tombstoneLifetime;
+ bool do_fs = false;
+ time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv",
+
"check_deleted_full_scan_interval", 86400);
time_t t = time(NULL);
+
if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL,
"kccsrv",
"check_deleted_interval",
600)) {
return NT_STATUS_OK;
@@ -57,6 +61,22 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s,
TALLOC_CTX *mem_ctx)
DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ if (s->last_full_scan_deleted_check > 0 && ((t -
s->last_full_scan_deleted_check) > interval )) {
+ do_fs = true;
+ s->last_full_scan_deleted_check = t;
+ }
+
+ if (s->last_full_scan_deleted_check == 0) {
+ /*
+ * If we never made a full scan set the last full scan event to
be in the past
+ * and that 9/10 of the full scan interval has already passed.
+ * This is done to avoid the full scan to fire just at the
begining of samba
+ * or a couple of minutes after the start.
+ * With this "setup" and default values of interval, the full
scan will fire
+ * 2.4 hours after the start of samba
+ */
+ s->last_full_scan_deleted_check = t - ((9 * interval) / 10);
+ }
for (part=s->partitions; part; part=part->next) {
struct ldb_dn *do_dn;
@@ -70,8 +90,18 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s,
TALLOC_CTX *mem_ctx)
container */
continue;
}
- ret = dsdb_search(s->samdb, do_dn, &res, do_dn,
LDB_SCOPE_ONELEVEL, attrs,
- DSDB_SEARCH_SHOW_RECYCLED, NULL);
+
+ if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb),
part->dn)) {
+ ret = dsdb_search(s->samdb, do_dn, &res, do_dn,
LDB_SCOPE_ONELEVEL, attrs,
+ DSDB_SEARCH_SHOW_RECYCLED, NULL);
+ } else {
+ if (do_fs) {
+ DEBUG(1, ("Doing a full scan on %s and looking
for deleted object\n",
+
ldb_dn_get_linearized(part->dn)));
+ }
+ ret = dsdb_search(s->samdb, part->dn, &res, part->dn,
LDB_SCOPE_SUBTREE, attrs,
+ DSDB_SEARCH_SHOW_RECYCLED,
"(isDeleted=TRUE)");
+ }
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to search for deleted
objects in %s\n",
@@ -84,6 +114,10 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s,
TALLOC_CTX *mem_ctx)
const char *tstring;
time_t whenChanged = 0;
+ if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) {
+ /* Skip the Deleted Object Container */
+ continue;
+ }
tstring = ldb_msg_find_attr_as_string(res->msgs[i],
"whenChanged", NULL);
if (tstring) {
whenChanged = ldb_string_to_time(tstring);
diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h
index 1e6d35e..b3ba226 100644
--- a/source4/dsdb/kcc/kcc_service.h
+++ b/source4/dsdb/kcc/kcc_service.h
@@ -88,6 +88,8 @@ struct kccsrv_service {
time_t last_deleted_check;
+ time_t last_full_scan_deleted_check;
+
bool am_rodc;
/* run new samba_kcc topology generator code */
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index eb5d036..daca5da 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -3008,9 +3008,15 @@ static int replmd_delete(struct ldb_module *module,
struct ldb_request *req)
case OBJECT_RECYCLED:
case OBJECT_TOMBSTONE:
- /* we also mark it as recycled, meaning this object can't be
- recovered (we are stripping its attributes) */
- if (functional_level >= DS_DOMAIN_FUNCTION_2008_R2) {
+ /*
+ * we also mark it as recycled, meaning this object can't be
+ * recovered (we are stripping its attributes).
+ * This is done only if we have this schema object of course ...
+ * This behavior is identical to the one of Windows 2008R2 which
+ * always set the isRecycled attribute, even if the recycle-bin
is
+ * not activated and what ever the forest level is.
+ */
+ if (dsdb_attribute_by_lDAPDisplayName(schema, "isRecycled") !=
NULL) {
ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to add
isRecycled string to the msg\n"));
diff --git a/source4/rpc_server/drsuapi/getncchanges.c
b/source4/rpc_server/drsuapi/getncchanges.c
index f6e4573..07e64d3 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -375,15 +375,15 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX *mem_ctx,
int ret;
const char *v;
- v = ldb_msg_find_attr_as_string(msg, "isDeleted", "false");
- if (strncasecmp(v, "true", 4) == 0) {
+ v = ldb_msg_find_attr_as_string(msg, "isDeleted", "FALSE");
+ if (strncmp(v, "TRUE", 4) == 0) {
/*
* Note: we skip the transmition of the deleted link
even if the other part used to
* know about it because when we transmit the deletion
of the object, the link will
* be deleted too due to deletion of object where link
points and Windows do so.
*/
if (dsdb_functional_level(sam_ctx) >=
DS_DOMAIN_FUNCTION_2008_R2) {
- v = ldb_msg_find_attr_as_string(msg,
"isRecycled", "true");
+ v = ldb_msg_find_attr_as_string(msg,
"isRecycled", "FALSE");
/*
* On Windows 2008R2 isRecycled is always
present even if FL or DL are < FL 2K8R2
* if it join an existing domain with deleted
objets, it firsts impose to have a
@@ -396,7 +396,7 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX *mem_ctx,
* For this kind of forest level we do not
return the link if the object is recycled
* (isRecycled = true).
*/
- if (strncasecmp(v, "true", 4) == 0) {
+ if (strncmp(v, "TRUE", 4) == 0) {
DEBUG(2, (" object %s is recycled, not
returning linked attribute !\n",
ldb_dn_get_linearized(msg->dn)));
return WERR_OK;
--
Samba Shared Repository
