The branch, master has been updated
via d7c22d5 ldb: make the successful ldb_transaction_start() message
clearer
via 81ca9ab s3:passdb: improve a debug message in
pdb_default_sid_to_id()
via 09fbc6c s3:passdb: fix and improve debug message in
pdb_default_sid_to_id().
via 1cfc02d s4:samr: allow builtin groups for samr_OpenGroup.
via 7c2bf8d selftest: Add tests for dbcheck detection and removal of
partial objects
via b19d80d dsdb: Make it harder to corrupt the database by requiring
DBCHECK or RELAX for final object deletion
from 4b324f7 s3: Always cache idmapping results of pdb backend.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d7c22d56d3f8be9b8293dd481fb450e3cf2343d3
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 17 09:33:26 2014 +1200
ldb: make the successful ldb_transaction_start() message clearer
Change-Id: I00d0705484c3b53f55c4a8ec2953e92329b7408e
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Sat May 3 10:20:52 CEST 2014 on sn-devel-104
commit 81ca9ab53b232529911ccdc3e427dffdae78bfa9
Author: Michael Adam <[email protected]>
Date: Wed Apr 30 12:14:46 2014 +0200
s3:passdb: improve a debug message in pdb_default_sid_to_id()
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 09fbc6c085e68348c6cc6798acf44b184d7d44bc
Author: Michael Adam <[email protected]>
Date: Wed Apr 30 12:10:01 2014 +0200
s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 1cfc02d786b2d88ed1cafc10c501d5a97f254ec2
Author: Michael Adam <[email protected]>
Date: Tue Apr 29 13:31:42 2014 +0200
s4:samr: allow builtin groups for samr_OpenGroup.
This fixes nsswitch getgrgid for builtins.
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 7c2bf8d2bc5230e4bd98cc5a0f1b8f3cc56a3f77
Author: Andrew Bartlett <[email protected]>
Date: Fri Apr 4 10:40:35 2014 +1300
selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist
for waf dist
and a whitelist for dbcheck-oldrelease.sh
Andrew Bartlett
Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit b19d80d0a97faffc165f068612f74d4ef8d7e5da
Author: Andrew Bartlett <[email protected]>
Date: Thu Apr 3 14:50:05 2014 +1300
dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX
for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb.c | 12 +-
selftest/tests.py | 1 +
source3/passdb/pdb_interface.c | 8 +-
source4/dsdb/kcc/kcc_deleted.c | 2 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 40 +-
source4/rpc_server/samr/dcesrv_samr.c | 23 +-
.../etc/smb.conf.template | 16 +
.../private/dns_update_list | 0
.../private/hklm.ldb.dump | 80 +
.../private/idmap.ldb.dump | 48 +
.../release-4-1-6-partial-object/private/krb5.conf | 4 +
.../private/named.conf.update | 7 +
.../private/privilege.ldb.dump | 156 +
.../private/randseed.tdb.dump | 0
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |29104 +++++++++++++
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |43468 ++++++++++++++++++++
...AINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 928 +
...ESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 488 +
.../sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 6036 +++
.../private/sam.ldb.d/metadata.tdb.dump | 4 +
.../private/sam.ldb.dump | 40 +
.../private/schannel_store.tdb.dump | 0
.../private/secrets.keytab | Bin 0 -> 1222 bytes
.../private/secrets.ldb.dump | 44 +
.../private/secrets.tdb.dump | 16 +
.../private/share.ldb.dump | 32 +
.../private/smbd.tmp/msg/names.tdb.dump | 52 +
.../private/spn_update_list | 0
.../private/tls/admincert.pem | 17 +
.../private/tls/admincertupn.pem | 17 +
.../private/tls/adminkey.pem | 15 +
.../private/tls/ca.pem | 14 +
.../private/tls/cert.pem | 15 +
.../private/tls/dhparms.pem | 5 +
.../private/tls/kdc.pem | 17 +
.../private/tls/key.pem | 15 +
.../private/wins_config.ldb.dump | 8 +
testprogs/blackbox/dbcheck-oldrelease.sh | 4 +-
wscript | 2 +-
39 files changed, 80712 insertions(+), 26 deletions(-)
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
copy source4/selftest/provisions/{release-4-0-0 =>
release-4-1-6-partial-object}/private/dns_update_list (100%)
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 =>
release-4-1-6-partial-object}/private/randseed.tdb.dump (100%)
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/metadata.tdb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 =>
release-4-1-6-partial-object}/private/schannel_store.tdb.dump (100%)
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.keytab
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.tdb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/share.ldb.dump
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/smbd.tmp/msg/names.tdb.dump
copy source4/selftest/provisions/{release-4-0-0 =>
release-4-1-6-partial-object}/private/spn_update_list (100%)
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincert.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincertupn.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/adminkey.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/ca.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/cert.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/dhparms.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/kdc.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/tls/key.pem
create mode 100644
source4/selftest/provisions/release-4-1-6-partial-object/private/wins_config.ldb.dump
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 36f1c37..c49513c 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -371,10 +371,14 @@ int ldb_transaction_start(struct ldb_context *ldb)
ldb_strerror(status),
status);
}
- }
- if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction
error: %s",
- ldb_errstring(module->ldb));
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb
transaction error: %s",
+ ldb_errstring(module->ldb));
+ }
+ } else {
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb
transaction success");
+ }
}
return status;
}
diff --git a/selftest/tests.py b/selftest/tests.py
index 7b37111..88a08c9 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -62,6 +62,7 @@ planpythontestsuite("none", "wafsamba.tests.test_suite",
extra_path=[os.path.joi
plantestsuite("samba4.blackbox.dbcheck.alpha13", "none" , ["PYTHON=%s" %
python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision',
'alpha13', configuration])
plantestsuite("samba4.blackbox.dbcheck.release-4-0-0", "none" , ["PYTHON=%s" %
python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision',
'release-4-0-0', configuration])
plantestsuite("samba4.blackbox.dbcheck.release-4-1-0rc3", "none" ,
["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"),
'$PREFIX_ABS/provision', 'release-4-1-0rc3', configuration])
+plantestsuite("samba4.blackbox.dbcheck.release-4-1-6-partial-object", "none" ,
["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"),
'$PREFIX_ABS/provision', 'release-4-1-6-partial-object', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.alpha13", "none" ,
["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"),
'$PREFIX_ABS/provision', 'alpha13', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.release-4-0-0", "none" ,
["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"),
'$PREFIX_ABS/provision', 'release-4-0-0', configuration])
planpythontestsuite("none", "samba.tests.upgradeprovision")
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index a984fcb..e2057e3 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1519,12 +1519,16 @@ static bool pdb_default_sid_to_id(struct pdb_methods
*methods,
id->id = uid;
break;
default:
- DEBUG(5, ("SID %s is our domain, but is not
mapped to a user or group (got %d)\n",
+ DEBUG(5, ("SID %s belongs to our domain, and "
+ "an object exists in the database, "
+ "but it is neither a user nor a "
+ "group (got type %d).\n",
sid_string_dbg(sid), type));
ret = false;
}
} else {
- DEBUG(5, ("SID %s is or domain, but is unmapped\n",
+ DEBUG(5, ("SID %s belongs to our domain, but there is "
+ "no corresponding object in the database.\n",
sid_string_dbg(sid)));
}
goto done;
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 63bb97c..331d4fb 100644
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -128,7 +128,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s,
TALLOC_CTX *mem_ctx)
whenChanged = ldb_string_to_time(tstring);
}
if (t - whenChanged > tombstoneLifetime*60*60*24) {
- ret = dsdb_delete(s->samdb, res->msgs[i]->dn,
DSDB_SEARCH_SHOW_DELETED);
+ ret = dsdb_delete(s->samdb, res->msgs[i]->dn,
DSDB_SEARCH_SHOW_DELETED|DSDB_MODIFY_RELAX);
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to
remove deleted object %s\n",
ldb_dn_get_linearized(res->msgs[i]->dn)));
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b01c956..83dabdf 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2991,6 +2991,20 @@ static int replmd_delete_internals(struct ldb_module
*module, struct ldb_request
return ldb_next_request(module, req);
}
+ /*
+ * We have to allow dbcheck to remove an object that
+ * is beyond repair, and to do so totally. This could
+ * mean we we can get a partial object from the other
+ * DC, causing havoc, so dbcheck suggests
+ * re-replication first. dbcheck sets both DBCHECK
+ * and RELAX in this situation.
+ */
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)
+ && ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+ /* really, really remove it */
+ return ldb_next_request(module, req);
+ }
+
tmp_ctx = talloc_new(ldb);
if (!tmp_ctx) {
ldb_oom(ldb);
@@ -3034,17 +3048,25 @@ static int replmd_delete_internals(struct ldb_module
*module, struct ldb_request
}
if (next_deletion_state == OBJECT_REMOVED) {
- struct auth_session_info *session_info =
- (struct auth_session_info *)ldb_get_opaque(ldb,
"sessionInfo");
- if (security_session_user_level(session_info, NULL) !=
SECURITY_SYSTEM) {
- ldb_asprintf_errstring(ldb, "Refusing to delete deleted
object %s",
- ldb_dn_get_linearized(old_msg->dn));
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ /*
+ * We have to prevent objects being deleted, even if
+ * the administrator really wants them gone, as
+ * without the tombstone, we can get a partial object
+ * from the other DC, causing havoc.
+ *
+ * The only other valid case is when the 180 day
+ * timeout has expired, when relax is specified.
+ */
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+ /* it is already deleted - really remove it this time */
+ talloc_free(tmp_ctx);
+ return ldb_next_request(module, req);
}
- /* it is already deleted - really remove it this time */
- talloc_free(tmp_ctx);
- return ldb_next_request(module, req);
+ ldb_asprintf_errstring(ldb, "Refusing to delete tombstone
object %s. "
+ "This check is to prevent corruption of
the replicated state.",
+ ldb_dn_get_linearized(old_msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
}
rdn_name = ldb_dn_get_rdn_name(old_dn);
diff --git a/source4/rpc_server/samr/dcesrv_samr.c
b/source4/rpc_server/samr/dcesrv_samr.c
index 3e58a44..eacbe7d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1746,13 +1746,22 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct
dcesrv_call_state *dce_call, TALLOC
}
/* search for the group record */
- ret = gendb_search(d_state->sam_ctx,
- mem_ctx, d_state->domain_dn, &msgs, attrs,
- "(&(objectSid=%s)(objectClass=group)"
- "(|(groupType=%d)(groupType=%d)))",
- ldap_encode_ndr_dom_sid(mem_ctx, sid),
- GTYPE_SECURITY_UNIVERSAL_GROUP,
- GTYPE_SECURITY_GLOBAL_GROUP);
+ if (d_state->builtin) {
+ ret = gendb_search(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn, &msgs, attrs,
+ "(&(objectSid=%s)(objectClass=group)"
+ "(groupType=%d))",
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+ } else {
+ ret = gendb_search(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn, &msgs, attrs,
+ "(&(objectSid=%s)(objectClass=group)"
+ "(|(groupType=%d)(groupType=%d)))",
+ ldap_encode_ndr_dom_sid(mem_ctx, sid),
+ GTYPE_SECURITY_UNIVERSAL_GROUP,
+ GTYPE_SECURITY_GLOBAL_GROUP);
+ }
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
new file mode 100644
index 0000000..17b81fd
--- /dev/null
+++
b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
@@ -0,0 +1,16 @@
+
+[global]
+ netbios name = LOCALDC
+ workgroup = SAMBADOMAIN
+ realm = SAMBA.EXAMPLE.COM
+ private dir = @@PREFIX@@/private
+ lock dir = @@PREFIX@@/
+ posix:eadb = @@PREFIX@@/private/eadb.tdb
+
+[sysvol]
+ path = @@PREFIX@@/sysvol
+ read only = no
+
+[netlogon]
+ path = @@PREFIX@@/sysvol/samba.example.com/scripts
+ read only = no
diff --git a/source4/selftest/provisions/release-4-0-0/private/dns_update_list
b/source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
similarity index 100%
copy from source4/selftest/provisions/release-4-0-0/private/dns_update_list
copy to
source4/selftest/provisions/release-4-1-6-partial-object/private/dns_update_list
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
new file mode 100644
index 0000000..3d54547
--- /dev/null
+++
b/source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
@@ -0,0 +1,80 @@
+{
+key(78) = "DN=KEY=TERMINAL
SERVER,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(111) = "g\19\01&\01\00\00\00key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0F\00\00\00Terminal
Server\00"
+}
+{
+key(86) =
"DN=KEY=PARAMETERS,KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(114) =
"g\19\01&\01\00\00\00key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(87) =
"DN=KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(115) =
"g\19\01&\01\00\00\00key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Parameters\00"
+}
+{
+key(40) = "DN=KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(67) =
"g\19\01&\01\00\00\00key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\09\00\00\00Microsoft\00"
+}
+{
+key(74) = "DN=KEY=CURRENTVERSION,KEY=WINDOWS
NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(106) = "g\19\01&\01\00\00\00key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(68) =
"DN=KEY=PRINT,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(91) =
"g\19\01&\01\00\00\00key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\05\00\00\00Print\00"
+}
+{
+key(59) = "DN=KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(85) =
"g\19\01&\01\00\00\00key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Services\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(80) =
"g\19\01&\02\00\00\00@ATTRIBUTES\00key\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00value\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(81) =
"g\19\01&\01\00\00\00key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\11\00\00\00CurrentControlSet\00"
+}
+{
+key(77) =
"DN=KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(109) =
"g\19\01&\01\00\00\00key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\0E\00\00\00ProductOptions\00"
+}
+{
+key(71) =
"DN=KEY=ALERTER,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(96) =
"g\19\01&\01\00\00\00key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Alerter\00"
+}
+{
+key(114) =
"DN=VALUE=REFUSEPASSWORDCHANGE,KEY=PARAMETERS,KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(193) =
"g\19\01&\03\00\00\00value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\0A\00\00\000x00000000\00type\00\01\00\00\00\01\00\00\004\00value\00\01\00\00\00\14\00\00\00RefusePasswordChange\00"
+}
+{
+key(95) =
"DN=VALUE=PRODUCTTYPE,KEY=PRODUCTOPTIONS,KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(164) =
"g\19\01&\03\00\00\00value=ProductType,key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00data\00\01\00\00\00\09\00\00\00LanmanNT\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0B\00\00\00ProductType\00"
+}
+{
+key(55) = "DN=KEY=WINDOWS NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(83) = "g\19\01&\01\00\00\00key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\0A\00\00\00Windows
NT\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(82) =
"g\19\01&\02\00\00\00@BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004722.0Z\00sequenceNumber\00\01\00\00\00\02\00\00\0020\00"
+}
+{
+key(58) = "DN=KEY=CONTROL,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(83) =
"g\19\01&\01\00\00\00key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\07\00\00\00Control\00"
+}
+{
+key(95) = "DN=VALUE=CURRENTVERSION,KEY=CURRENTVERSION,KEY=WINDOWS
NT,KEY=MICROSOFT,KEY=SOFTWARE,HIVE=NONE\00"
+data(162) =
"g\19\01&\03\00\00\00value=CurrentVersion,key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE\00data\00\01\00\00\00\04\00\00\006.1\00\00type\00\01\00\00\00\01\00\00\001\00value\00\01\00\00\00\0E\00\00\00CurrentVersion\00"
+}
+{
+key(72) =
"DN=KEY=NETLOGON,KEY=SERVICES,KEY=CURRENTCONTROLSET,KEY=SYSTEM,HIVE=NONE\00"
+data(98) =
"g\19\01&\01\00\00\00key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE\00key\00\01\00\00\00\08\00\00\00Netlogon\00"
+}
+{
+key(24) = "DN=KEY=SYSTEM,HIVE=NONE\00"
+data(48) =
"g\19\01&\01\00\00\00key=SYSTEM,hive=NONE\00key\00\01\00\00\00\06\00\00\00SYSTEM\00"
+}
+{
+key(26) = "DN=KEY=SOFTWARE,HIVE=NONE\00"
+data(52) =
"g\19\01&\01\00\00\00key=SOFTWARE,hive=NONE\00key\00\01\00\00\00\08\00\00\00SOFTWARE\00"
+}
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
new file mode 100644
index 0000000..71e714c
--- /dev/null
+++
b/source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
@@ -0,0 +1,48 @@
+{
+key(13) = "DN=CN=CONFIG\00"
+data(90) =
"g\19\01&\03\00\00\00CN=CONFIG\00cn\00\01\00\00\00\06\00\00\00CONFIG\00lowerBound\00\01\00\00\00\07\00\00\003000000\00upperBound\00\01\00\00\00\07\00\00\004000000\00"
+}
+{
+key(26) = "DN=@INDEX:XIDNUMBER:65534\00"
+data(77) =
"g\19\01&\02\00\00\00@INDEX:XIDNUMBER:65534\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00"
+data(150) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKb9AEAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+data(234) =
"g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-500\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\F4\01\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\04\00\00\001000\00"
+}
+{
+key(14) = "DN=CN=S-1-5-7\00"
+data(145) =
"g\19\01&\05\00\00\00CN=S-1-5-7\00cn\00\01\00\00\00\07\00\00\00S-1-5-7\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\0C\00\00\00\01\01\00\00\00\00\00\05\07\00\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_UID\00xidNumber\00\01\00\00\00\05\00\00\0065534\00"
+}
+{
+key(24) = "DN=@INDEX:XIDNUMBER:100\00"
+data(112) =
"g\19\01&\02\00\00\00@INDEX:XIDNUMBER:100\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) =
"g\19\01&\02\00\00\00@BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\006\00"
+}
+{
+key(25) = "DN=@INDEX:XIDNUMBER:1000\00"
+data(113) =
"g\19\01&\02\00\00\00@INDEX:XIDNUMBER:1000\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-500\00"
+}
+{
+key(38) = "DN=@INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00"
+data(89) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQEAAAAAAAUHAAAA\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\0A\00\00\00CN=S-1-5-7\00"
+}
+{
+key(51) = "DN=CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+data(233) =
"g\19\01&\05\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00cn\00\01\00\00\00,\00\00\00S-1-5-21-495451447-1216032457-2600623886-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\007\FD\87\1D\C9.{H\0E_\02\9B\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00"
+}
+{
+key(62) = "DN=@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00"
+data(150) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAN/2HHckue0gOXwKbAQIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00/\00\00\00CN=S-1-5-21-495451447-1216032457-2600623886-513\00"
+}
+{
+key(14) = "DN=@INDEXLIST\00"
+data(60) =
"g\19\01&\01\00\00\00@INDEXLIST\00@IDXATTR\00\02\00\00\00\09\00\00\00xidNumber\00\09\00\00\00objectSid\00"
+}
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
new file mode 100644
index 0000000..8c1ad96
--- /dev/null
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
@@ -0,0 +1,4 @@
+[libdefaults]
+ default_realm = SAMBA.EXAMPLE.COM
+ dns_lookup_realm = false
+ dns_lookup_kdc = true
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
new file mode 100644
index 0000000..1f3ca4a
--- /dev/null
+++
b/source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
@@ -0,0 +1,7 @@
+/* this file is auto-generated - do not edit */
+update-policy {
+ grant SAMBA.EXAMPLE.COM ms-self * A AAAA;
+ grant [email protected] wildcard * A AAAA SRV CNAME;
+ grant [email protected] wildcard * A AAAA SRV CNAME;
+ grant [email protected] wildcard * A AAAA SRV CNAME;
+};
diff --git
a/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
new file mode 100644
index 0000000..b3efd0f
--- /dev/null
+++
b/source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
@@ -0,0 +1,156 @@
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00"
+data(97) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SESECURITYPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00"
+data(102) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SESYSTEMPROFILEPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJQIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-550\00"
+data(214) =
"g\19\01&\04\00\00\00sid=S-1-5-32-550\00comment\00\01\00\00\00\0F\00\00\00Print
Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00&\02\00\00\00privilege\00\03\00\00\00\15\00\00\00SeLoadDriverPrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAKgIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00"
+data(122) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SECHANGENOTIFYPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00"
+data(95) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEUNDOCKPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00"
+data(97) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SENETWORKLOGONRIGHT\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(15) = "DN=@ATTRIBUTES\00"
+data(88) =
"g\19\01&\02\00\00\00@ATTRIBUTES\00comment\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00privilege\00\01\00\00\00\10\00\00\00CASE_INSENSITIVE\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJwIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-551\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-548\00"
+data(166) =
"g\19\01&\04\00\00\00sid=S-1-5-32-548\00comment\00\01\00\00\00\11\00\00\00Account
Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00$\02\00\00\00privilege\00\01\00\00\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00"
+data(101) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEMANAGEVOLUMEPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(43) = "DN=@INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00"
+data(100) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEIMPERSONATEPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00"
+data(109) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEPROFILESINGLEPROCESSPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(52) = "DN=@INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00"
+data(109) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEINCREASEBASEPRIORITYPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAIAIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(13) = "DN=@BASEINFO\00"
+data(81) =
"g\19\01&\02\00\00\00@BASEINFO\00whenChanged\00\01\00\00\00\11\00\00\0020140403004723.0Z\00sequenceNumber\00\01\00\00\00\01\00\00\009\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00"
+data(120) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SESYSTEMTIMEPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-551\00"
+data(234) =
"g\19\01&\04\00\00\00sid=S-1-5-32-551\00comment\00\01\00\00\00\10\00\00\00Backup
Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00'\02\00\00\00privilege\00\04\00\00\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(48) = "DN=@INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00"
+data(105) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEENABLEDELEGATIONPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(50) = "DN=@INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00"
+data(128) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEREMOTEINTERACTIVELOGONRIGHT\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-554\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00"
+data(102) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEINCREASEQUOTAPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-544\00"
+data(804) =
"g\19\01&\04\00\00\00sid=S-1-5-32-544\00comment\00\01\00\00\00\0E\00\00\00Administrators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00
\02\00\00\00privilege\00\18\00\00\00\13\00\00\00SeSecurityPrivilege\00\11\00\00\00SeBackupPrivilege\00\12\00\00\00SeRestorePrivilege\00\15\00\00\00SeSystemtimePrivilege\00\13\00\00\00SeShutdownPrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\18\00\00\00SeTakeOwnershipPrivilege\00\10\00\00\00SeDebugPrivilege\00\1C\00\00\00SeSystemEnvironmentPrivilege\00\18\00\00\00SeSystemProfilePrivilege\00\1F\00\00\00SeProfileSingleProcessPrivilege\00\1F\00\00\00SeIncreaseBasePriorityPrivilege\00\15\00\00\00SeLoadDriverPrivilege\00\19\00\00\00SeCreatePagefilePrivilege\00\18\00\00\00SeIncreaseQuotaPrivilege\00\17\00\00\00SeChangeNotifyPrivilege\00\11\00\00\00SeUndockPrivilege\00\17\00\00\00SeManageVolumePrivilege\00\16\00\00\00SeImpersonatePrivilege\00\17\00\00\00SeCr
eateGlobalPrivilege\00\1B\00\00\00SeEnableDelegationPrivilege\00\17\00\00\00SeInteractiveLogonRight\00\13\00\00\00SeNetworkLogonRight\00\1D\00\00\00SeRemoteInteractiveLogonRight\00"
+}
+{
+key(38) = "DN=@INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00"
+data(137) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEBACKUPPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-549\00"
+data(290) =
"g\19\01&\04\00\00\00sid=S-1-5-32-549\00comment\00\01\00\00\00\10\00\00\00Server
Operators\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00%\02\00\00\00privilege\00\06\00\00\00\11\00\00\00SeBackupPrivilege\00\15\00\00\00SeSystemtimePrivilege\00\19\00\00\00SeRemoteShutdownPrivilege\00\12\00\00\00SeRestorePrivilege\00\13\00\00\00SeShutdownPrivilege\00\17\00\00\00SeInteractiveLogonRight\00"
+}
+{
+key(40) = "DN=@INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00"
+data(160) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SESHUTDOWNPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\04\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(44) = "DN=@INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00"
+data(101) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SECREATEGLOBALPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(46) = "DN=@INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00"
+data(124) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SEREMOTESHUTDOWNPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJAIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-548\00"
+}
+{
+key(45) = "DN=@INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00"
+data(102) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SETAKEOWNERSHIPPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(49) = "DN=@INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00"
+data(106) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SESYSTEMENVIRONMENTPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-544\00"
+}
+{
+key(42) = "DN=@INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00"
+data(120) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SELOADDRIVERPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\02\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-550\00"
+}
+{
+key(39) = "DN=@INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00"
+data(138) =
"g\19\01&\02\00\00\00@INDEX:PRIVILEGE:SERESTOREPRIVILEGE\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\03\00\00\00\10\00\00\00sid=S-1-5-32-544\00\10\00\00\00sid=S-1-5-32-551\00\10\00\00\00sid=S-1-5-32-549\00"
+}
+{
+key(20) = "DN=SID=S-1-5-32-554\00"
+data(217) =
"g\19\01&\04\00\00\00sid=S-1-5-32-554\00comment\00\01\00\00\00\22\00\00\00Pre-Windows
2000 Compatible
Access\00objectClass\00\01\00\00\00\09\00\00\00privilege\00objectSid\00\01\00\00\00\10\00\00\00\01\02\00\00\00\00\00\05
\00\00\00*\02\00\00\00privilege\00\02\00\00\00\1D\00\00\00SeRemoteInteractiveLogonRight\00\17\00\00\00SeChangeNotifyPrivilege\00"
+}
+{
+key(46) = "DN=@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00"
+data(103) =
"g\19\01&\02\00\00\00@INDEX:OBJECTSID::AQIAAAAAAAUgAAAAJgIAAA==\00@IDXVERSION\00\01\00\00\00\01\00\00\002\00@IDX\00\01\00\00\00\10\00\00\00sid=S-1-5-32-550\00"
+}
--
Samba Shared Repository
