The branch, master has been updated
via cb243d8 tests/getnc_exop: Ensure that attribute list sorting is
correct
via 1a96f93 getncchanges: Compute the partial attribute set from the
remote schema
via 36df826 tests/getnc_exop: PartialAttrSetEx test (passes Windows,
fails us)
via e495d1b tests/getnc_exop: Ensure the remote prefixmap is always
used (name attr)
via 1f4ea16 tests/getnc_exop: Ensure the remote prefixmap is always
used (secret attrs)
via 7f3ef15 tests/getnc_exop: Ensure that all attids are valid in a
given PAS
via 1673590 tests/getnc_exop: Ensure we do the fallback if not given a
PAS
via 0ea126c drepl_out: Send the prefix map alongside the global catalog
partial attribute set
via 317bbc4 drepl_out: Send the prefix map alongside the RODC partial
attribute set
via 216c031 replicated_objects: Add missing newline for debug
via 9563dab getncchanges: Fix some whitespace
via fd49b44 tests/schemainfo: run dsdb schema info tests with proper URI
from ce8c2ad selftest: skip client_etypes tests if tshark or sha1sum is
not installed
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cb243d86d892cb148d01dd87f29f86f3e2c1ebd0
Author: Bob Campbell <bobcampb...@catalyst.net.nz>
Date: Mon Aug 22 14:43:41 2016 +1200
tests/getnc_exop: Ensure that attribute list sorting is correct
With a binary search, this can only be tested on 3+ elements.
Pair-programmed-with: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampb...@catalyst.net.nz>
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Garming Sam <garm...@samba.org>
Autobuild-Date(master): Thu Aug 25 14:22:25 CEST 2016 on sn-devel-144
commit 1a96f9329e718acac195e75a5156b1c147ad54ff
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Mon Aug 15 14:10:38 2016 +1200
getncchanges: Compute the partial attribute set from the remote schema
This doesn't fix the partialAttrSetEx case, so the test is left in the
knownfail file.
Signed-off-by: Bob Campbell <bobcampb...@catalyst.net.nz>
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 36df826154ed90e92f877e6f36269893c44a2a16
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Thu Aug 18 15:20:06 2016 +1200
tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
This has an odd behaviour where PartialAttrSetEx does not respect the
incoming mapping. PartialAttrSetEx is not respected in Samba at all.
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit e495d1b2ed9aca45ce696dd8cc54458002ca0c3a
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Wed Aug 17 16:36:58 2016 +1200
tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 1f4ea1686ff1575406b5e8e488feb7b900db12ef
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Wed Aug 17 16:04:49 2016 +1200
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 7f3ef150751452411db1e0c5b2ca6d8af2769d5c
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Wed Aug 17 14:26:55 2016 +1200
tests/getnc_exop: Ensure that all attids are valid in a given PAS
On Windows this does not seem to fail, but causes silent errors.
Pair-programmed-with: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampb...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 1673590e8ec3001c6909a78e004f64433060a624
Author: Bob Campbell <bobcampb...@catalyst.net.nz>
Date: Mon Aug 15 16:19:09 2016 +1200
tests/getnc_exop: Ensure we do the fallback if not given a PAS
This will cause silent errors in the translation, but as far as we know,
Windows will accept it just fine.
Pair-programmed-with: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampb...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 0ea126c63c1d5a0081b90a914c9ad7227cf7b748
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Thu Aug 18 13:18:28 2016 +1200
drepl_out: Send the prefix map alongside the global catalog partial
attribute set
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 317bbc4d0528dca03d94d61c38b038d314f8cad8
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Thu Aug 11 14:28:27 2016 +1200
drepl_out: Send the prefix map alongside the RODC partial attribute set
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 216c0319c744c39848ae5da7d15dccb6769ea20a
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Tue Aug 16 10:53:39 2016 +1200
replicated_objects: Add missing newline for debug
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 9563dab562cb2dfe4c226f03156bec0bf6eef847
Author: Bob Campbell <bobcampb...@catalyst.net.nz>
Date: Mon Aug 15 16:19:20 2016 +1200
getncchanges: Fix some whitespace
Pair-programmed-with: Garming Sam <garm...@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampb...@catalyst.net.nz>
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit fd49b44e0296348c835168f336297fd969e63c50
Author: Garming Sam <garm...@catalyst.net.nz>
Date: Thu Aug 25 11:33:16 2016 +1200
tests/schemainfo: run dsdb schema info tests with proper URI
Signed-off-by: Garming Sam <garm...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 +
source4/dsdb/repl/drepl_out_helpers.c | 29 +-
source4/dsdb/repl/replicated_objects.c | 4 +-
source4/dsdb/tests/python/dsdb_schema_info.py | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 197 +++++++++++---
source4/torture/drs/python/getnc_exop.py | 363 +++++++++++++++++++++++++-
6 files changed, 551 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 97538f4..2f6a66b 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -292,3 +292,4 @@
^samba4.smb2.read.access
#ntvfs server blocks copychunk with execute access on read handle
^samba4.smb2.ioctl.copy_chunk_bad_access
+^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.*
diff --git a/source4/dsdb/repl/drepl_out_helpers.c
b/source4/dsdb/repl/drepl_out_helpers.c
index 9fe8c3b..ac0b947 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -302,6 +302,7 @@ static void dreplsrv_op_pull_source_get_changes_done(struct
tevent_req *subreq);
static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct
dreplsrv_service *service,
TALLOC_CTX *mem_ctx,
struct
drsuapi_DsPartialAttributeSet **_pas,
+ struct
drsuapi_DsReplicaOIDMapping_Ctr **pfm,
bool for_schema)
{
struct drsuapi_DsPartialAttributeSet *pas;
@@ -340,6 +341,11 @@ static NTSTATUS
dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service
}
*_pas = pas;
+
+ if (pfm != NULL) {
+ dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
+ }
+
return NT_STATUS_OK;
}
@@ -349,7 +355,8 @@ static NTSTATUS
dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service
*/
static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service
*service,
TALLOC_CTX *mem_ctx,
- struct
drsuapi_DsPartialAttributeSet **_pas)
+ struct
drsuapi_DsPartialAttributeSet **_pas,
+ struct
drsuapi_DsReplicaOIDMapping_Ctr **pfm)
{
struct drsuapi_DsPartialAttributeSet *pas;
struct dsdb_schema *schema;
@@ -383,6 +390,11 @@ static NTSTATUS
dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *s
}
*_pas = pas;
+
+ if (pfm != NULL) {
+ dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
+ }
+
return NT_STATUS_OK;
}
@@ -427,6 +439,7 @@ static void
dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
uint32_t replica_flags;
struct drsuapi_DsReplicaHighWaterMark highwatermark;
struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mappings = NULL;
r = talloc(state, struct drsuapi_DsGetNCChanges);
if (tevent_req_nomem(r, req)) {
@@ -476,7 +489,9 @@ static void
dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
}
if (partition->partial_replica) {
- status = dreplsrv_get_gc_partial_attribute_set(service, r,
&pas);
+ status = dreplsrv_get_gc_partial_attribute_set(service, r,
+ &pas,
+ &mappings);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,(__location__ ": Failed to construct GC partial
attribute set : %s\n", nt_errstr(status)));
tevent_req_nterror(req, status);
@@ -488,8 +503,10 @@ static void
dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
if (ldb_dn_compare_base(schema_dn, partition->dn) == 0) {
for_schema = true;
}
-
- status = dreplsrv_get_rodc_partial_attribute_set(service, r,
&pas, for_schema);
+ status = dreplsrv_get_rodc_partial_attribute_set(service, r,
+ &pas,
+ &mappings,
+ for_schema);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,(__location__ ": Failed to construct RODC
partial attribute set : %s\n", nt_errstr(status)));
tevent_req_nterror(req, status);
@@ -538,8 +555,8 @@ static void
dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
r->in.req->req8.fsmo_info = state->op->fsmo_info;
r->in.req->req8.partial_attribute_set = pas;
r->in.req->req8.partial_attribute_set_ex= NULL;
- r->in.req->req8.mapping_ctr.num_mappings= 0;
- r->in.req->req8.mapping_ctr.mappings = NULL;
+ r->in.req->req8.mapping_ctr.num_mappings= mappings == NULL ? 0
: mappings->num_mappings;
+ r->in.req->req8.mapping_ctr.mappings = mappings == NULL ?
NULL : mappings->mappings;
} else {
r->in.level = 5;
r->in.req->req5.destination_dsa_guid = service->ntds_guid;
diff --git a/source4/dsdb/repl/replicated_objects.c
b/source4/dsdb/repl/replicated_objects.c
index 89d288a..46b0b66 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -306,7 +306,7 @@ WERROR dsdb_repl_make_working_schema(struct ldb_context
*ldb,
werr = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
working_schema, &pfm_remote,
NULL);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s",
+ DEBUG(0,(__location__ ": Failed to decode remote prefixMap:
%s\n",
win_errstr(werr)));
talloc_free(working_schema);
return werr;
@@ -667,7 +667,7 @@ WERROR dsdb_replicated_objects_convert(struct ldb_context
*ldb,
status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
out, &pfm_remote, NULL);
if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s",
+ DEBUG(0,(__location__ ": Failed to decode remote prefixMap:
%s\n",
win_errstr(status)));
talloc_free(out);
return status;
diff --git a/source4/dsdb/tests/python/dsdb_schema_info.py
b/source4/dsdb/tests/python/dsdb_schema_info.py
index 18c2f08..e7933f4 100755
--- a/source4/dsdb/tests/python/dsdb_schema_info.py
+++ b/source4/dsdb/tests/python/dsdb_schema_info.py
@@ -51,7 +51,7 @@ class SchemaInfoTestCase(samba.tests.TestCase):
# connect SamDB if we haven't yet
if self.sam_db is None:
- ldb_url = samba.tests.env_get_var_value("DC_SERVER")
+ ldb_url = "ldap://%s"; % samba.tests.env_get_var_value("DC_SERVER")
SchemaInfoTestCase.sam_db = samba.tests.connect_samdb(ldb_url)
# fetch rootDSE
diff --git a/source4/rpc_server/drsuapi/getncchanges.c
b/source4/rpc_server/drsuapi/getncchanges.c
index f002836..c1de242 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -133,24 +133,57 @@ static bool udv_filter(const struct
drsuapi_DsReplicaCursorCtrEx *udv,
}
-static int attid_cmp(enum drsuapi_DsAttributeId a1, enum drsuapi_DsAttributeId
a2)
+static int uint32_t_cmp(uint32_t a1, uint32_t a2)
{
if (a1 == a2) return 0;
- return ((uint32_t)a1) > ((uint32_t)a2) ? 1 : -1;
+ return a1 > a2 ? 1 : -1;
}
-/*
- check if an attribute is in a partial_attribute_set
- */
-static bool check_partial_attribute_set(const struct dsdb_attribute *sa,
- struct drsuapi_DsPartialAttributeSet
*pas)
+static int uint32_t_ptr_cmp(uint32_t *a1, uint32_t *a2, void *unused)
{
- enum drsuapi_DsAttributeId *result;
- BINARY_ARRAY_SEARCH_V(pas->attids, pas->num_attids, (enum
drsuapi_DsAttributeId)sa->attributeID_id,
- attid_cmp, result);
- return result != NULL;
+ if (*a1 == *a2) return 0;
+ return *a1 > *a2 ? 1 : -1;
}
+static WERROR getncchanges_attid_remote_to_local(const struct dsdb_schema
*schema,
+ const struct dsdb_syntax_ctx
*ctx,
+ enum drsuapi_DsAttributeId
remote_attid_as_enum,
+ enum drsuapi_DsAttributeId
*local_attid_as_enum,
+ const struct dsdb_attribute
**_sa)
+{
+ WERROR werr;
+ const struct dsdb_attribute *sa = NULL;
+
+ if (ctx->pfm_remote == NULL) {
+ DEBUG(7, ("No prefixMap supplied, falling back to local
prefixMap.\n"));
+ goto fail;
+ }
+
+ werr = dsdb_attribute_drsuapi_remote_to_local(ctx,
+ remote_attid_as_enum,
+ local_attid_as_enum,
+ _sa);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(3, ("WARNING: Unable to resolve remote attid, falling
back to local prefixMap.\n"));
+ goto fail;
+ }
+
+ return werr;
+fail:
+
+ sa = dsdb_attribute_by_attributeID_id(schema, remote_attid_as_enum);
+ if (sa == NULL) {
+ return WERR_DS_DRA_SCHEMA_MISMATCH;
+ } else {
+ if (local_attid_as_enum != NULL) {
+ *local_attid_as_enum = sa->attributeID_id;
+ }
+ if (_sa != NULL) {
+ *_sa = sa;
+ }
+ return WERR_OK;
+ }
+}
/*
drsuapi_DsGetNCChanges for one object
@@ -167,7 +200,8 @@ static WERROR get_nc_changes_build_object(struct
drsuapi_DsReplicaObjectListItem
struct drsuapi_DsPartialAttributeSet
*partial_attribute_set,
struct drsuapi_DsReplicaCursorCtrEx
*uptodateness_vector,
enum drsuapi_DsExtendedOperation
extended_op,
- bool force_object_return)
+ bool force_object_return,
+ uint32_t *local_pas)
{
const struct ldb_val *md_value;
uint32_t i, n;
@@ -294,8 +328,13 @@ static WERROR get_nc_changes_build_object(struct
drsuapi_DsReplicaObjectListItem
}
/* filter by partial_attribute_set */
- if (partial_attribute_set && !check_partial_attribute_set(sa,
partial_attribute_set)) {
- continue;
+ if (partial_attribute_set) {
+ uint32_t *result = NULL;
+ BINARY_ARRAY_SEARCH_V(local_pas,
partial_attribute_set->num_attids, sa->attributeID_id,
+ uint32_t_cmp, result);
+ if (result == NULL) {
+ continue;
+ }
}
obj->meta_data_ctr->meta_data[n].originating_change_time =
md.ctr.ctr1.array[i].originating_change_time;
@@ -1185,11 +1224,13 @@ static WERROR getncchanges_change_master(struct
drsuapi_bind_state *b_state,
*/
static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct
drsuapi_bind_state *b_state,
struct
drsuapi_DsGetNCChangesRequest10 *req10,
+ struct
dsdb_schema_prefixmap *pfm_remote,
bool *is_secret_request)
{
enum drsuapi_DsExtendedOperation exop;
uint32_t i;
struct dsdb_schema *schema;
+ struct dsdb_syntax_ctx syntax_ctx;
*is_secret_request = true;
@@ -1223,14 +1264,24 @@ static WERROR
dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state
}
schema = dsdb_get_schema(b_state->sam_ctx, NULL);
+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema);
+ syntax_ctx.pfm_remote = pfm_remote;
/* check the attributes they asked for */
for (i=0; i<req10->partial_attribute_set->num_attids; i++) {
const struct dsdb_attribute *sa;
- sa = dsdb_attribute_by_attributeID_id(schema,
req10->partial_attribute_set->attids[i]);
- if (sa == NULL) {
- return WERR_DS_DRA_SCHEMA_MISMATCH;
+ WERROR werr = getncchanges_attid_remote_to_local(schema,
+ &syntax_ctx,
+
req10->partial_attribute_set->attids[i],
+ NULL,
+ &sa);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+ req10->partial_attribute_set->attids[i],
win_errstr(werr)));
+ return werr;
}
+
if (!dsdb_attr_in_rodc_fas(sa)) {
*is_secret_request = true;
return WERR_OK;
@@ -1241,10 +1292,18 @@ static WERROR
dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state
/* check the extended attributes they asked for */
for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) {
const struct dsdb_attribute *sa;
- sa = dsdb_attribute_by_attributeID_id(schema,
req10->partial_attribute_set_ex->attids[i]);
- if (sa == NULL) {
- return WERR_DS_DRA_SCHEMA_MISMATCH;
+ WERROR werr = getncchanges_attid_remote_to_local(schema,
+
&syntax_ctx,
+
req10->partial_attribute_set_ex->attids[i],
+ NULL,
+ &sa);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__": attid 0x%08X not found:
%s\n",
+
req10->partial_attribute_set_ex->attids[i], win_errstr(werr)));
+ return werr;
}
+
if (!dsdb_attr_in_rodc_fas(sa)) {
*is_secret_request = true;
return WERR_OK;
@@ -1262,11 +1321,13 @@ static WERROR
dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state
*/
static WERROR dcesrv_drsuapi_is_gc_pas_request(struct drsuapi_bind_state
*b_state,
struct
drsuapi_DsGetNCChangesRequest10 *req10,
+ struct dsdb_schema_prefixmap
*pfm_remote,
bool *is_gc_pas_request)
{
enum drsuapi_DsExtendedOperation exop;
uint32_t i;
struct dsdb_schema *schema;
+ struct dsdb_syntax_ctx syntax_ctx;
exop = req10->extended_op;
@@ -1291,14 +1352,24 @@ static WERROR dcesrv_drsuapi_is_gc_pas_request(struct
drsuapi_bind_state *b_stat
}
schema = dsdb_get_schema(b_state->sam_ctx, NULL);
+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema);
+ syntax_ctx.pfm_remote = pfm_remote;
/* check the attributes they asked for */
for (i=0; i<req10->partial_attribute_set->num_attids; i++) {
const struct dsdb_attribute *sa;
- sa = dsdb_attribute_by_attributeID_id(schema,
req10->partial_attribute_set->attids[i]);
- if (sa == NULL) {
- return WERR_DS_DRA_SCHEMA_MISMATCH;
+ WERROR werr = getncchanges_attid_remote_to_local(schema,
+ &syntax_ctx,
+
req10->partial_attribute_set->attids[i],
+ NULL,
+ &sa);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+ req10->partial_attribute_set->attids[i],
win_errstr(werr)));
+ return werr;
}
+
if (!sa->isMemberOfPartialAttributeSet) {
*is_gc_pas_request = false;
return WERR_OK;
@@ -1309,10 +1380,18 @@ static WERROR dcesrv_drsuapi_is_gc_pas_request(struct
drsuapi_bind_state *b_stat
/* check the extended attributes they asked for */
for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) {
const struct dsdb_attribute *sa;
- sa = dsdb_attribute_by_attributeID_id(schema,
req10->partial_attribute_set_ex->attids[i]);
- if (sa == NULL) {
- return WERR_DS_DRA_SCHEMA_MISMATCH;
+ WERROR werr = getncchanges_attid_remote_to_local(schema,
+
&syntax_ctx,
+
req10->partial_attribute_set_ex->attids[i],
+ NULL,
+ &sa);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__": attid 0x%08X not found:
%s\n",
+
req10->partial_attribute_set_ex->attids[i], win_errstr(werr)));
+ return werr;
}
+
if (!sa->isMemberOfPartialAttributeSet) {
*is_gc_pas_request = false;
return WERR_OK;
@@ -1606,7 +1685,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
DATA_BLOB session_key;
WERROR werr;
struct dcesrv_handle *h;
- struct drsuapi_bind_state *b_state;
+ struct drsuapi_bind_state *b_state;
struct drsuapi_getncchanges_state *getnc_state;
struct drsuapi_DsGetNCChangesRequest10 *req10;
uint32_t options;
@@ -1629,6 +1708,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
bool has_get_all_changes = false;
struct GUID invocation_id;
static const struct drsuapi_DsReplicaLinkedAttribute no_linked_attr;
+ struct dsdb_schema_prefixmap *pfm_remote = NULL;
+ bool full = true;
+ uint32_t *local_pas = NULL;
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
@@ -1688,7 +1770,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
if (samdb_ntds_options(sam_ctx, &options) != LDB_SUCCESS) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
-
+
if ((options & DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL) &&
!(req10->replica_flags & DRSUAPI_DRS_SYNC_FORCED)) {
return WERR_DS_DRA_SOURCE_DISABLED;
@@ -1706,9 +1788,35 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
return werr;
}
+ if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
+ full = req10->partial_attribute_set == NULL &&
+ req10->partial_attribute_set_ex == NULL;
+ } else {
+ full = (options & DRSUAPI_DRS_WRIT_REP) != 0;
+ }
+
+ werr = dsdb_schema_pfm_from_drsuapi_pfm(&req10->mapping_ctr, true,
+ mem_ctx, &pfm_remote, NULL);
+
+ /* We were supplied a partial attribute set, without the prefix map! */
+ if (!full && !W_ERROR_IS_OK(werr)) {
+ if (req10->mapping_ctr.num_mappings == 0) {
+ /*
+ * Despite the fact MS-DRSR specifies that this
shouldn't
+ * happen, Windows RODCs will in fact not provide a
prefixMap.
+ */
+ DEBUG(5,(__location__ ": Failed to provide a remote
prefixMap,"
+ " falling back to local prefixMap\n"));
+ } else {
+ DEBUG(0,(__location__ ": Failed to decode remote
prefixMap: %s\n",
+ win_errstr(werr)));
+ return werr;
+ }
+ }
+
/* allowed if the GC PAS and client has
GUID_DRS_GET_FILTERED_ATTRIBUTES */
- werr = dcesrv_drsuapi_is_gc_pas_request(b_state, req10,
&is_gc_pas_request);
+ werr = dcesrv_drsuapi_is_gc_pas_request(b_state, req10, pfm_remote,
&is_gc_pas_request);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -1723,7 +1831,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
}
}
- werr = dcesrv_drsuapi_is_reveal_secrets_request(b_state, req10,
&is_secret_request);
+ werr = dcesrv_drsuapi_is_reveal_secrets_request(b_state, req10,
+ pfm_remote,
+ &is_secret_request);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -2040,6 +2150,30 @@ allowed:
* 10 seconds by default.
*/
max_wait = lpcfg_parm_int(dce_call->conn->dce_ctx->lp_ctx, NULL, "drs",
"max work time", 10);
+
+ if (req10->partial_attribute_set != NULL) {
+ struct dsdb_syntax_ctx syntax_ctx;
+ uint32_t j = 0;
+
+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema);
+ syntax_ctx.pfm_remote = pfm_remote;
+
+ local_pas = talloc_array(b_state, uint32_t,
req10->partial_attribute_set->num_attids);
+
+ for (j = 0; j < req10->partial_attribute_set->num_attids; j++) {
+ getncchanges_attid_remote_to_local(schema,
+ &syntax_ctx,
+
req10->partial_attribute_set->attids[j],
+ (enum
drsuapi_DsAttributeId *)&local_pas[j],
+ NULL);
+ }
+
+ LDB_TYPESAFE_QSORT(local_pas,
+ req10->partial_attribute_set->num_attids,
+ NULL,
+ uint32_t_ptr_cmp);
+ }
+
for (i=getnc_state->num_processed;
i<getnc_state->num_records &&
!null_scope &&
@@ -2093,7 +2227,8 @@ allowed:
req10->partial_attribute_set,
req10->uptodateness_vector,
req10->extended_op,
- max_wait_reached);
+ max_wait_reached,
+ local_pas);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
diff --git a/source4/torture/drs/python/getnc_exop.py
b/source4/torture/drs/python/getnc_exop.py
index ca6c443..d058e66 100644
--- a/source4/torture/drs/python/getnc_exop.py
+++ b/source4/torture/drs/python/getnc_exop.py
@@ -79,7 +79,8 @@ class AbstractLink:
class ExopBaseTest:
def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop,
- replica_flags=0, max_objects=0):
+ replica_flags=0, max_objects=0, partial_attribute_set=None,
+ partial_attribute_set_ex=None, mapping_ctr=None):
req8 = drsuapi.DsGetNCChangesRequest8()
req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else
misc.GUID()
@@ -96,10 +97,13 @@ class ExopBaseTest:
req8.max_ndr_size = 402116
req8.extended_op = exop
req8.fsmo_info = 0
- req8.partial_attribute_set = None
- req8.partial_attribute_set_ex = None
- req8.mapping_ctr.num_mappings = 0
- req8.mapping_ctr.mappings = None
+ req8.partial_attribute_set = partial_attribute_set
--
Samba Shared Repository
