#include "lib/util/dlinklist.h"
#include "dsdb/samdb/ldb_modules/util.h"
#include "lib/util/binsearch.h"
+#include "libcli/security/security.h"
+#include "lib/util/tsort.h"
#define W2K3_LINKED_ATTRIBUTES 1
struct nc_entry *prev, *next;
struct ldb_dn *dn;
uint64_t mod_usn;
+ uint64_t mod_usn_urgent;
} *ncs;
};
struct ldb_message *search_msg;
uint64_t seq_num;
+ bool is_urgent;
+};
+enum urgent_situation {
+ REPL_URGENT_ON_CREATE = 1,
+ REPL_URGENT_ON_UPDATE = 2,
+ REPL_URGENT_ON_DELETE = 4
};
-static int replmd_replicated_apply_next(struct replmd_replicated_request *ar);
+static const struct {
+ const char *update_name;
+ enum urgent_situation repl_situation;
+} urgent_objects[] = {
+ {"nTDSDSA", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
+ {"crossRef", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
+ {"attributeSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+ {"classSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+ {"secret", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+ {"rIDManager", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+ {NULL, 0}
+};
+
+/* Attributes looked for when updating or deleting, to check for a urgent replication needed */
+static const char *urgent_attrs[] = {
+ "lockoutTime",
+ "pwdLastSet",
+ "userAccountControl",
+ NULL
+};
+
+
+static bool replmd_check_urgent_objectclass(const struct ldb_message_element *objectclass_el,
+ enum urgent_situation situation)
+{
+ int i, j;
+ for (i=0; urgent_objects[i].update_name; i++) {
+
+ if ((situation & urgent_objects[i].repl_situation) == 0) {
+ continue;
+ }
+
+ for (j=0; j<objectclass_el->num_values; j++) {
+ const struct ldb_val *v = &objectclass_el->values[j];
+ if (ldb_attr_cmp((const char *)v->data, urgent_objects[i].update_name) == 0) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+static bool replmd_check_urgent_attribute(const struct ldb_message_element *el)
+{
+ if (ldb_attr_in_list(urgent_attrs, el->name)) {
+ return true;
+ }
+ return false;
+}
+
+
+static int replmd_replicated_apply_next(struct replmd_replicated_request *ar);
/*
initialise the module
if (ac->seq_num > modified_partition->mod_usn) {
modified_partition->mod_usn = ac->seq_num;
+ if (ac->is_urgent) {
+ modified_partition->mod_usn_urgent = ac->seq_num;
+ }
}
}
*/
static int replmd_notify_store(struct ldb_module *module)
{
- struct replmd_private *replmd_private =
+ struct replmd_private *replmd_private =
talloc_get_type(ldb_module_get_private(module), struct replmd_private);
struct ldb_context *ldb = ldb_module_get_ctx(module);
int ret;
struct nc_entry *modified_partition = replmd_private->ncs;
- ret = dsdb_save_partition_usn(ldb, modified_partition->dn, modified_partition->mod_usn);
+ ret = dsdb_save_partition_usn(ldb, modified_partition->dn,
+ modified_partition->mod_usn,
+ modified_partition->mod_usn_urgent);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to save partition uSN for %s\n",
ldb_dn_get_linearized(modified_partition->dn)));
DEBUG(6,("Sorting rpmd with attid exception %u rDN=%s DN=%s\n",
rdn_sa->attributeID_id, rdn_name, ldb_dn_get_linearized(dn)));
- ldb_qsort(ctr1->array, ctr1->count, sizeof(struct replPropertyMetaData1),
- discard_const_p(void, &rdn_sa->attributeID_id),
- (ldb_qsort_cmp_fn_t)replmd_replPropertyMetaData1_attid_sort);
+ LDB_TYPESAFE_QSORT(ctr1->array, ctr1->count, &rdn_sa->attributeID_id, replmd_replPropertyMetaData1_attid_sort);
return LDB_SUCCESS;
}
static void replmd_ldb_message_sort(struct ldb_message *msg,
const struct dsdb_schema *schema)
{
- ldb_qsort(msg->elements, msg->num_elements, sizeof(struct ldb_message_element),
- discard_const_p(void, schema), (ldb_qsort_cmp_fn_t)replmd_ldb_message_element_attid_sort);
+ LDB_TYPESAFE_QSORT(msg->elements, msg->num_elements, schema, replmd_ldb_message_element_attid_sort);
}
static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
uint64_t seq_num, const struct GUID *invocationId, time_t t,
struct GUID *guid, const struct dsdb_attribute *sa)
{
- int i;
+ unsigned int i;
TALLOC_CTX *tmp_ctx = talloc_new(el->values);
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct dsdb_schema *schema = dsdb_get_schema(ldb);
NTSTATUS status;
int ret;
- ret = replmd_build_la_val(el->values, v, dsdb_dn, invocationId,
- seq_num, seq_num, now, 0, false);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
-
/* note that the DN already has the extended
components from the extended_dn_store module */
status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
talloc_free(tmp_ctx);
return ret;
}
+ ret = dsdb_set_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ }
+
+ ret = replmd_build_la_val(el->values, v, dsdb_dn, invocationId,
+ seq_num, seq_num, now, 0, false);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
}
ret = replmd_add_backlink(module, schema, guid, &target_guid, true, sa, false);
NTTIME now;
char *time_str;
int ret;
- uint32_t i, ni=0;
+ unsigned int i;
+ uint32_t ni=0;
bool allow_add_guid = false;
bool remove_current_guid = false;
+ bool is_urgent = false;
+ struct ldb_message_element *objectclass_el;
/* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
if (control) {
- allow_add_guid = 1;
+ allow_add_guid = true;
}
/* do not manipulate our control entries */
*/
replmd_ldb_message_sort(msg, ac->schema);
+ objectclass_el = ldb_msg_find_element(msg, "objectClass");
+ is_urgent = replmd_check_urgent_objectclass(objectclass_el,
+ REPL_URGENT_ON_CREATE);
+
+ ac->is_urgent = is_urgent;
ret = ldb_build_add_req(&down_req, ldb, ac,
msg,
req->controls,
ac, replmd_op_callback,
req);
+
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
/*
* update the replPropertyMetaData for one element
*/
-static int replmd_update_rpmd_element(struct ldb_context *ldb,
+static int replmd_update_rpmd_element(struct ldb_context *ldb,
struct ldb_message *msg,
struct ldb_message_element *el,
+ struct ldb_message_element *old_el,
struct replPropertyMetaDataBlob *omd,
const struct dsdb_schema *schema,
uint64_t *seq_num,
const struct GUID *our_invocation_id,
NTTIME now)
{
- int i;
+ uint32_t i;
const struct dsdb_attribute *a;
struct replPropertyMetaData1 *md1;
return LDB_SUCCESS;
}
+ /* if the attribute's value haven't changed then return LDB_SUCCESS */
+ if (old_el != NULL && ldb_msg_element_compare(el, old_el) == 0) {
+ return LDB_SUCCESS;
+ }
+
for (i=0; i<omd->ctr.ctr1.count; i++) {
if (a->attributeID_id == omd->ctr.ctr1.array[i].attid) break;
}
static int replmd_update_rpmd(struct ldb_module *module,
const struct dsdb_schema *schema,
struct ldb_message *msg, uint64_t *seq_num,
- time_t t)
+ time_t t,
+ bool *is_urgent)
{
const struct ldb_val *omd_value;
enum ndr_err_code ndr_err;
struct replPropertyMetaDataBlob omd;
- int i;
+ unsigned int i;
NTTIME now;
const struct GUID *our_invocation_id;
int ret;
- const char *attrs[] = { "replPropertyMetaData" , NULL };
+ const char *attrs[] = { "replPropertyMetaData", "*", NULL };
struct ldb_result *res;
struct ldb_context *ldb;
+ struct ldb_message_element *objectclass_el;
+ enum urgent_situation situation;
ldb = ldb_module_get_ctx(module);
unix_to_nt_time(&now, t);
- /* search for the existing replPropertyMetaDataBlob */
- ret = dsdb_search_dn_with_deleted(ldb, msg, &res, msg->dn, attrs);
+ /* search for the existing replPropertyMetaDataBlob. We need
+ * to use REVEAL and ask for DNs in storage format to support
+ * the check for values being the same in
+ * replmd_update_rpmd_element()
+ */
+ ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
+ DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_EXTENDED_DN |
+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+ DSDB_SEARCH_REVEAL_INTERNALS);
if (ret != LDB_SUCCESS || res->count != 1) {
DEBUG(0,(__location__ ": Object %s failed to find replPropertyMetaData\n",
ldb_dn_get_linearized(msg->dn)));
return LDB_ERR_OPERATIONS_ERROR;
}
-
+
+ /* if isDeleted is present and is TRUE, then we consider we are deleting,
+ * otherwise we consider we are updating */
+ if (ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")) {
+ situation = REPL_URGENT_ON_DELETE;
+ } else {
+ situation = REPL_URGENT_ON_UPDATE;
+ }
+
+ objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
+ if (is_urgent && replmd_check_urgent_objectclass(objectclass_el,
+ situation)) {
+ *is_urgent = true;
+ }
omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
if (!omd_value) {
}
for (i=0; i<msg->num_elements; i++) {
- ret = replmd_update_rpmd_element(ldb, msg, &msg->elements[i], &omd, schema, seq_num,
+ struct ldb_message_element *old_el;
+ old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
+ ret = replmd_update_rpmd_element(ldb, msg, &msg->elements[i], old_el, &omd, schema, seq_num,
our_invocation_id, now);
if (ret != LDB_SUCCESS) {
return ret;
}
+
+ if (is_urgent && !*is_urgent && (situation == REPL_URGENT_ON_UPDATE)) {
+ *is_urgent = replmd_check_urgent_attribute(&msg->elements[i]);
+ }
+
}
/*
return LDB_SUCCESS;
}
-
struct parsed_dn {
struct dsdb_dn *dsdb_dn;
struct GUID *guid;
struct ldb_message_element *el, struct parsed_dn **pdn,
const char *ldap_oid)
{
- int i;
+ unsigned int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
if (el == NULL) {
ldb_dn_get_linearized(dn));
return ret;
}
+ ret = dsdb_set_extended_dn_guid(dn, p->guid, "GUID");
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
} else if (!NT_STATUS_IS_OK(status)) {
return LDB_ERR_OPERATIONS_ERROR;
}
p->v = v;
}
- qsort(*pdn, el->num_values, sizeof((*pdn)[0]), (comparison_fn_t)parsed_dn_compare);
+ TYPESAFE_QSORT(*pdn, el->num_values, parsed_dn_compare);
return LDB_SUCCESS;
}
/*
build a new extended DN, including all meta data fields
- DELETED = 1 or missing
+ RMD_FLAGS = DSDB_RMD_FLAG_* bits
RMD_ADDTIME = originating_add_time
RMD_INVOCID = originating_invocation_id
RMD_CHANGETIME = originating_change_time
uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted)
{
struct ldb_dn *dn = dsdb_dn->dn;
- const char *tstring, *usn_string;
+ const char *tstring, *usn_string, *flags_string;
struct ldb_val tval;
struct ldb_val iid;
struct ldb_val usnv, local_usnv;
- struct ldb_val vers;
+ struct ldb_val vers, flagsv;
NTSTATUS status;
int ret;
const char *dnstring;
char *vstring;
+ uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
if (!tstring) {
local_usnv = data_blob_string_const(usn_string);
vstring = talloc_asprintf(mem_ctx, "%lu", (unsigned long)version);
+ if (!vstring) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
vers = data_blob_string_const(vstring);
status = GUID_to_ndr_blob(invocation_id, dn, &iid);
return LDB_ERR_OPERATIONS_ERROR;
}
- if (deleted) {
- struct ldb_val dv;
- dv = data_blob_string_const("1");
- ret = ldb_dn_set_extended_component(dn, "DELETED", &dv);
- } else {
- ret = ldb_dn_set_extended_component(dn, "DELETED", NULL);
+ flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
+ if (!flags_string) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
+ flagsv = data_blob_string_const(flags_string);
+
+ ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
if (ret != LDB_SUCCESS) return ret;
ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", &tval);
if (ret != LDB_SUCCESS) return ret;
*/
static int replmd_check_upgrade_links(struct parsed_dn *dns, uint32_t count, const struct GUID *invocation_id)
{
- int i;
+ uint32_t i;
for (i=0; i<count; i++) {
NTSTATUS status;
uint32_t version;
uint32_t version, bool deleted)
{
struct ldb_dn *dn = dsdb_dn->dn;
- const char *tstring, *usn_string;
+ const char *tstring, *usn_string, *flags_string;
struct ldb_val tval;
struct ldb_val iid;
struct ldb_val usnv, local_usnv;
- struct ldb_val vers;
+ struct ldb_val vers, flagsv;
const struct ldb_val *old_addtime;
uint32_t old_version;
NTSTATUS status;
int ret;
const char *dnstring;
char *vstring;
+ uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
if (!tstring) {
return LDB_ERR_OPERATIONS_ERROR;
}
- if (deleted) {
- struct ldb_val dv;
- dv = data_blob_string_const("1");
- ret = ldb_dn_set_extended_component(dn, "DELETED", &dv);
- } else {
- ret = ldb_dn_set_extended_component(dn, "DELETED", NULL);
+ flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
+ if (!flags_string) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
+ flagsv = data_blob_string_const(flags_string);
+
+ ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
if (ret != LDB_SUCCESS) return ret;
/* get the ADDTIME from the original */
time_t t,
struct GUID *msg_guid)
{
- int i;
+ unsigned int i;
struct parsed_dn *dns, *old_dns;
TALLOC_CTX *tmp_ctx = talloc_new(msg);
int ret;
} else {
/* this is only allowed if the GUID was
previously deleted. */
- const struct ldb_val *v;
- v = ldb_dn_get_extended_component(p->dsdb_dn->dn, "DELETED");
- if (v == NULL) {
+ uint32_t rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
+
+ if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
ldb_asprintf_errstring(ldb, "Attribute %s already exists for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
talloc_free(tmp_ctx);
time_t t,
struct GUID *msg_guid)
{
- int i;
+ unsigned int i;
struct parsed_dn *dns, *old_dns;
TALLOC_CTX *tmp_ctx = talloc_new(msg);
int ret;
for (i=0; i<el->num_values; i++) {
struct parsed_dn *p = &dns[i];
struct parsed_dn *p2;
- const struct ldb_val *v;
+ uint32_t rmd_flags;
p2 = parsed_dn_find(old_dns, old_el->num_values, p->guid, NULL);
if (!p2) {
el->name, GUID_string(tmp_ctx, p->guid));
return LDB_ERR_NO_SUCH_ATTRIBUTE;
}
- v = ldb_dn_get_extended_component(p2->dsdb_dn->dn, "DELETED");
- if (v) {
+ rmd_flags = dsdb_dn_rmd_flags(p2->dsdb_dn->dn);
+ if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
ldb_asprintf_errstring(ldb, "Attribute %s already deleted for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
return LDB_ERR_NO_SUCH_ATTRIBUTE;
*/
for (i=0; i<old_el->num_values; i++) {
struct parsed_dn *p = &old_dns[i];
- const struct ldb_val *v;
+ uint32_t rmd_flags;
if (el->num_values && parsed_dn_find(dns, el->num_values, p->guid, NULL) == NULL) {
continue;
}
- v = ldb_dn_get_extended_component(p->dsdb_dn->dn, "DELETED");
- if (v != NULL) continue;
+ rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
+ if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
ret = replmd_update_la_val(old_el->values, p->v, p->dsdb_dn, p->dsdb_dn,
invocation_id, seq_num, seq_num, now, 0, true);
time_t t,
struct GUID *msg_guid)
{
- int i;
+ unsigned int i;
struct parsed_dn *dns, *old_dns;
TALLOC_CTX *tmp_ctx = talloc_new(msg);
int ret;
const struct GUID *invocation_id;
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_val *new_values = NULL;
- uint32_t num_new_values = 0;
- unsigned old_num_values = old_el?old_el->num_values:0;
+ unsigned int num_new_values = 0;
+ unsigned int old_num_values = old_el?old_el->num_values:0;
NTTIME now;
unix_to_nt_time(&now, t);
for (i=0; i<old_num_values; i++) {
struct parsed_dn *old_p = &old_dns[i];
struct parsed_dn *p;
- const struct ldb_val *v;
+ uint32_t rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);
- v = ldb_dn_get_extended_component(old_p->dsdb_dn->dn, "DELETED");
- if (v) continue;
+ if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
ret = replmd_add_backlink(module, schema, msg_guid, old_dns[i].guid, false, schema_attr, false);
if (ret != LDB_SUCCESS) {
uint64_t seq_num, time_t t)
{
struct ldb_result *res;
- int ret, i;
+ unsigned int i;
+ int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_message *old_msg;
struct dsdb_schema *schema = dsdb_get_schema(ldb);
}
ldb_msg_add_empty(old_msg, el->name, 0, &new_el);
new_el->num_values = el->num_values;
- new_el->values = el->values;
+ new_el->values = talloc_steal(msg->elements, el->values);
/* TODO: this relises a bit too heavily on the exact
behaviour of ldb_msg_find_element and
struct ldb_message *msg;
time_t t = time(NULL);
int ret;
+ bool is_urgent = false;
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.mod.message->dn)) {
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = replmd_update_rpmd(module, ac->schema, msg, &ac->seq_num, t);
+ ldb_msg_remove_attr(msg, "whenChanged");
+ ldb_msg_remove_attr(msg, "uSNChanged");
+
+ ret = replmd_update_rpmd(module, ac->schema, msg, &ac->seq_num, t, &is_urgent);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
* - replace the old object with the newly constructed one
*/
+ ac->is_urgent = is_urgent;
+
ret = ldb_build_mod_req(&down_req, ldb, ac,
msg,
req->controls,
struct ldb_message_element *el,
const struct dsdb_attribute *sa)
{
- int i;
+ unsigned int i;
TALLOC_CTX *tmp_ctx = talloc_new(module);
struct ldb_context *ldb = ldb_module_get_ctx(module);
"oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
"securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
"trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated",
- NULL};
- uint32_t el_count = 0;
- int i;
+ "whenChanged", NULL};
+ unsigned int i, el_count = 0;
+
+ if (ldb_dn_is_special(req->op.del.dn)) {
+ return ldb_next_request(module, req);
+ }
tmp_ctx = talloc_new(ldb);
}
old_msg = res->msgs[0];
+ if (ldb_msg_check_string_attribute(old_msg, "isDeleted", "TRUE")) {
+ struct auth_session_info *session_info =
+ (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ if (security_session_user_level(session_info) != SECURITY_SYSTEM) {
+ ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
+ ldb_dn_get_linearized(old_msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ /* it is already deleted - really remove it this time */
+ talloc_free(tmp_ctx);
+ return ldb_next_request(module, req);
+ }
+
/* work out where we will be renaming this object to */
ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn, &new_dn);
if (ret != LDB_SUCCESS) {
continue;
}
- if (sa->linkID) {
+ if (sa->linkID && sa->linkID & 1) {
ret = replmd_delete_remove_link(module, schema, old_dn, el, sa);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
+ continue;
}
if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
struct ldb_message *msg;
struct replPropertyMetaDataBlob *md;
struct ldb_val md_value;
- uint32_t i;
+ unsigned int i;
int ret;
/*
const struct ldb_val *omd_value;
struct replPropertyMetaDataBlob nmd;
struct ldb_val nmd_value;
- uint32_t i,j,ni=0;
- uint32_t removed_attrs = 0;
+ unsigned int i;
+ uint32_t j,ni=0;
+ unsigned int removed_attrs = 0;
int ret;
ldb = ldb_module_get_ctx(ar->module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_request rename %s => %s\n",
ldb_dn_get_linearized(ar->search_msg->dn),
ldb_dn_get_linearized(msg->dn));
- /* we can't use dsdb_module_rename() here as we need
- the rename call to be intercepted by this module, to
- allow it to process linked attribute changes */
- if (ldb_rename(ldb, ar->search_msg->dn, msg->dn) != LDB_SUCCESS) {
+ if (dsdb_module_rename(ar->module,
+ ar->search_msg->dn, msg->dn,
+ DSDB_FLAG_OWN_MODULE) != LDB_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_replicated_request rename %s => %s failed - %s\n",
ldb_dn_get_linearized(ar->search_msg->dn),
ldb_dn_get_linearized(msg->dn),
break;
}
- DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n",
- msg->elements[i-removed_attrs].name,
- ldb_dn_get_linearized(msg->dn),
- GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
+ if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType) {
+ DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n",
+ msg->elements[i-removed_attrs].name,
+ ldb_dn_get_linearized(msg->dn),
+ GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
+ }
/* we don't want to apply this change so remove the attribute */
ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]);
struct repsFromToBlob nrf;
struct ldb_val *nrf_value = NULL;
struct ldb_message_element *nrf_el = NULL;
- uint32_t i,j,ni=0;
+ unsigned int i;
+ uint32_t j,ni=0;
bool found = false;
time_t t = time(NULL);
NTTIME now;
/*
* sort the cursors
*/
- qsort(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count,
- sizeof(struct drsuapi_DsReplicaCursor2),
- (comparison_fn_t)drsuapi_DsReplicaCursor2_compare);
+ TYPESAFE_QSORT(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, drsuapi_DsReplicaCursor2_compare);
/*
* create the change ldb_message
struct dsdb_extended_replicated_objects *objs;
struct replmd_replicated_request *ar;
struct ldb_control **ctrls;
- int ret, i;
+ int ret;
+ uint32_t i;
struct replmd_private *replmd_private =
talloc_get_type(ldb_module_get_private(module), struct replmd_private);
const struct dsdb_attribute *attr;
struct dsdb_dn *dsdb_dn;
uint64_t seq_num = 0;
- struct drsuapi_DsReplicaAttribute drs;
- struct drsuapi_DsAttributeValue val;
- struct ldb_message_element new_el, *old_el;
+ struct ldb_message_element *old_el;
WERROR status;
time_t t = time(NULL);
struct ldb_result *res;
bool active = (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?true:false;
const struct GUID *our_invocation_id;
- drs.value_ctr.num_values = 1;
- drs.value_ctr.values = &val;
- val.blob = la->value.blob;
-
/*
linked_attributes[0]:
&objs->linked_attributes[i]: struct drsuapi_DsReplicaLinkedAttribute
return ret;
}
- status = attr->syntax->drsuapi_to_ldb(ldb, schema, attr, &drs, tmp_ctx, &new_el);
+ status = dsdb_dn_la_from_blob(ldb, attr, schema, tmp_ctx, la->value.blob, &dsdb_dn);
if (!W_ERROR_IS_OK(status)) {
- ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s\n",
- old_el->name, ldb_dn_get_linearized(msg->dn));
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- if (new_el.num_values != 1) {
- ldb_asprintf_errstring(ldb, "Failed to find value in linked attribute blob for %s on %s\n",
- old_el->name, ldb_dn_get_linearized(msg->dn));
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, &new_el.values[0], attr->syntax->ldap_oid);
- if (!dsdb_dn) {
- ldb_asprintf_errstring(ldb, "Failed to parse DN in linked attribute blob for %s on %s\n",
- old_el->name, ldb_dn_get_linearized(msg->dn));
+ ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s - %s\n",
+ old_el->name, ldb_dn_get_linearized(msg->dn), win_errstr(status));
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_ERR_OPERATIONS_ERROR;
}
+ /* re-resolve the DN by GUID, as the DRS server may give us an
+ old DN value */
+ ret = dsdb_module_dn_by_guid(module, dsdb_dn, &guid, &dsdb_dn->dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to re-resolve GUID %s",
+ GUID_string(tmp_ctx, &guid));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
/* see if this link already exists */
pdn = parsed_dn_find(pdn_list, old_el->num_values, &guid, dsdb_dn->dn);
if (pdn != NULL) {
struct GUID invocation_id = GUID_zero();
uint32_t version = 0;
NTTIME change_time = 0;
- bool was_active = ldb_dn_get_extended_component(pdn->dsdb_dn->dn, "DELETED") == NULL;
+ uint32_t rmd_flags = dsdb_dn_rmd_flags(pdn->dsdb_dn->dn);
dsdb_get_extended_dn_guid(pdn->dsdb_dn->dn, &invocation_id, "RMD_INVOCID");
dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &version, "RMD_VERSION");
return ret;
}
- if (was_active) {
+ if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
/* remove the existing backlink */
ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid, false, attr, false);
if (ret != LDB_SUCCESS) {
/* walk the list backwards, to do the first entry first, as we
* added the entries with DLIST_ADD() which puts them at the
* start of the list */
- for (la = replmd_private->la_list; la && la->next; la=la->next) ;
-
- for (; la; la=prev) {
- prev = la->prev;
+ for (la = DLIST_TAIL(replmd_private->la_list); la; la=prev) {
+ prev = DLIST_PREV(la);
DLIST_REMOVE(replmd_private->la_list, la);
ret = replmd_process_linked_attribute(module, la);
if (ret != LDB_SUCCESS) {