The Samba-Bugzilla – Attachment 11912 Details for
Bug 11783
Mismatch between local and remote attribute ids lets replication fail with custom schema
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-4-test
tmp44.diff.txt (text/plain), 4.09 KB, created by
Stefan Metzmacher
on 2016-03-14 01:36:48 UTC
(
hide
)
Description:
Patch for v4-4-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2016-03-14 01:36:48 UTC
Size:
4.09 KB
patch
obsolete
>From 6ab4cf906ffe4dc448da8780908920ac99035ce8 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 10 Mar 2016 13:43:15 +1300 >Subject: [PATCH] dsdb/repl: Ensure we use the LOCAL attid value, not the > remote one > >The key here is that while this never was an issue for builtin schema, >nor for objects with an msDS-IntID used outside the schema partition, >additional attributes added and used in the schema partition were >incorrectly using the wrong attributeID value in the replPropertyMetaData. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11783 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Sun Mar 13 23:29:14 CET 2016 on sn-devel-144 > >(cherry picked from commit 6ecfc4cb254f9b2524ec5619ed8cee9db5d959b2) >--- > source4/dsdb/repl/replicated_objects.c | 18 ++++++++++++++---- > source4/dsdb/schema/schema_syntax.c | 12 +++++++++++- > 2 files changed, 25 insertions(+), 5 deletions(-) > >diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c >index e9225f5..a112e18 100644 >--- a/source4/dsdb/repl/replicated_objects.c >+++ b/source4/dsdb/repl/replicated_objects.c >@@ -455,7 +455,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, > } > if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) { > WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, >- a, msg->elements, e); >+ a, msg->elements, e, NULL); > if (W_ERROR_IS_OK(get_name_status)) { > DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n", > e->name, ldb_dn_get_linearized(msg->dn))); >@@ -467,11 +467,21 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, > return status; > } > >+ /* >+ * This function also fills in the local attid value, >+ * based on comparing the remote and local prefixMap >+ * tables. If we don't convert the value, then we can >+ * have invalid values in the replPropertyMetaData we >+ * store on disk, as the prefixMap is per host, not >+ * per-domain. This may be why Microsoft added the >+ * msDS-IntID feature, however this is not used for >+ * extra attributes in the schema partition itself. >+ */ > status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, >- a, msg->elements, e); >+ a, msg->elements, e, >+ &m->attid); > W_ERROR_NOT_OK_RETURN(status); > >- m->attid = a->attid; > m->version = d->version; > m->originating_change_time = d->originating_change_time; > m->originating_invocation_id = d->originating_invocation_id; >@@ -1038,7 +1048,7 @@ static WERROR dsdb_origin_object_convert(struct ldb_context *ldb, > e = &msg->elements[i]; > > status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap, >- a, msg->elements, e); >+ a, msg->elements, e, NULL); > W_ERROR_NOT_OK_RETURN(status); > } > >diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c >index f9c50b8..5cf1664 100644 >--- a/source4/dsdb/schema/schema_syntax.c >+++ b/source4/dsdb/schema/schema_syntax.c >@@ -2701,7 +2701,8 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb, > const struct dsdb_schema_prefixmap *pfm_remote, > const struct drsuapi_DsReplicaAttribute *in, > TALLOC_CTX *mem_ctx, >- struct ldb_message_element *out) >+ struct ldb_message_element *out, >+ enum drsuapi_DsAttributeId *local_attid_as_enum) > { > const struct dsdb_attribute *sa; > struct dsdb_syntax_ctx syntax_ctx; >@@ -2737,6 +2738,15 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb, > return WERR_DS_ATT_NOT_DEF_IN_SCHEMA; > } > >+ /* >+ * We return the same class of attid as we were given. That >+ * is, we trust the remote server not to use an >+ * msDS-IntId value in the schema partition >+ */ >+ if (local_attid_as_enum != NULL) { >+ *local_attid_as_enum = (enum drsuapi_DsAttributeId)attid_local; >+ } >+ > return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out); > } > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11912">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review?
(
abartlet
)
garming
:
review+
Actions:
View
Attachments on
bug 11783
: 11912 |
11913