The Samba-Bugzilla – Attachment 12416 Details for
Bug 12187
Backport changes for partial attribute set calculation for 4.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Backport for 4.5
partialattr.patch (text/plain), 49.63 KB, created by
Garming Sam
on 2016-08-29 04:49:50 UTC
(
hide
)
Description:
Backport for 4.5
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2016-08-29 04:49:50 UTC
Size:
49.63 KB
patch
obsolete
>From 4c1a756f24a04fa8a0ac0ac8288a0d729f7c8853 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 25 Aug 2016 11:33:16 +1200 >Subject: [PATCH 01/12] tests/schemainfo: run dsdb schema info tests with > proper URI > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit fd49b44e0296348c835168f336297fd969e63c50) >--- > source4/dsdb/tests/python/dsdb_schema_info.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/dsdb/tests/python/dsdb_schema_info.py b/source4/dsdb/tests/python/dsdb_schema_info.py >index 18c2f08..e7933f4 100755 >--- a/source4/dsdb/tests/python/dsdb_schema_info.py >+++ b/source4/dsdb/tests/python/dsdb_schema_info.py >@@ -51,7 +51,7 @@ class SchemaInfoTestCase(samba.tests.TestCase): > > # connect SamDB if we haven't yet > if self.sam_db is None: >- ldb_url = samba.tests.env_get_var_value("DC_SERVER") >+ ldb_url = "ldap://%s" % samba.tests.env_get_var_value("DC_SERVER") > SchemaInfoTestCase.sam_db = samba.tests.connect_samdb(ldb_url) > > # fetch rootDSE >-- >1.9.1 > > >From 3b64223e275adffd32161dde95484409d49b820f Mon Sep 17 00:00:00 2001 >From: Bob Campbell <bobcampbell@catalyst.net.nz> >Date: Mon, 15 Aug 2016 16:19:20 +1200 >Subject: [PATCH 02/12] getncchanges: Fix some whitespace > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> > >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 9563dab562cb2dfe4c226f03156bec0bf6eef847) >--- > source4/rpc_server/drsuapi/getncchanges.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c >index f002836..f692429 100644 >--- a/source4/rpc_server/drsuapi/getncchanges.c >+++ b/source4/rpc_server/drsuapi/getncchanges.c >@@ -1606,7 +1606,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ > DATA_BLOB session_key; > WERROR werr; > struct dcesrv_handle *h; >- struct drsuapi_bind_state *b_state; >+ struct drsuapi_bind_state *b_state; > struct drsuapi_getncchanges_state *getnc_state; > struct drsuapi_DsGetNCChangesRequest10 *req10; > uint32_t options; >@@ -1688,7 +1688,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ > if (samdb_ntds_options(sam_ctx, &options) != LDB_SUCCESS) { > return WERR_DS_DRA_INTERNAL_ERROR; > } >- >+ > if ((options & DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL) && > !(req10->replica_flags & DRSUAPI_DRS_SYNC_FORCED)) { > return WERR_DS_DRA_SOURCE_DISABLED; >-- >1.9.1 > > >From cc1e219dfea8a6825e50d52c59f55cc71a96e9de Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Tue, 16 Aug 2016 10:53:39 +1200 >Subject: [PATCH 03/12] replicated_objects: Add missing newline for debug > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 216c0319c744c39848ae5da7d15dccb6769ea20a) >--- > source4/dsdb/repl/replicated_objects.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c >index 89d288a..46b0b66 100644 >--- a/source4/dsdb/repl/replicated_objects.c >+++ b/source4/dsdb/repl/replicated_objects.c >@@ -306,7 +306,7 @@ WERROR dsdb_repl_make_working_schema(struct ldb_context *ldb, > werr = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true, > working_schema, &pfm_remote, NULL); > if (!W_ERROR_IS_OK(werr)) { >- DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s", >+ DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n", > win_errstr(werr))); > talloc_free(working_schema); > return werr; >@@ -667,7 +667,7 @@ WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb, > status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true, > out, &pfm_remote, NULL); > if (!W_ERROR_IS_OK(status)) { >- DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s", >+ DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n", > win_errstr(status))); > talloc_free(out); > return status; >-- >1.9.1 > > >From c3216dd01218bf5957e9d2c9603bcaccd319dad2 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 11 Aug 2016 14:28:27 +1200 >Subject: [PATCH 04/12] drepl_out: Send the prefix map alongside the RODC > partial attribute set > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 317bbc4d0528dca03d94d61c38b038d314f8cad8) >--- > source4/dsdb/repl/drepl_out_helpers.c | 17 +++++++++++++---- > 1 file changed, 13 insertions(+), 4 deletions(-) > >diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c >index 9fe8c3b..5292747 100644 >--- a/source4/dsdb/repl/drepl_out_helpers.c >+++ b/source4/dsdb/repl/drepl_out_helpers.c >@@ -302,6 +302,7 @@ static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq); > static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service *service, > TALLOC_CTX *mem_ctx, > struct drsuapi_DsPartialAttributeSet **_pas, >+ struct drsuapi_DsReplicaOIDMapping_Ctr **pfm, > bool for_schema) > { > struct drsuapi_DsPartialAttributeSet *pas; >@@ -340,6 +341,11 @@ static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service > } > > *_pas = pas; >+ >+ if (pfm != NULL) { >+ dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm); >+ } >+ > return NT_STATUS_OK; > } > >@@ -427,6 +433,7 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) > uint32_t replica_flags; > struct drsuapi_DsReplicaHighWaterMark highwatermark; > struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb); >+ struct drsuapi_DsReplicaOIDMapping_Ctr *mappings = NULL; > > r = talloc(state, struct drsuapi_DsGetNCChanges); > if (tevent_req_nomem(r, req)) { >@@ -488,8 +495,10 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) > if (ldb_dn_compare_base(schema_dn, partition->dn) == 0) { > for_schema = true; > } >- >- status = dreplsrv_get_rodc_partial_attribute_set(service, r, &pas, for_schema); >+ status = dreplsrv_get_rodc_partial_attribute_set(service, r, >+ &pas, >+ &mappings, >+ for_schema); > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,(__location__ ": Failed to construct RODC partial attribute set : %s\n", nt_errstr(status))); > tevent_req_nterror(req, status); >@@ -538,8 +547,8 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) > r->in.req->req8.fsmo_info = state->op->fsmo_info; > r->in.req->req8.partial_attribute_set = pas; > r->in.req->req8.partial_attribute_set_ex= NULL; >- r->in.req->req8.mapping_ctr.num_mappings= 0; >- r->in.req->req8.mapping_ctr.mappings = NULL; >+ r->in.req->req8.mapping_ctr.num_mappings= mappings == NULL ? 0 : mappings->num_mappings; >+ r->in.req->req8.mapping_ctr.mappings = mappings == NULL ? NULL : mappings->mappings; > } else { > r->in.level = 5; > r->in.req->req5.destination_dsa_guid = service->ntds_guid; >-- >1.9.1 > > >From c9e1847dad61c202716fc2960772403c9c49ac37 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 18 Aug 2016 13:18:28 +1200 >Subject: [PATCH 05/12] drepl_out: Send the prefix map alongside the global > catalog partial attribute set > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 0ea126c63c1d5a0081b90a914c9ad7227cf7b748) >--- > source4/dsdb/repl/drepl_out_helpers.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c >index 5292747..ac0b947 100644 >--- a/source4/dsdb/repl/drepl_out_helpers.c >+++ b/source4/dsdb/repl/drepl_out_helpers.c >@@ -355,7 +355,8 @@ static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service > */ > static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *service, > TALLOC_CTX *mem_ctx, >- struct drsuapi_DsPartialAttributeSet **_pas) >+ struct drsuapi_DsPartialAttributeSet **_pas, >+ struct drsuapi_DsReplicaOIDMapping_Ctr **pfm) > { > struct drsuapi_DsPartialAttributeSet *pas; > struct dsdb_schema *schema; >@@ -389,6 +390,11 @@ static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *s > } > > *_pas = pas; >+ >+ if (pfm != NULL) { >+ dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm); >+ } >+ > return NT_STATUS_OK; > } > >@@ -483,7 +489,9 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) > } > > if (partition->partial_replica) { >- status = dreplsrv_get_gc_partial_attribute_set(service, r, &pas); >+ status = dreplsrv_get_gc_partial_attribute_set(service, r, >+ &pas, >+ &mappings); > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,(__location__ ": Failed to construct GC partial attribute set : %s\n", nt_errstr(status))); > tevent_req_nterror(req, status); >-- >1.9.1 > > >From a88f03ab6bfb2e64c79aea6af6fc65d05393b2b7 Mon Sep 17 00:00:00 2001 >From: Bob Campbell <bobcampbell@catalyst.net.nz> >Date: Mon, 15 Aug 2016 16:19:09 +1200 >Subject: [PATCH 06/12] tests/getnc_exop: Ensure we do the fallback if not > given a PAS > >This will cause silent errors in the translation, but as far as we know, >Windows will accept it just fine. > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 1673590e8ec3001c6909a78e004f64433060a624) >--- > selftest/flapping | 1 + > source4/torture/drs/python/getnc_exop.py | 53 ++++++++++++++++++++++++++++++-- > 2 files changed, 52 insertions(+), 2 deletions(-) > >diff --git a/selftest/flapping b/selftest/flapping >index 50fdf1e..c4b5481 100644 >--- a/selftest/flapping >+++ b/selftest/flapping >@@ -34,3 +34,4 @@ > ^samba3.blackbox.smbclient_tar.* # fails very, very often on sn-devel > ^samba3.blackbox.smbclient_s3.*.sending a message to the remote server # flakey on sn-devel-104 and sn-devel-144 > ^samba3.blackbox.smbclient_s3.*.creating a good symlink and deleting it by path # flakey on sn-devel-104 and sn-devel-144 >+^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.* >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index ca6c443..97894bc 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -79,7 +79,7 @@ class AbstractLink: > > class ExopBaseTest: > def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop, >- replica_flags=0, max_objects=0): >+ replica_flags=0, max_objects=0, partial_attribute_set=None): > req8 = drsuapi.DsGetNCChangesRequest8() > > req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID() >@@ -96,7 +96,7 @@ class ExopBaseTest: > req8.max_ndr_size = 402116 > req8.extended_op = exop > req8.fsmo_info = 0 >- req8.partial_attribute_set = None >+ req8.partial_attribute_set = partial_attribute_set > req8.partial_attribute_set_ex = None > req8.mapping_ctr.num_mappings = 0 > req8.mapping_ctr.mappings = None >@@ -285,6 +285,55 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > # We don't check the linked_attributes_count as if the domain > # has an RODC, it can gain links on the server account object > >+class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): >+ def setUp(self): >+ super(DrsReplicaPrefixMapTestCase, self).setUp() >+ self.base_dn = self.ldb_dc1.get_default_basedn() >+ self.ou = "ou=pfm_exop,%s" % self.base_dn >+ self.ldb_dc1.add({ >+ "dn": self.ou, >+ "objectclass": "organizationalUnit"}) >+ self.user = "cn=testuser,%s" % self.ou >+ self.ldb_dc1.add({ >+ "dn": self.user, >+ "objectclass": "user"}) >+ >+ def tearDown(self): >+ super(DrsReplicaPrefixMapTestCase, self).tearDown() >+ try: >+ self.ldb_dc1.delete(self.ou, ["tree_delete:1"]) >+ except ldb.LdbError as (enum, string): >+ if enum == ldb.ERR_NO_SUCH_OBJECT: >+ pass >+ >+ def get_partial_attribute_set(self): >+ partial_attribute_set = drsuapi.DsPartialAttributeSet() >+ attids = [drsuapi.DRSUAPI_ATTID_objectClass, >+ drsuapi.DRSUAPI_ATTID_description, >+ drsuapi.DRSUAPI_ATTID_displayName] >+ partial_attribute_set.attids = attids >+ partial_attribute_set.num_attids = len(attids) >+ return partial_attribute_set >+ >+ def test_missing_prefix_map_dsa(self): >+ partial_attribute_set = self.get_partial_attribute_set() >+ >+ dc_guid_1 = self.ldb_dc1.get_invocation_id() >+ >+ drs, drs_handle = self._ds_bind(self.dnsname_dc1) >+ >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set) >+ >+ try: >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ self.assertEqual(ctr.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS) >+ except Exception: >+ self.fail("Missing prefixmap shouldn't have triggered an error") >+ > class DrsReplicaSyncSortTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > def setUp(self): > super(DrsReplicaSyncSortTestCase, self).setUp() >-- >1.9.1 > > >From 66fc0c6fed2b60809e05e6d6939baba606fb0ef6 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 17 Aug 2016 14:26:55 +1200 >Subject: [PATCH 07/12] tests/getnc_exop: Ensure that all attids are valid in a > given PAS > >On Windows this does not seem to fail, but causes silent errors. > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 7f3ef150751452411db1e0c5b2ca6d8af2769d5c) >--- > source4/torture/drs/python/getnc_exop.py | 66 ++++++++++++++++++++++++++++---- > 1 file changed, 59 insertions(+), 7 deletions(-) > >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index 97894bc..858d02e 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -79,7 +79,8 @@ class AbstractLink: > > class ExopBaseTest: > def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop, >- replica_flags=0, max_objects=0, partial_attribute_set=None): >+ replica_flags=0, max_objects=0, partial_attribute_set=None, >+ mapping_ctr=None): > req8 = drsuapi.DsGetNCChangesRequest8() > > req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID() >@@ -98,8 +99,11 @@ class ExopBaseTest: > req8.fsmo_info = 0 > req8.partial_attribute_set = partial_attribute_set > req8.partial_attribute_set_ex = None >- req8.mapping_ctr.num_mappings = 0 >- req8.mapping_ctr.mappings = None >+ if mapping_ctr: >+ req8.mapping_ctr = mapping_ctr >+ else: >+ req8.mapping_ctr.num_mappings = 0 >+ req8.mapping_ctr.mappings = None > > return req8 > >@@ -306,11 +310,8 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > if enum == ldb.ERR_NO_SUCH_OBJECT: > pass > >- def get_partial_attribute_set(self): >+ def get_partial_attribute_set(self, attids=[drsuapi.DRSUAPI_ATTID_objectClass]): > partial_attribute_set = drsuapi.DsPartialAttributeSet() >- attids = [drsuapi.DRSUAPI_ATTID_objectClass, >- drsuapi.DRSUAPI_ATTID_description, >- drsuapi.DRSUAPI_ATTID_displayName] > partial_attribute_set.attids = attids > partial_attribute_set.num_attids = len(attids) > return partial_attribute_set >@@ -334,6 +335,57 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > except Exception: > self.fail("Missing prefixmap shouldn't have triggered an error") > >+ def test_invalid_prefix_map_attid(self): >+ # Request for invalid attid >+ partial_attribute_set = self.get_partial_attribute_set([99999]) >+ >+ pfm = self._samdb_fetch_pfm_and_schi() >+ >+ dc_guid_1 = self.ldb_dc1.get_invocation_id() >+ >+ drs, drs_handle = self._ds_bind(self.dnsname_dc1) >+ >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ mapping_ctr=pfm) >+ >+ try: >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ self.fail("Invalid attid (99999) should have triggered an error") >+ except Exception as (ecode, emsg): >+ self.assertEqual(ecode, 0x000020E2, "Error code should have been " >+ "WERR_DS_DRA_SCHEMA_MISMATCH") >+ >+ def _samdb_fetch_pfm_and_schi(self): >+ """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection""" >+ samdb = self.ldb_dc1 >+ res = samdb.search(base=samdb.get_schema_basedn(), scope=SCOPE_BASE, >+ attrs=["prefixMap", "schemaInfo"]) >+ >+ pfm = ndr_unpack(drsblobs.prefixMapBlob, >+ str(res[0]['prefixMap'])) >+ >+ schi = drsuapi.DsReplicaOIDMapping() >+ schi.id_prefix = 0 >+ >+ if 'schemaInfo' in res[0]: >+ schi.oid.length = len(map(ord, str(res[0]['schemaInfo']))) >+ schi.oid.binary_oid = map(ord, str(res[0]['schemaInfo'])) >+ else: >+ schema_info = drsblobs.schemaInfoBlob() >+ schema_info.revision = 0 >+ schema_info.marker = 0xFF >+ schema_info.invocation_id = misc.GUID(samdb.get_invocation_id()) >+ schi.oid.length = len(map(ord, ndr_pack(schema_info))) >+ schi.oid.binary_oid = map(ord, ndr_pack(schema_info)) >+ >+ pfm.ctr.mappings = pfm.ctr.mappings + [schi] >+ pfm.ctr.num_mappings += 1 >+ return pfm.ctr >+ > class DrsReplicaSyncSortTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > def setUp(self): > super(DrsReplicaSyncSortTestCase, self).setUp() >-- >1.9.1 > > >From 6eb63953e13de70081d940b336174fa5339cc132 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 17 Aug 2016 16:04:49 +1200 >Subject: [PATCH 08/12] tests/getnc_exop: Ensure the remote prefixmap is always > used (secret attrs) > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 1f4ea1686ff1575406b5e8e488feb7b900db12ef) >--- > source4/torture/drs/python/getnc_exop.py | 91 ++++++++++++++++++++++++++++++-- > 1 file changed, 86 insertions(+), 5 deletions(-) > >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index 858d02e..d4f8f1d 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -332,19 +332,27 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > try: > (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) > self.assertEqual(ctr.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS) >- except Exception: >+ except RuntimeError: > self.fail("Missing prefixmap shouldn't have triggered an error") > > def test_invalid_prefix_map_attid(self): > # Request for invalid attid > partial_attribute_set = self.get_partial_attribute_set([99999]) > >- pfm = self._samdb_fetch_pfm_and_schi() >- > dc_guid_1 = self.ldb_dc1.get_invocation_id() >- > drs, drs_handle = self._ds_bind(self.dnsname_dc1) > >+ try: >+ pfm = self._samdb_fetch_pfm_and_schi() >+ except KeyError: >+ # On Windows, prefixMap isn't available over LDAP >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ pfm = ctr.mapping_ctr >+ > req8 = self._exop_req8(dest_dsa=None, > invocation_id=dc_guid_1, > nc_dn_str=self.user, >@@ -355,10 +363,83 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > try: > (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) > self.fail("Invalid attid (99999) should have triggered an error") >- except Exception as (ecode, emsg): >+ except RuntimeError as (ecode, emsg): > self.assertEqual(ecode, 0x000020E2, "Error code should have been " > "WERR_DS_DRA_SCHEMA_MISMATCH") > >+ def test_secret_prefix_map_attid(self): >+ # Request for a secret attid >+ partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd]) >+ >+ dc_guid_1 = self.ldb_dc1.get_invocation_id() >+ drs, drs_handle = self._ds_bind(self.dnsname_dc1) >+ >+ try: >+ pfm = self._samdb_fetch_pfm_and_schi() >+ except KeyError: >+ # On Windows, prefixMap isn't available over LDAP >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ pfm = ctr.mapping_ctr >+ >+ >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the unicodePwd attribute back") >+ >+ for i, mapping in enumerate(pfm.mappings): >+ # OID: 2.5.4.* >+ # objectClass: 2.5.4.0 >+ if mapping.oid.binary_oid == [85, 4]: >+ idx1 = i >+ # OID: 1.2.840.113556.1.4.* >+ # unicodePwd: 1.2.840.113556.1.4.90 >+ elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]: >+ idx2 = i >+ >+ (pfm.mappings[idx1].id_prefix, >+ pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix, >+ pfm.mappings[idx1].id_prefix) >+ >+ tmp = pfm.mappings >+ tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1] >+ pfm.mappings = tmp >+ >+ # 90 for unicodePwd (with new prefix = 0) >+ partial_attribute_set = self.get_partial_attribute_set([90]) >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the unicodePwd attribute back") >+ > def _samdb_fetch_pfm_and_schi(self): > """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection""" > samdb = self.ldb_dc1 >-- >1.9.1 > > >From 782ee212bbe0817ea2d7c65af82311b86e5c4e3e Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 17 Aug 2016 16:36:58 +1200 >Subject: [PATCH 09/12] tests/getnc_exop: Ensure the remote prefixmap is always > used (name attr) > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit e495d1b2ed9aca45ce696dd8cc54458002ca0c3a) >--- > source4/torture/drs/python/getnc_exop.py | 73 ++++++++++++++++++++++++++++++++ > 1 file changed, 73 insertions(+) > >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index d4f8f1d..3de1f8b 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -440,6 +440,79 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > > self.assertTrue(found, "Ensure we get the unicodePwd attribute back") > >+ def test_regular_prefix_map_attid(self): >+ # Request for a regular (non-secret) attid >+ partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_name]) >+ >+ dc_guid_1 = self.ldb_dc1.get_invocation_id() >+ drs, drs_handle = self._ds_bind(self.dnsname_dc1) >+ >+ try: >+ pfm = self._samdb_fetch_pfm_and_schi() >+ except KeyError: >+ # On Windows, prefixMap isn't available over LDAP >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ pfm = ctr.mapping_ctr >+ >+ >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_name: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the name attribute back") >+ >+ for i, mapping in enumerate(pfm.mappings): >+ # OID: 2.5.4.* >+ # objectClass: 2.5.4.0 >+ if mapping.oid.binary_oid == [85, 4]: >+ idx1 = i >+ # OID: 1.2.840.113556.1.4.* >+ # name: 1.2.840.113556.1.4.1 >+ elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]: >+ idx2 = i >+ >+ (pfm.mappings[idx1].id_prefix, >+ pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix, >+ pfm.mappings[idx1].id_prefix) >+ >+ tmp = pfm.mappings >+ tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1] >+ pfm.mappings = tmp >+ >+ # 1 for name (with new prefix = 0) >+ partial_attribute_set = self.get_partial_attribute_set([1]) >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_name: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the name attribute back") >+ > def _samdb_fetch_pfm_and_schi(self): > """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection""" > samdb = self.ldb_dc1 >-- >1.9.1 > > >From 49edfed629bd2c60fb0045e6541fe68b9ca577dc Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 18 Aug 2016 15:20:06 +1200 >Subject: [PATCH 10/12] tests/getnc_exop: PartialAttrSetEx test (passes > Windows, fails us) > >This has an odd behaviour where PartialAttrSetEx does not respect the >incoming mapping. PartialAttrSetEx is not respected in Samba at all. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 36df826154ed90e92f877e6f36269893c44a2a16) >--- > source4/torture/drs/python/getnc_exop.py | 100 ++++++++++++++++++++++++++++++- > 1 file changed, 98 insertions(+), 2 deletions(-) > >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index 3de1f8b..8224df1 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -80,7 +80,7 @@ class AbstractLink: > class ExopBaseTest: > def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop, > replica_flags=0, max_objects=0, partial_attribute_set=None, >- mapping_ctr=None): >+ partial_attribute_set_ex=None, mapping_ctr=None): > req8 = drsuapi.DsGetNCChangesRequest8() > > req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID() >@@ -98,7 +98,7 @@ class ExopBaseTest: > req8.extended_op = exop > req8.fsmo_info = 0 > req8.partial_attribute_set = partial_attribute_set >- req8.partial_attribute_set_ex = None >+ req8.partial_attribute_set_ex = partial_attribute_set_ex > if mapping_ctr: > req8.mapping_ctr = mapping_ctr > else: >@@ -513,6 +513,102 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > > self.assertTrue(found, "Ensure we get the name attribute back") > >+ def test_regular_prefix_map_ex_attid(self): >+ # Request for a regular (non-secret) attid >+ partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_name]) >+ partial_attribute_set_ex = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd]) >+ >+ dc_guid_1 = self.ldb_dc1.get_invocation_id() >+ drs, drs_handle = self._ds_bind(self.dnsname_dc1) >+ >+ try: >+ pfm = self._samdb_fetch_pfm_and_schi() >+ except KeyError: >+ # On Windows, prefixMap isn't available over LDAP >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ pfm = ctr.mapping_ctr >+ >+ >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ partial_attribute_set_ex=partial_attribute_set_ex, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_name: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the name attribute back") >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the unicodePwd attribute back") >+ >+ for i, mapping in enumerate(pfm.mappings): >+ # OID: 2.5.4.* >+ # objectClass: 2.5.4.0 >+ if mapping.oid.binary_oid == [85, 4]: >+ idx1 = i >+ # OID: 1.2.840.113556.1.4.* >+ # name: 1.2.840.113556.1.4.1 >+ # unicodePwd: 1.2.840.113556.1.4.90 >+ elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]: >+ idx2 = i >+ >+ (pfm.mappings[idx1].id_prefix, >+ pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix, >+ pfm.mappings[idx1].id_prefix) >+ >+ tmp = pfm.mappings >+ tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1] >+ pfm.mappings = tmp >+ >+ # 1 for name (with new prefix = 0) >+ partial_attribute_set = self.get_partial_attribute_set([1]) >+ # 90 for unicodePwd (with new prefix = 0) >+ # HOWEVER: Windows doesn't seem to respect incoming maps for PartialAttrSetEx >+ partial_attribute_set_ex = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd]) >+ req8 = self._exop_req8(dest_dsa=None, >+ invocation_id=dc_guid_1, >+ nc_dn_str=self.user, >+ exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, >+ partial_attribute_set=partial_attribute_set, >+ partial_attribute_set_ex=partial_attribute_set_ex, >+ mapping_ctr=pfm) >+ >+ (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_name: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the name attribute back") >+ >+ found = False >+ for attr in ctr.first_object.object.attribute_ctr.attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ found = True >+ break >+ >+ self.assertTrue(found, "Ensure we get the unicodePwd attribute back") >+ > def _samdb_fetch_pfm_and_schi(self): > """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection""" > samdb = self.ldb_dc1 >-- >1.9.1 > > >From 377071e8032ded0c07aa7ddc58098e704bb36546 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Mon, 15 Aug 2016 14:10:38 +1200 >Subject: [PATCH 11/12] getncchanges: Compute the partial attribute set from > the remote schema > >This doesn't fix the partialAttrSetEx case, so the test is left in the >knownfail file. > >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit 1a96f9329e718acac195e75a5156b1c147ad54ff) >--- > selftest/flapping | 1 - > selftest/knownfail | 1 + > source4/rpc_server/drsuapi/getncchanges.c | 193 +++++++++++++++++++++++++----- > 3 files changed, 165 insertions(+), 30 deletions(-) > >diff --git a/selftest/flapping b/selftest/flapping >index c4b5481..50fdf1e 100644 >--- a/selftest/flapping >+++ b/selftest/flapping >@@ -34,4 +34,3 @@ > ^samba3.blackbox.smbclient_tar.* # fails very, very often on sn-devel > ^samba3.blackbox.smbclient_s3.*.sending a message to the remote server # flakey on sn-devel-104 and sn-devel-144 > ^samba3.blackbox.smbclient_s3.*.creating a good symlink and deleting it by path # flakey on sn-devel-104 and sn-devel-144 >-^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.* >diff --git a/selftest/knownfail b/selftest/knownfail >index ffcaf06..3b28589 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -290,3 +290,4 @@ > ^samba4.smb2.read.access > #ntvfs server blocks copychunk with execute access on read handle > ^samba4.smb2.ioctl.copy_chunk_bad_access >+^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* >diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c >index f692429..c1de242 100644 >--- a/source4/rpc_server/drsuapi/getncchanges.c >+++ b/source4/rpc_server/drsuapi/getncchanges.c >@@ -133,24 +133,57 @@ static bool udv_filter(const struct drsuapi_DsReplicaCursorCtrEx *udv, > > } > >-static int attid_cmp(enum drsuapi_DsAttributeId a1, enum drsuapi_DsAttributeId a2) >+static int uint32_t_cmp(uint32_t a1, uint32_t a2) > { > if (a1 == a2) return 0; >- return ((uint32_t)a1) > ((uint32_t)a2) ? 1 : -1; >+ return a1 > a2 ? 1 : -1; > } > >-/* >- check if an attribute is in a partial_attribute_set >- */ >-static bool check_partial_attribute_set(const struct dsdb_attribute *sa, >- struct drsuapi_DsPartialAttributeSet *pas) >+static int uint32_t_ptr_cmp(uint32_t *a1, uint32_t *a2, void *unused) > { >- enum drsuapi_DsAttributeId *result; >- BINARY_ARRAY_SEARCH_V(pas->attids, pas->num_attids, (enum drsuapi_DsAttributeId)sa->attributeID_id, >- attid_cmp, result); >- return result != NULL; >+ if (*a1 == *a2) return 0; >+ return *a1 > *a2 ? 1 : -1; > } > >+static WERROR getncchanges_attid_remote_to_local(const struct dsdb_schema *schema, >+ const struct dsdb_syntax_ctx *ctx, >+ enum drsuapi_DsAttributeId remote_attid_as_enum, >+ enum drsuapi_DsAttributeId *local_attid_as_enum, >+ const struct dsdb_attribute **_sa) >+{ >+ WERROR werr; >+ const struct dsdb_attribute *sa = NULL; >+ >+ if (ctx->pfm_remote == NULL) { >+ DEBUG(7, ("No prefixMap supplied, falling back to local prefixMap.\n")); >+ goto fail; >+ } >+ >+ werr = dsdb_attribute_drsuapi_remote_to_local(ctx, >+ remote_attid_as_enum, >+ local_attid_as_enum, >+ _sa); >+ if (!W_ERROR_IS_OK(werr)) { >+ DEBUG(3, ("WARNING: Unable to resolve remote attid, falling back to local prefixMap.\n")); >+ goto fail; >+ } >+ >+ return werr; >+fail: >+ >+ sa = dsdb_attribute_by_attributeID_id(schema, remote_attid_as_enum); >+ if (sa == NULL) { >+ return WERR_DS_DRA_SCHEMA_MISMATCH; >+ } else { >+ if (local_attid_as_enum != NULL) { >+ *local_attid_as_enum = sa->attributeID_id; >+ } >+ if (_sa != NULL) { >+ *_sa = sa; >+ } >+ return WERR_OK; >+ } >+} > > /* > drsuapi_DsGetNCChanges for one object >@@ -167,7 +200,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem > struct drsuapi_DsPartialAttributeSet *partial_attribute_set, > struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector, > enum drsuapi_DsExtendedOperation extended_op, >- bool force_object_return) >+ bool force_object_return, >+ uint32_t *local_pas) > { > const struct ldb_val *md_value; > uint32_t i, n; >@@ -294,8 +328,13 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem > } > > /* filter by partial_attribute_set */ >- if (partial_attribute_set && !check_partial_attribute_set(sa, partial_attribute_set)) { >- continue; >+ if (partial_attribute_set) { >+ uint32_t *result = NULL; >+ BINARY_ARRAY_SEARCH_V(local_pas, partial_attribute_set->num_attids, sa->attributeID_id, >+ uint32_t_cmp, result); >+ if (result == NULL) { >+ continue; >+ } > } > > obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time; >@@ -1185,11 +1224,13 @@ static WERROR getncchanges_change_master(struct drsuapi_bind_state *b_state, > */ > static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state *b_state, > struct drsuapi_DsGetNCChangesRequest10 *req10, >+ struct dsdb_schema_prefixmap *pfm_remote, > bool *is_secret_request) > { > enum drsuapi_DsExtendedOperation exop; > uint32_t i; > struct dsdb_schema *schema; >+ struct dsdb_syntax_ctx syntax_ctx; > > *is_secret_request = true; > >@@ -1223,14 +1264,24 @@ static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state > } > > schema = dsdb_get_schema(b_state->sam_ctx, NULL); >+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema); >+ syntax_ctx.pfm_remote = pfm_remote; > > /* check the attributes they asked for */ > for (i=0; i<req10->partial_attribute_set->num_attids; i++) { > const struct dsdb_attribute *sa; >- sa = dsdb_attribute_by_attributeID_id(schema, req10->partial_attribute_set->attids[i]); >- if (sa == NULL) { >- return WERR_DS_DRA_SCHEMA_MISMATCH; >+ WERROR werr = getncchanges_attid_remote_to_local(schema, >+ &syntax_ctx, >+ req10->partial_attribute_set->attids[i], >+ NULL, >+ &sa); >+ >+ if (!W_ERROR_IS_OK(werr)) { >+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n", >+ req10->partial_attribute_set->attids[i], win_errstr(werr))); >+ return werr; > } >+ > if (!dsdb_attr_in_rodc_fas(sa)) { > *is_secret_request = true; > return WERR_OK; >@@ -1241,10 +1292,18 @@ static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state > /* check the extended attributes they asked for */ > for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) { > const struct dsdb_attribute *sa; >- sa = dsdb_attribute_by_attributeID_id(schema, req10->partial_attribute_set_ex->attids[i]); >- if (sa == NULL) { >- return WERR_DS_DRA_SCHEMA_MISMATCH; >+ WERROR werr = getncchanges_attid_remote_to_local(schema, >+ &syntax_ctx, >+ req10->partial_attribute_set_ex->attids[i], >+ NULL, >+ &sa); >+ >+ if (!W_ERROR_IS_OK(werr)) { >+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n", >+ req10->partial_attribute_set_ex->attids[i], win_errstr(werr))); >+ return werr; > } >+ > if (!dsdb_attr_in_rodc_fas(sa)) { > *is_secret_request = true; > return WERR_OK; >@@ -1262,11 +1321,13 @@ static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state > */ > static WERROR dcesrv_drsuapi_is_gc_pas_request(struct drsuapi_bind_state *b_state, > struct drsuapi_DsGetNCChangesRequest10 *req10, >+ struct dsdb_schema_prefixmap *pfm_remote, > bool *is_gc_pas_request) > { > enum drsuapi_DsExtendedOperation exop; > uint32_t i; > struct dsdb_schema *schema; >+ struct dsdb_syntax_ctx syntax_ctx; > > exop = req10->extended_op; > >@@ -1291,14 +1352,24 @@ static WERROR dcesrv_drsuapi_is_gc_pas_request(struct drsuapi_bind_state *b_stat > } > > schema = dsdb_get_schema(b_state->sam_ctx, NULL); >+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema); >+ syntax_ctx.pfm_remote = pfm_remote; > > /* check the attributes they asked for */ > for (i=0; i<req10->partial_attribute_set->num_attids; i++) { > const struct dsdb_attribute *sa; >- sa = dsdb_attribute_by_attributeID_id(schema, req10->partial_attribute_set->attids[i]); >- if (sa == NULL) { >- return WERR_DS_DRA_SCHEMA_MISMATCH; >+ WERROR werr = getncchanges_attid_remote_to_local(schema, >+ &syntax_ctx, >+ req10->partial_attribute_set->attids[i], >+ NULL, >+ &sa); >+ >+ if (!W_ERROR_IS_OK(werr)) { >+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n", >+ req10->partial_attribute_set->attids[i], win_errstr(werr))); >+ return werr; > } >+ > if (!sa->isMemberOfPartialAttributeSet) { > *is_gc_pas_request = false; > return WERR_OK; >@@ -1309,10 +1380,18 @@ static WERROR dcesrv_drsuapi_is_gc_pas_request(struct drsuapi_bind_state *b_stat > /* check the extended attributes they asked for */ > for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) { > const struct dsdb_attribute *sa; >- sa = dsdb_attribute_by_attributeID_id(schema, req10->partial_attribute_set_ex->attids[i]); >- if (sa == NULL) { >- return WERR_DS_DRA_SCHEMA_MISMATCH; >+ WERROR werr = getncchanges_attid_remote_to_local(schema, >+ &syntax_ctx, >+ req10->partial_attribute_set_ex->attids[i], >+ NULL, >+ &sa); >+ >+ if (!W_ERROR_IS_OK(werr)) { >+ DEBUG(0,(__location__": attid 0x%08X not found: %s\n", >+ req10->partial_attribute_set_ex->attids[i], win_errstr(werr))); >+ return werr; > } >+ > if (!sa->isMemberOfPartialAttributeSet) { > *is_gc_pas_request = false; > return WERR_OK; >@@ -1629,6 +1708,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ > bool has_get_all_changes = false; > struct GUID invocation_id; > static const struct drsuapi_DsReplicaLinkedAttribute no_linked_attr; >+ struct dsdb_schema_prefixmap *pfm_remote = NULL; >+ bool full = true; >+ uint32_t *local_pas = NULL; > > DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); > b_state = h->data; >@@ -1706,9 +1788,35 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ > return werr; > } > >+ if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) { >+ full = req10->partial_attribute_set == NULL && >+ req10->partial_attribute_set_ex == NULL; >+ } else { >+ full = (options & DRSUAPI_DRS_WRIT_REP) != 0; >+ } >+ >+ werr = dsdb_schema_pfm_from_drsuapi_pfm(&req10->mapping_ctr, true, >+ mem_ctx, &pfm_remote, NULL); >+ >+ /* We were supplied a partial attribute set, without the prefix map! */ >+ if (!full && !W_ERROR_IS_OK(werr)) { >+ if (req10->mapping_ctr.num_mappings == 0) { >+ /* >+ * Despite the fact MS-DRSR specifies that this shouldn't >+ * happen, Windows RODCs will in fact not provide a prefixMap. >+ */ >+ DEBUG(5,(__location__ ": Failed to provide a remote prefixMap," >+ " falling back to local prefixMap\n")); >+ } else { >+ DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n", >+ win_errstr(werr))); >+ return werr; >+ } >+ } >+ > /* allowed if the GC PAS and client has > GUID_DRS_GET_FILTERED_ATTRIBUTES */ >- werr = dcesrv_drsuapi_is_gc_pas_request(b_state, req10, &is_gc_pas_request); >+ werr = dcesrv_drsuapi_is_gc_pas_request(b_state, req10, pfm_remote, &is_gc_pas_request); > if (!W_ERROR_IS_OK(werr)) { > return werr; > } >@@ -1723,7 +1831,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ > } > } > >- werr = dcesrv_drsuapi_is_reveal_secrets_request(b_state, req10, &is_secret_request); >+ werr = dcesrv_drsuapi_is_reveal_secrets_request(b_state, req10, >+ pfm_remote, >+ &is_secret_request); > if (!W_ERROR_IS_OK(werr)) { > return werr; > } >@@ -2040,6 +2150,30 @@ allowed: > * 10 seconds by default. > */ > max_wait = lpcfg_parm_int(dce_call->conn->dce_ctx->lp_ctx, NULL, "drs", "max work time", 10); >+ >+ if (req10->partial_attribute_set != NULL) { >+ struct dsdb_syntax_ctx syntax_ctx; >+ uint32_t j = 0; >+ >+ dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema); >+ syntax_ctx.pfm_remote = pfm_remote; >+ >+ local_pas = talloc_array(b_state, uint32_t, req10->partial_attribute_set->num_attids); >+ >+ for (j = 0; j < req10->partial_attribute_set->num_attids; j++) { >+ getncchanges_attid_remote_to_local(schema, >+ &syntax_ctx, >+ req10->partial_attribute_set->attids[j], >+ (enum drsuapi_DsAttributeId *)&local_pas[j], >+ NULL); >+ } >+ >+ LDB_TYPESAFE_QSORT(local_pas, >+ req10->partial_attribute_set->num_attids, >+ NULL, >+ uint32_t_ptr_cmp); >+ } >+ > for (i=getnc_state->num_processed; > i<getnc_state->num_records && > !null_scope && >@@ -2093,7 +2227,8 @@ allowed: > req10->partial_attribute_set, > req10->uptodateness_vector, > req10->extended_op, >- max_wait_reached); >+ max_wait_reached, >+ local_pas); > if (!W_ERROR_IS_OK(werr)) { > return werr; > } >-- >1.9.1 > > >From be9bf2fb8fcb250d8a308c67c35897da06f36a04 Mon Sep 17 00:00:00 2001 >From: Bob Campbell <bobcampbell@catalyst.net.nz> >Date: Mon, 22 Aug 2016 14:43:41 +1200 >Subject: [PATCH 12/12] tests/getnc_exop: Ensure that attribute list sorting is > correct > >With a binary search, this can only be tested on 3+ elements. > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> > >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Garming Sam <garming@samba.org> >Autobuild-Date(master): Thu Aug 25 14:22:25 CEST 2016 on sn-devel-144 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187 > >(cherry picked from commit cb243d86d892cb148d01dd87f29f86f3e2c1ebd0) >--- > source4/torture/drs/python/getnc_exop.py | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py >index 8224df1..d058e66 100644 >--- a/source4/torture/drs/python/getnc_exop.py >+++ b/source4/torture/drs/python/getnc_exop.py >@@ -422,7 +422,9 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): > pfm.mappings = tmp > > # 90 for unicodePwd (with new prefix = 0) >- partial_attribute_set = self.get_partial_attribute_set([90]) >+ # 589824, 589827 for objectClass and CN >+ # Use of three ensures sorting is correct >+ partial_attribute_set = self.get_partial_attribute_set([90, 589824, 589827]) > req8 = self._exop_req8(dest_dsa=None, > invocation_id=dc_guid_1, > nc_dn_str=self.user, >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12416">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
garming
:
review?
(
metze
)
Actions:
View
Attachments on
bug 12187
: 12416