#include "lib/util/binsearch.h"
#include "lib/util/tsort.h"
+/*
+ * It's 29/12/9999 at 23:59:59 UTC as specified in MS-ADTS 7.1.1.4.2
+ * Deleted Objects Container
+ */
+static const NTTIME DELETED_OBJECT_CONTAINER_CHANGE_TIME = 2650466015990000000ULL;
+
struct replmd_private {
TALLOC_CTX *la_ctx;
struct la_entry *la_list;
m->attid = sa->attributeID_id;
m->version = 1;
- m->originating_change_time = now;
+ if (m->attid == 0x20030) {
+ const struct ldb_val *rdn_val = ldb_dn_get_rdn_val(msg->dn);
+ const char* rdn;
+
+ if (rdn_val == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ac);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ rdn = (const char*)rdn_val->data;
+ if (strcmp(rdn, "Deleted Objects") == 0) {
+ /*
+ * Set the originating_change_time to 29/12/9999 at 23:59:59
+ * as specified in MS-ADTS 7.1.1.4.2 Deleted Objects Container
+ */
+ m->originating_change_time = DELETED_OBJECT_CONTAINER_CHANGE_TIME;
+ } else {
+ m->originating_change_time = now;
+ }
+ } else {
+ m->originating_change_time = now;
+ }
m->originating_invocation_id = *our_invocation_id;
m->originating_usn = ac->seq_num;
m->local_usn = ac->seq_num;
return LDB_SUCCESS;
}
- /* if the attribute's value haven't changed then return LDB_SUCCESS */
+ /* if the attribute's value haven't changed then return LDB_SUCCESS
+ * Unless we have the provision control or if the attribute is
+ * interSiteTopologyGenerator as this page explain: http://support.microsoft.com/kb/224815
+ * this attribute is periodicaly written by the DC responsible for the intersite generation
+ * in a given site
+ */
if (old_el != NULL && ldb_msg_element_compare(el, old_el) == 0) {
- if (!ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID)) {
+ if (strcmp(el->name, "interSiteTopologyGenerator") != 0 &&
+ !ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID)) {
/*
* allow this to make it possible for dbcheck
* to rebuild broken metadata
md1 = &omd->ctr.ctr1.array[i];
md1->version++;
md1->attid = a->attributeID_id;
- md1->originating_change_time = now;
+ if (md1->attid == 0x20030) {
+ const struct ldb_val *rdn_val = ldb_dn_get_rdn_val(msg->dn);
+ const char* rdn;
+
+ if (rdn_val == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ rdn = (const char*)rdn_val->data;
+ if (strcmp(rdn, "Deleted Objects") == 0) {
+ /*
+ * Set the originating_change_time to 29/12/9999 at 23:59:59
+ * as specified in MS-ADTS 7.1.1.4.2 Deleted Objects Container
+ */
+ md1->originating_change_time = DELETED_OBJECT_CONTAINER_CHANGE_TIME;
+ } else {
+ md1->originating_change_time = now;
+ }
+ } else {
+ md1->originating_change_time = now;
+ }
md1->originating_invocation_id = *our_invocation_id;
md1->originating_usn = *seq_num;
md1->local_usn = *seq_num;
const char * const *rename_attrs,
struct ldb_message *msg, uint64_t *seq_num,
time_t t,
- bool *is_urgent)
+ bool *is_urgent, bool *rodc)
{
const struct ldb_val *omd_value;
enum ndr_err_code ndr_err;
struct ldb_context *ldb;
struct ldb_message_element *objectclass_el;
enum urgent_situation situation;
- bool rodc, rmd_is_provided;
+ bool rmd_is_provided;
if (rename_attrs) {
attrs = rename_attrs;
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS, req);
- if (ret != LDB_SUCCESS || res->count != 1) {
- DEBUG(0,(__location__ ": Object %s failed to find uSNChanged\n",
- ldb_dn_get_linearized(msg->dn)));
- return LDB_ERR_OPERATIONS_ERROR;
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
DSDB_SEARCH_SHOW_EXTENDED_DN |
DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
DSDB_SEARCH_REVEAL_INTERNALS, req);
- if (ret != LDB_SUCCESS || res->count != 1) {
- DEBUG(0,(__location__ ": Object %s failed to find replPropertyMetaData\n",
- ldb_dn_get_linearized(msg->dn)));
- return LDB_ERR_OPERATIONS_ERROR;
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
unsigned instanceType;
- ret = samdb_rodc(ldb, &rodc);
+ ret = samdb_rodc(ldb, rodc);
if (ret != LDB_SUCCESS) {
DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
- } else if (rodc) {
- ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
+ } else if (*rodc) {
+ ldb_set_errstring(ldb, "RODC modify is forbidden!");
return LDB_ERR_REFERRAL;
}
struct ldb_message *msg;
time_t t = time(NULL);
int ret;
- bool is_urgent = false;
- struct loadparm_context *lp_ctx;
- char *referral;
+ bool is_urgent = false, rodc = false;
unsigned int functional_level;
const DATA_BLOB *guid_blob;
functional_level = dsdb_functional_level(ldb);
- lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
- struct loadparm_context);
-
/* we have to copy the message as the caller might have it as a const */
msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
if (msg == NULL) {
ldb_msg_remove_attr(msg, "uSNChanged");
ret = replmd_update_rpmd(module, ac->schema, req, NULL,
- msg, &ac->seq_num, t, &is_urgent);
- if (ret == LDB_ERR_REFERRAL) {
+ msg, &ac->seq_num, t, &is_urgent, &rodc);
+ if (rodc && (ret == LDB_ERR_REFERRAL)) {
+ struct loadparm_context *lp_ctx;
+ char *referral;
+
+ lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+ struct loadparm_context);
+
referral = talloc_asprintf(req,
"ldap://%s/%s",
lpcfg_dnsdomain(lp_ctx),
ldb_dn_get_linearized(msg->dn));
ret = ldb_module_send_referral(req, referral);
talloc_free(ac);
- return ldb_module_done(req, NULL, NULL, ret);
+ return ret;
}
if (ret != LDB_SUCCESS) {
ret = add_time_element(msg, "whenChanged", t);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
+ ldb_operr(ldb);
return ret;
}
ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
+ ldb_operr(ldb);
return ret;
}
}
const char *attrs[5] = { NULL, };
time_t t = time(NULL);
int ret;
- bool is_urgent = false;
+ bool is_urgent = false, rodc = false;
ac = talloc_get_type(req->context, struct replmd_replicated_request);
ldb = ldb_module_get_ctx(ac->module);
attrs[4] = NULL;
ret = replmd_update_rpmd(ac->module, ac->schema, req, attrs,
- msg, &ac->seq_num, t, &is_urgent);
- if (ret == LDB_ERR_REFERRAL) {
+ msg, &ac->seq_num, t, &is_urgent, &rodc);
+ if (rodc && (ret == LDB_ERR_REFERRAL)) {
struct ldb_dn *olddn = ac->req->op.rename.olddn;
struct loadparm_context *lp_ctx;
char *referral;
if (ret != LDB_SUCCESS) {
talloc_free(ares);
- return ldb_module_done(ac->req, NULL, NULL,
- ldb_error(ldb, ret,
- "failed to call replmd_update_rpmd()"));
+ return ldb_module_done(ac->req, NULL, NULL, ret);
}
if (ac->seq_num == 0) {
ret = add_time_element(msg, "whenChanged", t);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
+ ldb_operr(ldb);
return ret;
}
ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
+ ldb_operr(ldb);
return ret;
}
OBJECT_TOMBSTONE=4, OBJECT_REMOVED=5 };
enum deletion_state deletion_state, next_deletion_state;
bool enabled;
- int functional_level;
if (ldb_dn_is_special(req->op.del.dn)) {
return ldb_next_request(module, req);
return LDB_ERR_OPERATIONS_ERROR;
}
- functional_level = dsdb_functional_level(ldb);
-
old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
/* we need the complete msg off disk, so we can work out which
case OBJECT_RECYCLED:
case OBJECT_TOMBSTONE:
- /* we also mark it as recycled, meaning this object can't be
- recovered (we are stripping its attributes) */
- if (functional_level >= DS_DOMAIN_FUNCTION_2008_R2) {
+ /*
+ * we also mark it as recycled, meaning this object can't be
+ * recovered (we are stripping its attributes).
+ * This is done only if we have this schema object of course ...
+ * This behavior is identical to the one of Windows 2008R2 which
+ * always set the isRecycled attribute, even if the recycle-bin is
+ * not activated and what ever the forest level is.
+ */
+ if (dsdb_attribute_by_lDAPDisplayName(schema, "isRecycled") != NULL) {
ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to add isRecycled string to the msg\n"));
/* we only change whenChanged and uSNChanged if the seq_num
has changed */
- if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
+ ret = add_time_element(msg, "whenChanged", t);
+ if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
- return ldb_operr(ldb);
+ ldb_operr(ldb);
+ return ret;
}
- if (add_uint64_element(ldb, msg, "uSNChanged",
- seq_num) != LDB_SUCCESS) {
+ ret = add_uint64_element(ldb, msg, "uSNChanged", seq_num);
+ if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
- return ldb_operr(ldb);
+ ldb_operr(ldb);
+ return ret;
}
old_el = ldb_msg_find_element(msg, attr->lDAPDisplayName);