TODO s4-kcc: Sets the isRecyled attributes on deleted entries when needed

The check-deleted task now checks if the object should have the
isRecycled=TRUE attribute and do have it.

TODO: I think before we add this commit, we should add the simple
isRecycled handling and transfer deleted objects into recycled objects,
instead of always delete records from the database...
NOTE: maybe this already happens by the interaction with the ldb module,
if so, we should add a comments...

diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c
index 63bb97c08dcc4a5f20f8681a87a2bbc8d3bd4203..f3965d8fc3f209d61134b939fa7e51dfd1e786e2 100644 (file)
--- a/source4/dsdb/kcc/kcc_deleted.c
+++ b/source4/dsdb/kcc/kcc_deleted.c
@@ -45,6 +45,8 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
        int ret;
        uint32_t tombstoneLifetime;
        bool do_fs = false;
+       const struct dsdb_schema *schema;
+       const struct dsdb_attribute *isRecycled = NULL;
 
        time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv",
                                                    "check_deleted_full_scan_interval", 86400);
@@ -55,6 +57,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
                return NT_STATUS_OK;
        }
        s->last_deleted_check = t;
+       DEBUG(11, ("Check deleted has kicked in !\n"));
 
        ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime);
        if (ret != LDB_SUCCESS) {
@@ -78,10 +81,17 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
                s->last_full_scan_deleted_check = t - ((9 * interval) / 10);
        }
 
+       schema = dsdb_get_schema(s->samdb, mem_ctx);
+       if (!schema) {
+               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+       }
+
+       isRecycled = dsdb_attribute_by_lDAPDisplayName(schema, "isRecycled");
+
        for (part=s->partitions; part; part=part->next) {
                struct ldb_dn *do_dn;
                struct ldb_result *res;
-               const char *attrs[] = { "whenChanged", NULL };
+               const char *attrs[] = { "whenChanged", "isRecycled", "msDS-LastKnownRDN", NULL };
                unsigned int i;
                TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
                if (!tmp_ctx) {
@@ -136,6 +146,38 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
                                        DEBUG(4,("Removed deleted object %s\n",
                                                 ldb_dn_get_linearized(res->msgs[i]->dn)));
                                }
+                       } else if (isRecycled &&
+                                  !ldb_msg_find_ldb_val(res->msgs[i], "isRecycled") &&
+                                  !ldb_msg_find_ldb_val(res->msgs[i], "msDS-LastKnownRDN")) {
+                               /*
+                                * There is no isRecycled attribute and no
+                                * msDS-LastKnownRDN attribute, then we
+                                * should add isRecycled: TRUE if the schema
+                                * supports it.
+                                */
+
+                               DEBUG(1,("Adding isRecycled to %s\n",
+                                       ldb_dn_get_linearized(res->msgs[i]->dn)));
+
+                               struct ldb_message *msg = ldb_msg_new(mem_ctx);
+                               if (msg == NULL) {
+                                       talloc_free(do_dn);
+                                       return NT_STATUS_NO_MEMORY;
+                               }
+
+                               msg->dn = res->msgs[i]->dn;
+                               ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
+                               if (ret != LDB_SUCCESS) {
+                                       talloc_free(do_dn);
+                                       return NT_STATUS_NO_MEMORY;
+                               }
+                               msg->elements[msg->num_elements - 1].flags = LDB_FLAG_MOD_ADD;
+
+                               ret = dsdb_modify(s->samdb, msg, DSDB_SEARCH_SHOW_DELETED);
+                               if (ret != LDB_SUCCESS) {
+                                       talloc_free(do_dn);
+                                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+                               }
                        }
                }