sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST

Browse Source 
Add the 'reveal_internals' controls when performing objectclass-based
checks of mandatory attributes. This prevents the extended_dn DSDB
module from suppressing attributes that point to deleted (i.e.
non-existent/expunged) objects.

This ensures that, when modifying an object (and often not even
touching the mandatory attribute) that the fact that an attribute is a
DN, and the DN target is deleted, that the schema check will still pass.

Otherwise a fromServer pointing at a dead server can cause failures,
i.e. you can't modify the affected object at all, because the DSDB
thinks a mandatory attribute is missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit 4092b369ae)
This commit is contained in:
Andrew Bartlett 2018-09-12 14:48:04 -05:00 committed by Karolin Seeger
parent 24a02a31b5
commit 40533f0552
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
selftest/knownfail.d/attr_from_server
View File

@ -1,5 +0,0 @@
# test currently fails because once we have a fromServer attribute that points
# to a non-existent object, the extended_dn DSDB module then suppresses that
# attribute, which means the object is missing a mandatory attribute, thus
# invalidating the schema
^samba4.tests.attr_from_server.python\(ad_dc_ntvfs\).__main__.FromServerAttrTest.test_dangling_server_attr\(ad_dc_ntvfs:local\)

11
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
View File

@ -617,6 +617,17 @@ static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares)
return ldb_module_done(ac->req, NULL, NULL, ret);
}
/*
* This ensures we see if there was a DN, that pointed at an
* object that is now deleted, that we still consider the
* schema check to have passed
*/
ret = ldb_request_add_control(search_req, LDB_CONTROL_REVEAL_INTERNALS,
false, NULL);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
ret = ldb_next_request(ac->module, search_req);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);