s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modify

This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.

Signed-off-by: Matthieu Patou <mat@matws.net>

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104

source4/dsdb/samdb/ldb_modules/rootdse.c

@@ -1209,6 +1209,36 @@ static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request
 	return ldb_module_done(req, NULL, NULL, ret);
 }
 
+static int rootdse_schemaupgradeinprogress(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *ext_res;
+	int ret = LDB_SUCCESS;
+	struct ldb_dn *schema_dn;
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		ldb_reset_err_string(ldb);
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "rootdse_modify: no schema dn present: (skip ldb_extended call)\n");
+		return ldb_next_request(module, req);
+	}
+
+	/* FIXME we have to do something in order to relax constraints for DRS
+	 * setting schemaUpgradeInProgress cause the fschemaUpgradeInProgress
+	 * in all LDAP connection (2K3/2K3R2) or in the current connection (2K8 and +)
+	 * to be set to true.
+	 */
+
+	/* from 5.113 LDAPConnections in DRSR.pdf
+	 * fschemaUpgradeInProgress: A Boolean that specifies certain constraint
+	 * validations are skipped when adding, updating, or removing directory
+	 * objects on the opened connection. The skipped constraint validations
+	 * are documented in the applicable constraint sections in [MS-ADTS].
+	 */
+	return ldb_module_done(req, NULL, NULL, ret);
+}
+
 static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
 {
 	struct ldb_context *ldb = ldb_module_get_ctx(module);
@@ -1378,6 +1408,9 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
 	if (ldb_msg_find_element(req->op.mod.message, "enableOptionalFeature")) {
 		return rootdse_enableoptionalfeature(module, req);
 	}
+	if (ldb_msg_find_element(req->op.mod.message, "schemaUpgradeInProgress")) {
+		return rootdse_schemaupgradeinprogress(module, req);
+	}
 
 	ldb_set_errstring(ldb, "rootdse_modify: unknown attribute to change!");
 	return LDB_ERR_UNWILLING_TO_PERFORM;

source4/dsdb/samdb/samdb.h

@@ -167,6 +167,8 @@ struct dsdb_create_partition_exop {
  */
 #define DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID "1.3.6.1.4.1.7165.4.4.2"
 
+#define DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID "1.3.6.1.4.1.7165.4.4.6"
+
 #define DSDB_OPENLDAP_DEREFERENCE_CONTROL "1.3.6.1.4.1.4203.666.5.16"
 
 struct dsdb_openldap_dereference {

source4/libcli/ldap/ldap_controls.c

@@ -1182,6 +1182,7 @@ static const struct ldap_control_handler ldap_known_controls[] = {
 	{ DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, NULL, NULL },
 	{ DSDB_EXTENDED_ALLOCATE_RID_POOL, NULL, NULL },
 	{ DSDB_CONTROL_NO_GLOBAL_CATALOG, NULL, NULL },
+	{ DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID, NULL, NULL },
 	{ NULL, NULL, NULL }
 };
 

source4/setup/schema_samba4.ldif

@@ -202,6 +202,7 @@
 #Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3
 #Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4
 #Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5
+#Allocated: DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID 1.3.6.1.4.1.7165.4.4.6
 
 
 ############