Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local

.gitignore

@@ -55,7 +55,7 @@ source/ldap_server/proto.h
 source/lib/db_wrap_proto.h
 source/lib/charset/charset_proto.h
 source/lib/cmdline/credentials.h
-source/lib/ldb/samba/ldif_handlers.h
+source/lib/ldb/samba/ldif_handlers_proto.h
 source/lib/registry/regf.h
 source/lib/registry/tdr_regf.c
 source/lib/registry/tdr_regf.h

source/build/m4/check_path.m4

@@ -24,7 +24,7 @@ winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged"
 ntp_signd_socket_dir="${localstatedir}/run/ntp_signd"
 
 AC_ARG_WITH(fhs, 
-[  --with-fhs              Use FHS-compliant paths (default=no)],
+[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])],
     lockdir="${localstatedir}/lib/samba"
     piddir="${localstatedir}/run/samba"
     logfilebase="${localstatedir}/log/samba"
@@ -41,7 +41,7 @@ AC_ARG_WITH(fhs,
 #################################################
 # set private directory location
 AC_ARG_WITH(privatedir,
-[  --with-privatedir=DIR   Where to put sam.ldb and other private files containing key material ($ac_default_prefix/private)],
+[AS_HELP_STRING([--with-privatedir=DIR],[Where to put sam.ldb and other private files containing key material ($ac_default_prefix/private)])],
 [ case "$withval" in
   yes|no)
   #
@@ -57,7 +57,7 @@ AC_ARG_WITH(privatedir,
 #################################################
 # set where the winbindd socket should be put
 AC_ARG_WITH(winbindd-socket-dir,
-[  --with-winbindd-socket-dir=DIR   Where to put the winbindd socket ($winbindd_socket_dir)],
+[AS_HELP_STRING([--with-winbindd-socket-dir=DIR],[Where to put the winbindd socket ($winbindd_socket_dir)])],
 [ case "$withval" in
   yes|no)
   #
@@ -73,7 +73,7 @@ AC_ARG_WITH(winbindd-socket-dir,
 #################################################
 # set where the winbindd privilaged socket should be put
 AC_ARG_WITH(winbindd-privileged-socket-dir,
-[  --with-winbindd-privileged-socket-dir=DIR   Where to put the winbindd socket ($winbindd_privileged_socket_dir)],
+[AS_HELP_STRING([--with-winbindd-privileged-socket-dir=DIR],[Where to put the winbindd socket ($winbindd_privileged_socket_dir)])],
 [ case "$withval" in
   yes|no)
   #
@@ -86,26 +86,10 @@ AC_ARG_WITH(winbindd-privileged-socket-dir,
     ;;
   esac])
 
-#################################################
-# set where the winbindd privilaged socket should be put
-AC_ARG_WITH(winbindd-socket-dir,
-[  --with-winbindd-socket-dir=DIR   Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default])
-  ;;
-  * )
-    winbindd_socket_dir="$withval"
-    ;;
-  esac])
-
 #################################################
 # set where the NTP signing deamon socket should be put
 AC_ARG_WITH(ntp-signd-socket-dir,
-[  --with-ntp-signd-socket-dir=DIR   Where to put the NTP signing deamon socket ($ac_default_prefix/run/ntp_signd)],
+[AS_HELP_STRING([--with-ntp-signd-socket-dir=DIR],[Where to put the NTP signing deamon socket ($ac_default_prefix/run/ntp_signd)])],
 [ case "$withval" in
   yes|no)
   #
@@ -121,7 +105,7 @@ AC_ARG_WITH(ntp-signd-socket-dir,
 #################################################
 # set lock directory location
 AC_ARG_WITH(lockdir,
-[  --with-lockdir=DIR      Where to put lock files ($ac_default_prefix/var/locks)],
+[AS_HELP_STRING([--with-lockdir=DIR],[Where to put lock files ($ac_default_prefix/var/locks)])],
 [ case "$withval" in
   yes|no)
   #
@@ -137,7 +121,7 @@ AC_ARG_WITH(lockdir,
 #################################################
 # set pid directory location
 AC_ARG_WITH(piddir,
-[  --with-piddir=DIR       Where to put pid files ($ac_default_prefix/var/locks)],
+[AS_HELP_STRING([--with-piddir=DIR],[Where to put pid files ($ac_default_prefix/var/locks)])],
 [ case "$withval" in
   yes|no)
   #
@@ -153,7 +137,7 @@ AC_ARG_WITH(piddir,
 #################################################
 # set log directory location
 AC_ARG_WITH(logfilebase,
-[  --with-logfilebase=DIR  Where to put log files (\$(VARDIR))],
+[AS_HELP_STRING([--with-logfilebase=DIR],[Where to put log files (\$(VARDIR))])],
 [ case "$withval" in
   yes|no)
   #
@@ -186,7 +170,7 @@ AC_SUBST(modulesdir)
 selftest_prefix="./st"
 AC_SUBST(selftest_prefix)
 AC_ARG_WITH(selftest-prefix,
-[  --with-selftest-prefix=DIR    The prefix where make test will be run ($selftest_prefix)],
+[AS_HELP_STRING([--with-selftest-prefix=DIR],[The prefix where make test will be run ($selftest_prefix)])],
 [ case "$withval" in
   yes|no)
     AC_MSG_WARN([--with-selftest-prefix called without argument - will use default])
@@ -198,7 +182,7 @@ AC_ARG_WITH(selftest-prefix,
 
 debug=no
 AC_ARG_ENABLE(debug,
-[  --enable-debug          Turn on compiler debugging information (default=no)],
+[AS_HELP_STRING([--enable-debug],[Turn on compiler debugging information (default=no)])],
     [if test x$enable_debug = xyes; then
         debug=yes
     fi])
@@ -206,7 +190,7 @@ AC_ARG_ENABLE(debug,
 developer=no
 AC_SUBST(developer)
 AC_ARG_ENABLE(developer,
-[  --enable-developer      Turn on developer warnings and debugging (default=no)],
+[AS_HELP_STRING([--enable-developer],[Turn on developer warnings and debugging (default=no)])],
     [if test x$enable_developer = xyes; then
 	debug=yes
         developer=yes
@@ -214,7 +198,7 @@ AC_ARG_ENABLE(developer,
 
 dnl disable these external libs 
 AC_ARG_WITH(disable-ext-lib,
-[  --with-disable-ext-lib=LIB Comma-seperated list of external libraries],
+[AS_HELP_STRING([--with-disable-ext-lib=LIB],[Comma-seperated list of external libraries])],
 [ if test $withval; then
 	for i in `echo $withval | sed -e's/,/ /g'`
 	do

source/dsdb/config.mk

@@ -35,8 +35,7 @@ PRIVATE_DEPENDENCIES = SAMDB_COMMON NDR_DRSUAPI NDR_DRSBLOBS
 SAMDB_SCHEMA_OBJ_FILES = $(addprefix $(dsdbsrcdir)/schema/, \
 		schema_init.o \
 		schema_syntax.o \
-		schema_description.o \
+		schema_description.o)
-		schema_convert.o)
 
 $(eval $(call proto_header_template,$(dsdbsrcdir)/schema/proto.h,$(SAMDB_SCHEMA_OBJ_FILES:.o=.c)))
 # PUBLIC_HEADERS += dsdb/schema/schema.h

source/dsdb/samdb/ldb_modules/schema_fsmo.c

@@ -125,6 +125,7 @@ static int schema_fsmo_init(struct ldb_module *module)
 				       "schema_fsmo_init: dsdb_schema load failed: %s",
 				       error_string);
 		talloc_free(mem_ctx);
+		return ret;
 	}
 
 	/* dsdb_set_schema() steal schema into the ldb_context */

source/dsdb/samdb/ldb_modules/tests/samba3sam.py

@@ -47,7 +47,7 @@ class MapBaseTestCase(TestCaseInTempDir):
 
         ldb.add({"dn": "@PARTITION",
             "partition": [s4.basedn + ":" + s4.url, s3.basedn + ":" + s3.url],
-            "replicateEntries": ["@SUBCLASSES", "@ATTRIBUTES", "@INDEXLIST"]})
+            "replicateEntries": ["@ATTRIBUTES", "@INDEXLIST"]})
 
     def setUp(self):
         super(MapBaseTestCase, self).setUp()

source/dsdb/samdb/samdb.h

@@ -31,6 +31,7 @@ struct event_context;
 
 #include "librpc/gen_ndr/security.h"
 #include "lib/ldb/include/ldb.h"
+#include "lib/ldb-samba/ldif_handlers.h"
 #include "librpc/gen_ndr/samr.h"
 #include "librpc/gen_ndr/drsuapi.h"
 #include "librpc/gen_ndr/drsblobs.h"

source/dsdb/schema/schema.h

@@ -32,6 +32,10 @@ struct dsdb_syntax {
 	uint32_t oMSyntax;
 	struct ldb_val oMObjectClass;
 	const char *attributeSyntax_oid;
+	const char *equality;
+	const char *substring;
+	const char *comment;
+	const char *ldb_syntax;
 
 	WERROR (*drsuapi_to_ldb)(const struct dsdb_schema *schema,
 				 const struct dsdb_attribute *attr,
@@ -174,14 +178,6 @@ enum dsdb_schema_convert_target {
 	TARGET_AD_SCHEMA_SUBENTRY
 };
 
-struct dsdb_syntax_map {
-	const char *Standard_OID;
-	const char *AD_OID;
-	const char *equality;
-	const char *substring;
-	const char *comment;
-};
-
 #include "dsdb/schema/proto.h"
 
 #endif /* _DSDB_SCHEMA_H */

source/dsdb/schema/schema_convert.c

@@ -1,160 +0,0 @@
-/* 
-   ldb database library
-
-   Copyright (C) Simo Sorce 2005
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "dsdb/samdb/samdb.h"
-
-/* Shared map for converting syntax between formats */
-static const struct dsdb_syntax_map syntax_map[] = {
-	{ 
-		.Standard_OID = "1.3.6.1.4.1.1466.115.121.1.12", 
-		.AD_OID = "2.5.5.1", 
-		.equality = "distinguishedNameMatch",
-		.comment = "Object(DS-DN) == a DN" 
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.38",
-		.AD_OID =  "2.5.5.2",
-		.equality = "objectIdentifierMatch",
-		.comment =  "OID String"
-	},
-	{ 
-		.Standard_OID =  "1.2.840.113556.1.4.905", 
-		.AD_OID =  "2.5.5.4",
-		.equality = "caseIgnoreMatch",
-		.substring = "caseIgnoreSubstringsMatch",
-		.comment =   "Case Insensitive String" 
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.26",
-		.AD_OID =   "2.5.5.5",
-		.equality = "caseExactIA5Match",
-		.comment = "Printable String"
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.36",
-		.AD_OID =   "2.5.5.6", 
-		.equality = "numericStringMatch",
-		.substring = "numericStringSubstringsMatch",
-		.comment = "Numeric String" 
-	},
-	{ 
-		.Standard_OID =  "1.2.840.113556.1.4.903", 
-		.AD_OID =  "2.5.5.7", 
-		.equality = "distinguishedNameMatch",
-		.comment = "OctetString: Binary+DN" 
-	},
-	{ 
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.7",
-		.AD_OID =   "2.5.5.8", 
-		.equality = "booleanMatch",
-		.comment = "Boolean" 
-	},
-	{ 
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.27",
-		.AD_OID =   "2.5.5.9", 
-		.equality = "integerMatch",
-		.comment = "Integer" 
-	},
-	{ 
-		.Standard_OID = "1.3.6.1.4.1.1466.115.121.1.40",
-		.AD_OID       = "2.5.5.10",
-		.equality     = "octetStringMatch",
-		.comment      =  "Octet String"
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.24",
-		.AD_OID =   "2.5.5.11", 
-		.equality = "generalizedTimeMatch",
-		.comment = "Generalized Time"
-	},
-	{ 
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.53",
-		.AD_OID =   "2.5.5.11", 
-		.equality = "generalizedTimeMatch",
-		.comment = "UTC Time" 
-	},
-	{ 
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.15",
-		.AD_OID =   "2.5.5.12", 
-		.equality = "caseIgnoreMatch",
-		.substring = "caseIgnoreSubstringsMatch",
-		.comment = "Directory String"
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.43",
-		.AD_OID =   "2.5.5.13", 
-		.comment = "Presentation Address" 
-	},
-	{
-		.Standard_OID =   "Not Found Yet", 
-		.AD_OID =  "2.5.5.14", 
-		.equality = "distinguishedNameMatch",
-		.comment = "OctetString: String+DN" 
-	},
-	{
-		.Standard_OID =  "1.2.840.113556.1.4.907",
-		.AD_OID =   "2.5.5.15", 
-		.equality     = "octetStringMatch",
-		.comment = "NT Security Descriptor"
-	},
-	{ 
-		.Standard_OID =  "1.2.840.113556.1.4.906", 
-		.AD_OID =  "2.5.5.16", 
-		.equality = "integerMatch",
-		.comment = "Large Integer" 
-	},
-	{
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.40",
-		.AD_OID =   "2.5.5.17",
-		.equality     = "octetStringMatch",
-		.comment =  "Octet String - Security Identifier (SID)" 
-	},
-	{ 
-		.Standard_OID =  "1.3.6.1.4.1.1466.115.121.1.26", 
-		.AD_OID =  "2.5.5.5", 
-		.equality = "caseExactIA5Match",
-		.comment = "IA5 String" 
-	},
-	{	.Standard_OID = NULL
-	}
-};
-
-
-const struct dsdb_syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid) 
-{
-	int i;
-	for (i=0; syntax_map[i].Standard_OID; i++) {
-		if (strcasecmp(ad_oid, syntax_map[i].AD_OID) == 0) {
-			return &syntax_map[i];
-		}
-	}
-	return NULL;
-}
-
-const struct dsdb_syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid) 
-{
-	int i;
-	for (i=0; syntax_map[i].Standard_OID; i++) {
-		if (strcasecmp(standard_oid, syntax_map[i].Standard_OID) == 0) {
-			return &syntax_map[i];
-		}
-	}
-	return NULL;
-}

source/dsdb/schema/schema_convert.h

@@ -1,10 +0,0 @@
-struct syntax_map {
-	const char *Standard_OID;
-	const char *AD_OID;
-	const char *equality;
-	const char *substring;
-	const char *comment;
-};
-
-const struct syntax_map *find_syntax_map_by_ad_oid(const char *ad_oid); 
-const struct syntax_map *find_syntax_map_by_standard_oid(const char *standard_oid);

source/dsdb/schema/schema_description.c

@@ -90,8 +90,8 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx,
 char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) 
 {
 	char *schema_description;
-	const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid);
+	const struct dsdb_syntax *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid);
-	const char *syntax = map ? map->Standard_OID : attribute->attributeSyntax_oid;
+	const char *syntax = map ? map->ldap_oid : attribute->attributeSyntax_oid;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 	if (!tmp_ctx) {
 		return NULL;

source/dsdb/schema/schema_init.c

@@ -809,7 +809,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 	if (!prefix_val) {
 		*error_string = talloc_asprintf(mem_ctx, 
 						"schema_fsmo_init: no prefixMap attribute found");
-		talloc_free(mem_ctx);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 	info_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo");
@@ -828,7 +827,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 		*error_string = talloc_asprintf(mem_ctx, 
 			      "schema_fsmo_init: failed to load oid mappings: %s",
 			      win_errstr(status));
-		talloc_free(mem_ctx);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
@@ -847,7 +845,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 				      "schema_fsmo_init: failed to load attribute definition: %s:%s",
 				      ldb_dn_get_linearized(attrs_res->msgs[i]->dn),
 				      win_errstr(status));
-			talloc_free(mem_ctx);
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
 
@@ -869,7 +866,6 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 				      "schema_fsmo_init: failed to load class definition: %s:%s",
 				      ldb_dn_get_linearized(objectclass_res->msgs[i]->dn),
 				      win_errstr(status));
-			talloc_free(mem_ctx);
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
 
@@ -914,7 +910,6 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn,
 					"(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))",
 					name, name);
 		if (ret != LDB_SUCCESS) {
-			printf("Search failed: %s\n", ldb_errstring(ldb));
 			return ret;
 		}
 		
@@ -940,7 +935,8 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn,
 
 static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *schemadn, 
 				    TALLOC_CTX *mem_ctx, 
-				    struct ldb_result **objectclasses_res)
+				    struct ldb_result **objectclasses_res,
+				    char **error_string)
 {
 	TALLOC_CTX *local_ctx = talloc_new(mem_ctx);
 	struct ldb_result *top_res, *ret_res;
@@ -949,19 +945,23 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 	
-	/* Downlaod 'top' */
+	/* Download 'top' */
 	ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, 
 			 "(&(objectClass=classSchema)(lDAPDisplayName=top))", 
 			 NULL, &top_res);
 	if (ret != LDB_SUCCESS) {
-		printf("Search failed: %s\n", ldb_errstring(ldb));
+		*error_string = talloc_asprintf(mem_ctx, 
-		return LDB_ERR_OPERATIONS_ERROR;
+						"dsdb_schema: failed to search for top classSchema object: %s",
+						ldb_errstring(ldb));
+		return ret;
 	}
 
 	talloc_steal(local_ctx, top_res);
 
 	if (top_res->count != 1) {
-		return LDB_ERR_OPERATIONS_ERROR;
+		*error_string = talloc_asprintf(mem_ctx, 
+						"dsdb_schema: failed to find top classSchema object");
+		return LDB_ERR_NO_SUCH_OBJECT;
 	}
 
 	ret_res = talloc_zero(local_ctx, struct ldb_result);
@@ -972,8 +972,7 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche
 	ret = fetch_oc_recursive(ldb, schemadn, local_ctx, top_res, ret_res); 
 
 	if (ret != LDB_SUCCESS) {
-		printf("Search failed: %s\n", ldb_errstring(ldb));
+		return ret;
-		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
 	*objectclasses_res = talloc_move(mem_ctx, &ret_res);
@@ -1051,10 +1050,10 @@ int dsdb_schema_from_schema_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
 	/*
 	 * load the objectClass definitions
 	 */
-	ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res);
+	ret = fetch_objectclass_schema(ldb, schema_dn, tmp_ctx, &c_res, &error_string);
 	if (ret != LDB_SUCCESS) {
 		*error_string_out = talloc_asprintf(mem_ctx, 
-				       "Failed to fetch objectClass schema elements: %s\n", ldb_errstring(ldb));
+				       "Failed to fetch objectClass schema elements: %s", error_string);
 		talloc_free(tmp_ctx);
 		return ret;
 	}

source/dsdb/schema/schema_syntax.c

@@ -3,7 +3,9 @@
    DSDB schema syntaxes
    
    Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
-    
+   Copyright (C) Simo Sorce 2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
@@ -1109,7 +1111,6 @@ static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_
 	return WERR_OK;
 }
 
-
 #define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
 
 static const struct dsdb_syntax dsdb_syntaxes[] = {
@@ -1120,27 +1121,36 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.8",
 		.drsuapi_to_ldb		= dsdb_syntax_BOOL_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_BOOL_ldb_to_drsuapi,
+		.equality               = "booleanMatch",
+		.comment                = "Boolean" 
 	},{
 		.name			= "Integer",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.27",
+		.ldap_oid		= LDB_SYNTAX_INTEGER,
 		.oMSyntax		= 2,
 		.attributeSyntax_oid	= "2.5.5.9",
 		.drsuapi_to_ldb		= dsdb_syntax_INT32_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_INT32_ldb_to_drsuapi,
+		.equality               = "integerMatch",
+		.comment                = "Integer",
 	},{
 		.name			= "String(Octet)",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.40",
+		.ldap_oid		= LDB_SYNTAX_OCTET_STRING,
 		.oMSyntax		= 4,
 		.attributeSyntax_oid	= "2.5.5.10",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.equality               = "octetStringMatch",
+		.comment                = "Octet String",
 	},{
 		.name			= "String(Sid)",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.40",
+		.ldap_oid		= LDB_SYNTAX_OCTET_STRING,
 		.oMSyntax		= 4,
 		.attributeSyntax_oid	= "2.5.5.17",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.equality               = "octetStringMatch",
+		.comment                = "Octet String - Security Identifier (SID)",
+		.ldb_syntax             = LDB_SYNTAX_SAMBA_SID
 	},{
 		.name			= "String(Object-Identifier)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.38",
@@ -1148,9 +1158,12 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.2",
 		.drsuapi_to_ldb		= dsdb_syntax_OID_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_OID_ldb_to_drsuapi,
+		.equality               = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
+		.comment                = "OID String",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING
 	},{
 		.name			= "Enumeration",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.27",
+		.ldap_oid		= LDB_SYNTAX_INTEGER,
 		.oMSyntax		= 10,
 		.attributeSyntax_oid	= "2.5.5.9",
 		.drsuapi_to_ldb		= dsdb_syntax_INT32_drsuapi_to_ldb,
@@ -1163,6 +1176,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.6",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.equality               = "numericStringMatch",
+		.substring              = "numericStringSubstringsMatch",
+		.comment                = "Numeric String" 
 	},{
 		.name			= "String(Printable)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.44",
@@ -1177,6 +1193,10 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.4",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.equality               = "caseIgnoreMatch",
+		.substring              = "caseIgnoreSubstringsMatch",
+		.comment                = "Case Insensitive String",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING,
 	},{
 		.name			= "String(IA5)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.26",
@@ -1184,6 +1204,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.5",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.equality               = "caseExactIA5Match",
+		.comment                = "Printable String"
 	},{
 		.name			= "String(UTC-Time)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.53",
@@ -1191,6 +1213,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.11",
 		.drsuapi_to_ldb		= dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
+		.equality               = "generalizedTimeMatch",
+		.comment                = "UTC Time",
 	},{
 		.name			= "String(Generalized-Time)",
 		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.24",
@@ -1198,6 +1222,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.11",
 		.drsuapi_to_ldb		= dsdb_syntax_NTTIME_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_NTTIME_ldb_to_drsuapi,
+		.equality               = "generalizedTimeMatch",
+		.comment                = "Generalized Time",
+		.ldb_syntax             = LDB_SYNTAX_UTC_TIME,
 	},{
 	/* not used in w2k3 schema */
 		.name			= "String(Case Sensitive)",
@@ -1208,11 +1235,14 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
 	},{
 		.name			= "String(Unicode)",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.15",
+		.ldap_oid		= LDB_SYNTAX_DIRECTORY_STRING,
 		.oMSyntax		= 64,
 		.attributeSyntax_oid	= "2.5.5.12",
 		.drsuapi_to_ldb		= dsdb_syntax_UNICODE_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_UNICODE_ldb_to_drsuapi,
+		.equality               = "caseIgnoreMatch",
+		.substring              = "caseIgnoreSubstringsMatch",
+		.comment                = "Directory String",
 	},{
 		.name			= "Interval/LargeInteger",
 		.ldap_oid		= "1.2.840.113556.1.4.906",
@@ -1220,21 +1250,26 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.16",
 		.drsuapi_to_ldb		= dsdb_syntax_INT64_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_INT64_ldb_to_drsuapi,
+		.equality               = "integerMatch",
+		.comment                = "Large Integer",
+		.ldb_syntax             = LDB_SYNTAX_INTEGER,
 	},{
 		.name			= "String(NT-Sec-Desc)",
-		.ldap_oid		= "1.2.840.113556.1.4.907",
+		.ldap_oid		= LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
 		.oMSyntax		= 66,
 		.attributeSyntax_oid	= "2.5.5.15",
 		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
 	},{
 		.name			= "Object(DS-DN)",
-		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.12",
+		.ldap_oid		= LDB_SYNTAX_DN,
 		.oMSyntax		= 127,
 		.oMObjectClass		= OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
 		.attributeSyntax_oid	= "2.5.5.1",
 		.drsuapi_to_ldb		= dsdb_syntax_DN_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DN_ldb_to_drsuapi,
+		.equality               = "distinguishedNameMatch",
+		.comment                = "Object(DS-DN) == a DN",
 	},{
 		.name			= "Object(DN-Binary)",
 		.ldap_oid		= "1.2.840.113556.1.4.903",
@@ -1243,6 +1278,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.7",
 		.drsuapi_to_ldb		= dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
+		.equality               = "distinguishedNameMatch",
+		.comment                = "OctetString: Binary+DN",
+		.ldb_syntax             = LDB_SYNTAX_DN,
 	},{
 	/* not used in w2k3 schema */
 		.name			= "Object(OR-Name)",
@@ -1274,6 +1312,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.13",
 		.drsuapi_to_ldb		= dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
+		.comment                = "Presentation Address" 
 	},{
 	/* not used in w2k3 schema */
 		.name			= "Object(Access-Point)",
@@ -1283,6 +1322,9 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.14",
 		.drsuapi_to_ldb		= dsdb_syntax_FOOBAR_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
+		.equality               = "distinguishedNameMatch",
+		.comment                = "OctetString: String+DN",
+		.ldb_syntax             = LDB_SYNTAX_DN,
 	},{
 	/* not used in w2k3 schema */
 		.name			= "Object(DN-String)",
@@ -1292,9 +1334,42 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
 		.attributeSyntax_oid	= "2.5.5.14",
 		.drsuapi_to_ldb		= dsdb_syntax_FOOBAR_drsuapi_to_ldb,
 		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
+		.ldb_syntax             = LDB_SYNTAX_DN,
 	}
 };
 
+const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid) 
+{
+	int i;
+	for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+		if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
+
+const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax) 
+{
+	int i;
+	for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+		if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
+
+const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid) 
+{
+	int i;
+	for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+		if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
 const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
 {
 	uint32_t i;

source/lib/basic.mk

@@ -1,6 +1,6 @@
-[SUBSYSTEM::LIBCOMPRESSION]
+[SUBSYSTEM::LZXPRESS]
 
-LIBCOMPRESSION_OBJ_FILES = $(libcompressionsrcdir)/mszip.o
+LZXPRESS_OBJ_FILES = $(libcompressionsrcdir)/lzxpress.o
 
 [SUBSYSTEM::GENCACHE]
 PRIVATE_DEPENDENCIES = TDB_WRAP

source/lib/compression/lzxpress.c

@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) Matthieu Suiche 2008
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the author nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#include "includes.h"
+#include "replace.h"
+#include "lzxpress.h"
+
+
+#define __BUF_POS_CONST(buf,ofs)(((const uint8_t *)buf)+(ofs))
+#define __PULL_BYTE(buf,ofs) \
+	((uint8_t)((*__BUF_POS_CONST(buf,ofs)) & 0xFF))
+
+#ifndef PULL_LE_UINT16
+#define PULL_LE_UINT16(buf,ofs) ((uint16_t)( \
+	((uint16_t)(((uint16_t)(__PULL_BYTE(buf,(ofs)+0))) << 0)) | \
+	((uint16_t)(((uint16_t)(__PULL_BYTE(buf,(ofs)+1))) << 8)) \
+))
+#endif
+
+#ifndef PULL_LE_UINT32
+#define PULL_LE_UINT32(buf,ofs) ((uint32_t)( \
+	((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+0))) <<  0)) | \
+	((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+1))) <<  8)) | \
+	((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+2))) << 16)) | \
+	((uint32_t)(((uint32_t)(__PULL_BYTE(buf,(ofs)+3))) << 24)) \
+))
+#endif
+
+static uint32_t xpress_decompress(uint8_t *input,
+				uint32_t input_size,
+				uint8_t *output,
+				uint32_t output_size)
+{
+	uint32_t output_index, input_index;
+	uint32_t indicator, indicator_bit;
+	uint32_t length;
+	uint32_t offset;
+	uint32_t nibble_index;
+
+	output_index = 0;
+	input_index = 0;
+	indicator = 0;
+	indicator_bit = 0;
+	length = 0;
+	offset = 0;
+	nibble_index = 0;
+
+	do {
+		if (indicator_bit == 0) {
+			indicator = PULL_LE_UINT32(input, input_index);
+			input_index += sizeof(uint32_t);
+			indicator_bit = 32;
+		}
+		indicator_bit--;
+
+		/*
+		 * check whether the bit specified by indicator_bit is set or not
+		 * set in indicator. For example, if indicator_bit has value 4
+		 * check whether the 4th bit of the value in indicator is set
+		 */
+		if (((indicator >> indicator_bit) & 1) == 0) {
+			output[output_index] = input[input_index];
+			input_index += sizeof(uint8_t);
+			output_index += sizeof(uint8_t);
+		} else {
+			length = PULL_LE_UINT16(input, input_index);
+			input_index += sizeof(uint16_t);
+			offset = length / 8;
+			length = length % 8;
+
+			if (length == 7) {
+				if (nibble_index == 0) {
+					nibble_index = input_index;
+					length = input[input_index] % 16;
+					input_index += sizeof(uint8_t);
+				} else {
+					length = input[nibble_index] / 16;
+					nibble_index = 0;
+				}
+
+				if (length == 15) {
+					length = input[input_index];
+					input_index += sizeof(uint8_t);
+						if (length == 255) {
+							length = PULL_LE_UINT16(input, input_index);
+							input_index += sizeof(uint16_t);
+							length -= (15 + 7);
+						}
+					length += 15;
+				}
+				length += 7;
+			}
+
+			length += 3;
+
+			do {
+				if (output_index >= output_size) break;
+				output[output_index] = output[output_index - offset - 1];
+				output_index += sizeof(uint8_t);
+				length -= sizeof(uint8_t);
+			} while (length != 0);
+		}
+
+	} while ((output_index < output_size) && (input_index < input_size));
+
+	return output_index;
+}
+
+uint32_t lzxpress_decompress(DATA_BLOB *inbuf,
+				DATA_BLOB *outbuf)
+{
+	return xpress_decompress(inbuf->data, inbuf->length, outbuf->data, outbuf->length);
+}

source/lib/compression/lzxpress.h

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) Matthieu Suiche 2008
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the author nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifndef _LZXPRESS_H
+#define _LZXPRESS_H
+
+#define XPRESS_BLOCK_SIZE 0x10000
+
+uint32_t lzxpress_decompress(DATA_BLOB *inbuf,
+			     DATA_BLOB *outbuf);
+
+#endif /* _LZXPRESS_H */

source/lib/ldb-samba/config.mk

@@ -7,5 +7,5 @@ PRIVATE_DEPENDENCIES = LIBSECURITY SAMDB_SCHEMA LIBNDR NDR_MISC NDR_DRSBLOBS
 ################################################
 
 LDBSAMBA_OBJ_FILES = $(ldb_sambasrcdir)/ldif_handlers.o
-$(eval $(call proto_header_template,$(ldb_sambasrcdir)/ldif_handlers.h,$(LDBSAMBA_OBJ_FILES:.o=.c)))
+$(eval $(call proto_header_template,$(ldb_sambasrcdir)/ldif_handlers_proto.h,$(LDBSAMBA_OBJ_FILES:.o=.c)))
 

source/lib/ldb-samba/ldif_handlers.c

@@ -561,8 +561,6 @@ static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx,
 	return ret;
 }
 
-#define LDB_SYNTAX_SAMBA_SID			"LDB_SYNTAX_SAMBA_SID"
-#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR	"LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR"
 #define LDB_SYNTAX_SAMBA_GUID			"LDB_SYNTAX_SAMBA_GUID"
 #define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY	"LDB_SYNTAX_SAMBA_OBJECT_CATEGORY"
 #define LDB_SYNTAX_SAMBA_PREFIX_MAP	"LDB_SYNTAX_SAMBA_PREFIX_MAP"
@@ -635,6 +633,21 @@ static const struct {
 	{ "prefixMap",                  LDB_SYNTAX_SAMBA_PREFIX_MAP }
 };
 
+const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name)
+{
+	uint32_t j;
+	const struct ldb_schema_syntax *s = NULL;
+	
+	for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) {
+		if (strcmp(name, samba_syntaxes[j].name) == 0) {
+			s = &samba_syntaxes[j];
+			break;
+		}
+	}
+	return s;
+}
+
+
 /*
   register the samba ldif handlers
 */
@@ -644,15 +657,9 @@ int ldb_register_samba_handlers(struct ldb_context *ldb)
 
 	for (i=0; i < ARRAY_SIZE(samba_attributes); i++) {
 		int ret;
-		uint32_t j;
 		const struct ldb_schema_syntax *s = NULL;
 
-		for (j=0; j < ARRAY_SIZE(samba_syntaxes); j++) {
+		s = ldb_samba_syntax_by_name(ldb, samba_attributes[i].syntax);
-			if (strcmp(samba_attributes[i].syntax, samba_syntaxes[j].name) == 0) {
-				s = &samba_syntaxes[j];
-				break;
-			}
-		}
 
 		if (!s) {
 			s = ldb_standard_syntax_by_name(ldb, samba_attributes[i].syntax);

source/lib/ldb-samba/ldif_handlers.h

@@ -0,0 +1,13 @@
+#ifndef __LIB_LDB_SAMBA_LDIF_HANDLERS_H__
+#define __LIB_LDB_SAMBA_LDIF_HANDLERS_H__
+
+#define LDB_SYNTAX_SAMBA_SID			"LDB_SYNTAX_SAMBA_SID"
+#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR	"1.2.840.113556.1.4.907"
+
+#include "lib/ldb-samba/ldif_handlers_proto.h"
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __LIB_LDB_SAMBA_LDIF_HANDLERS_H__ */
+

source/lib/ldb/common/ldb_attributes.c

@@ -62,11 +62,20 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb,
 	ldb->schema.attributes = a;
 
 	for (i = 0; i < ldb->schema.num_attributes; i++) {
-		if (ldb_attr_cmp(attribute, a[i].name) < 0) {
+		int cmp = ldb_attr_cmp(attribute, a[i].name);
+		if (cmp == 0) {
+			if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) {
+				talloc_free(discard_const_p(char, a[i].name));
+			}
+			/* To cancel out increment below */
+			ldb->schema.num_attributes--;
+			break;
+		} else if (cmp < 0) {
 			memmove(a+i+1, a+i, sizeof(*a) * (ldb->schema.num_attributes-i));
 			break;
 		}
 	}
+	ldb->schema.num_attributes++;
 
 	a[i].name	= attribute;
 	a[i].flags	= flags;
@@ -80,7 +89,6 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb,
 		}
 	}
 
-	ldb->schema.num_attributes++;
 	return 0;
 }
 
@@ -145,7 +153,7 @@ void ldb_schema_attribute_remove(struct ldb_context *ldb, const char *name)
 	int i;
 
 	a = ldb_schema_attribute_by_name(ldb, name);
-	if (a == NULL) {
+	if (a == NULL || a->name == NULL) {
 		return;
 	}
 

source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c

@@ -349,23 +349,7 @@ static char *parsetree_to_sql(struct ldb_module *module,
 			return NULL;
 		}
 
-		if (strcasecmp(t->u.equality.attr, "objectclass") == 0) {
+		if (strcasecmp(t->u.equality.attr, "dn") == 0) {
-		/*
-		 * For object classes, we want to search for all objectclasses
-		 * that are subclasses as well.
-		*/
-			return lsqlite3_tprintf(mem_ctx,
-					"SELECT eid  FROM ldb_attribute_values\n"
-					"WHERE norm_attr_name = 'OBJECTCLASS' "
-					"AND norm_attr_value IN\n"
-					"  (SELECT class_name FROM ldb_object_classes\n"
-					"   WHERE tree_key GLOB\n"
-					"     (SELECT tree_key FROM ldb_object_classes\n"
-					"      WHERE class_name = '%q'\n"
-					"     ) || '*'\n"
-					"  )\n", value.data);
-
-		} else if (strcasecmp(t->u.equality.attr, "dn") == 0) {
 			/* DN query is a special ldb case */
 		 	const char *cdn = ldb_dn_get_casefold(
 						ldb_dn_new(mem_ctx, module->ldb,
@@ -1039,16 +1023,8 @@ static int lsql_add(struct ldb_module *module, struct ldb_request *req)
 
         /* See if this is an ltdb special */
 	if (ldb_dn_is_special(msg->dn)) {
-		struct ldb_dn *c;
-
-		c = ldb_dn_new(lsql_ac, module->ldb, "@SUBCLASSES");
-		if (ldb_dn_compare(msg->dn, c) == 0) {
-#warning "insert subclasses into object class tree"
-			ret = LDB_ERR_UNWILLING_TO_PERFORM;
-			goto done;
-		}
-
 /*
+		struct ldb_dn *c;
 		c = ldb_dn_new(local_ctx, module->ldb, "@INDEXLIST");
 		if (ldb_dn_compare(module->ldb, msg->dn, c) == 0) {
 #warning "should we handle indexes somehow ?"
@@ -1177,15 +1153,6 @@ static int lsql_modify(struct ldb_module *module, struct ldb_request *req)
 
         /* See if this is an ltdb special */
 	if (ldb_dn_is_special(msg->dn)) {
-		struct ldb_dn *c;
-
-		c = ldb_dn_new(lsql_ac, module->ldb, "@SUBCLASSES");
-		if (ldb_dn_compare(msg->dn, c) == 0) {
-#warning "modify subclasses into object class tree"
-			ret = LDB_ERR_UNWILLING_TO_PERFORM;
-			goto done;
-		}
-
                 /* Others return an error */
 		ret = LDB_ERR_UNWILLING_TO_PERFORM;
                 goto done;

source/lib/ldb/ldb_sqlite3/schema

@@ -326,38 +326,3 @@ UPDATE ldb_attributes
       integer_p = 0
   WHERE attr_name = 'dn'
 
--- ----------------------------------------------------------------------
-
-/*
- * dn: @SUBCLASSES
- * top: domain
- * top: person
- * domain: domainDNS
- * person: organizationalPerson
- * person: fooPerson
- * organizationalPerson: user
- * organizationalPerson: OpenLDAPperson
- * user: computer
- */
--- insertSubclass
-
-/* NOT YET UPDATED!!! *
-
-
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'domain', /* next_tree_key('top') */ '00010001';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'person', /* next_tree_key('top') */ '00010002';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'domainDNS', /* next_tree_key('domain') */ '000100010001';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'organizationalPerson', /* next_tree_key('person') */ '000100020001';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'fooPerson', /* next_tree_key('person') */ '000100020002';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'user', /* next_tree_key('organizationalPerson') */ '0001000200010001';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'OpenLDAPperson', /* next_tree_key('organizationPerson') */ '0001000200010002';
-INSERT OR REPLACE INTO ldb_object_classes (class_name, tree_key)
-  SELECT 'computer', /* next_tree_key('user') */ '0001000200010001';
- 

source/lib/ldb/tests/test-attribs.ldif

@@ -4,12 +4,3 @@ cn: CASE_INSENSITIVE
 ou: CASE_INSENSITIVE
 dn: CASE_INSENSITIVE
 
-dn: @SUBCLASSES
-top: domain
-top: person
-domain: domainDNS
-person: organizationalPerson
-person: fooPerson
-organizationalPerson: user
-organizationalPerson: OpenLDAPperson
-user: computer

source/lib/ldb/tests/test-index.ldif

@@ -5,7 +5,3 @@ dn: @INDEXLIST
 dn: @ATTRIBUTES
 uid: CASE_INSENSITIVE
 
-dn: @SUBCLASSES
-top: person
-person: organizationalPerson
-organizationalPerson: OpenLDAPperson

source/lib/zlib/adler32.c

@@ -5,8 +5,7 @@
 
 /* @(#) $Id$ */
 
-#define ZLIB_INTERNAL
+#include "zutil.h"
-#include "zlib.h"
 
 #define BASE 65521UL    /* largest prime smaller than 65536 */
 #define NMAX 5552

source/lib/zlib/compress.c

@@ -5,8 +5,7 @@
 
 /* @(#) $Id$ */
 
-#define ZLIB_INTERNAL
+#include "zutil.h"
-#include "zlib.h"
 
 /* ===========================================================================
      Compresses the source buffer into the destination buffer. The level
@@ -29,7 +28,7 @@ int ZEXPORT compress2 (dest, destLen, source, sourceLen, level)
     z_stream stream;
     int err;
 
-    stream.next_in = (Bytef*)source;
+    stream.next_in = source;
     stream.avail_in = (uInt)sourceLen;
 #ifdef MAXSEG_64K
     /* Check for source > 64K on 16-bit machine: */

source/lib/zlib/crc32.c

@@ -11,6 +11,8 @@
 
 /* @(#) $Id$ */
 
+#include "zutil.h"      /* for STDC and FAR definitions */
+
 /*
   Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore
   protection on the static variables used to control the first-use generation
@@ -26,8 +28,6 @@
 #  endif /* !DYNAMIC_CRC_TABLE */
 #endif /* MAKECRCH */
 
-#include "zutil.h"      /* for STDC and FAR definitions */
-
 #define local static
 
 /* Find a four-byte integer type for crc32_little() and crc32_big(). */

source/lib/zlib/deflate.c

@@ -154,9 +154,6 @@ local const config configuration_table[10] = {
  * meaning.
  */
 
-#define EQUAL 0
-/* result of memcmp for equal strings */
-
 #ifndef NO_DUMMY_DECL
 struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
 #endif
@@ -297,7 +294,7 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
     if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
         s->pending_buf == Z_NULL) {
         s->status = FINISH_STATE;
-        strm->msg = (char*)ERR_MSG(Z_MEM_ERROR);
+        strm->msg = ERR_MSG(Z_MEM_ERROR);
         deflateEnd (strm);
         return Z_MEM_ERROR;
     }
@@ -1226,6 +1223,9 @@ local uInt longest_match_fast(s, cur_match)
 }
 
 #ifdef DEBUG
+#define EQUAL 0
+/* result of memcmp for equal strings */
+
 /* ===========================================================================
  * Check that the match at match_start is indeed a match.
  */

source/lib/zlib/gzio.c

@@ -7,8 +7,6 @@
 
 /* @(#) $Id$ */
 
-#include <stdio.h>
-
 #include "zutil.h"
 
 #ifdef NO_DEFLATE       /* for compatibility with old definition */
@@ -46,7 +44,7 @@ extern void   free   OF((voidpf ptr));
 static int const gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */
 
 /* gzip flag byte */
-#define ASCII_FLAG   0x01 /* bit 0 set: file probably ascii text */
+/*#define ASCII_FLAG   0x01 *//* bit 0 set: file probably ascii text */
 #define HEAD_CRC     0x02 /* bit 1 set: header CRC present */
 #define EXTRA_FIELD  0x04 /* bit 2 set: extra field present */
 #define ORIG_NAME    0x08 /* bit 3 set: original file name present */
@@ -98,7 +96,7 @@ local gzFile gz_open (path, mode, fd)
     int err;
     int level = Z_DEFAULT_COMPRESSION; /* compression level */
     int strategy = Z_DEFAULT_STRATEGY; /* compression strategy */
-    char *p = (char*)mode;
+    const char *p = mode;
     gz_stream *s;
     char fmode[80]; /* copy of mode, without the compression level */
     char *m = fmode;
@@ -565,7 +563,7 @@ int ZEXPORT gzwrite (file, buf, len)
 
     if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR;
 
-    s->stream.next_in = (Bytef*)buf;
+    s->stream.next_in = (const Bytef*)buf;
     s->stream.avail_in = len;
 
     while (s->stream.avail_in != 0) {
@@ -694,7 +692,7 @@ int ZEXPORT gzputs(file, s)
     gzFile file;
     const char *s;
 {
-    return gzwrite(file, (char*)s, (unsigned)strlen(s));
+    return gzwrite(file, (voidpc)s, (unsigned)strlen(s));
 }
 
 
@@ -988,7 +986,7 @@ const char * ZEXPORT gzerror (file, errnum)
     gzFile file;
     int *errnum;
 {
-    char *m;
+    const char *m;
     gz_stream *s = (gz_stream*)file;
 
     if (s == NULL) {
@@ -998,9 +996,9 @@ const char * ZEXPORT gzerror (file, errnum)
     *errnum = s->z_err;
     if (*errnum == Z_OK) return (const char*)"";
 
-    m = (char*)(*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg);
+    m = (*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg);
 
-    if (m == NULL || *m == '\0') m = (char*)ERR_MSG(s->z_err);
+    if (m == NULL || *m == '\0') m = ERR_MSG(s->z_err);
 
     TRYFREE(s->msg);
     s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3);

source/lib/zlib/infback.c

@@ -246,7 +246,7 @@ out_func out;
 void FAR *out_desc;
 {
     struct inflate_state FAR *state;
-    unsigned char FAR *next;    /* next input */
+    unsigned const char FAR *next; /* next input */
     unsigned char FAR *put;     /* next output */
     unsigned have, left;        /* available input and output */
     unsigned long hold;         /* bit buffer */
@@ -308,7 +308,7 @@ void FAR *out_desc;
                 state->mode = TABLE;
                 break;
             case 3:
-                strm->msg = (char *)"invalid block type";
+                strm->msg = "invalid block type";
                 state->mode = BAD;
             }
             DROPBITS(2);
@@ -319,7 +319,7 @@ void FAR *out_desc;
             BYTEBITS();                         /* go to byte boundary */
             NEEDBITS(32);
             if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
-                strm->msg = (char *)"invalid stored block lengths";
+                strm->msg = "invalid stored block lengths";
                 state->mode = BAD;
                 break;
             }
@@ -357,7 +357,7 @@ void FAR *out_desc;
             DROPBITS(4);
 #ifndef PKZIP_BUG_WORKAROUND
             if (state->nlen > 286 || state->ndist > 30) {
-                strm->msg = (char *)"too many length or distance symbols";
+                strm->msg = "too many length or distance symbols";
                 state->mode = BAD;
                 break;
             }
@@ -379,7 +379,7 @@ void FAR *out_desc;
             ret = inflate_table(CODES, state->lens, 19, &(state->next),
                                 &(state->lenbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid code lengths set";
+                strm->msg = "invalid code lengths set";
                 state->mode = BAD;
                 break;
             }
@@ -403,7 +403,7 @@ void FAR *out_desc;
                         NEEDBITS(this.bits + 2);
                         DROPBITS(this.bits);
                         if (state->have == 0) {
-                            strm->msg = (char *)"invalid bit length repeat";
+                            strm->msg = "invalid bit length repeat";
                             state->mode = BAD;
                             break;
                         }
@@ -426,7 +426,7 @@ void FAR *out_desc;
                         DROPBITS(7);
                     }
                     if (state->have + copy > state->nlen + state->ndist) {
-                        strm->msg = (char *)"invalid bit length repeat";
+                        strm->msg = "invalid bit length repeat";
                         state->mode = BAD;
                         break;
                     }
@@ -445,7 +445,7 @@ void FAR *out_desc;
             ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
                                 &(state->lenbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid literal/lengths set";
+                strm->msg = "invalid literal/lengths set";
                 state->mode = BAD;
                 break;
             }
@@ -454,7 +454,7 @@ void FAR *out_desc;
             ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
                             &(state->next), &(state->distbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid distances set";
+                strm->msg = "invalid distances set";
                 state->mode = BAD;
                 break;
             }
@@ -512,7 +512,7 @@ void FAR *out_desc;
 
             /* invalid code */
             if (this.op & 64) {
-                strm->msg = (char *)"invalid literal/length code";
+                strm->msg = "invalid literal/length code";
                 state->mode = BAD;
                 break;
             }
@@ -544,7 +544,7 @@ void FAR *out_desc;
             }
             DROPBITS(this.bits);
             if (this.op & 64) {
-                strm->msg = (char *)"invalid distance code";
+                strm->msg = "invalid distance code";
                 state->mode = BAD;
                 break;
             }
@@ -559,7 +559,7 @@ void FAR *out_desc;
             }
             if (state->offset > state->wsize - (state->whave < state->wsize ?
                                                 left : 0)) {
-                strm->msg = (char *)"invalid distance too far back";
+                strm->msg = "invalid distance too far back";
                 state->mode = BAD;
                 break;
             }

source/lib/zlib/inffast.c

@@ -69,8 +69,8 @@ z_streamp strm;
 unsigned start;         /* inflate()'s starting value for strm->avail_out */
 {
     struct inflate_state FAR *state;
-    unsigned char FAR *in;      /* local strm->next_in */
+    unsigned const char FAR *in;   /* local strm->next_in */
-    unsigned char FAR *last;    /* while in < last, enough input available */
+    unsigned const char FAR *last; /* while in < last, enough input available */
     unsigned char FAR *out;     /* local strm->next_out */
     unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
     unsigned char FAR *end;     /* while out < end, enough space available */
@@ -187,7 +187,7 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
                 if (dist > op) {                /* see if copy from window */
                     op = dist - op;             /* distance back in window */
                     if (op > whave) {
-                        strm->msg = (char *)"invalid distance too far back";
+                        strm->msg = "invalid distance too far back";
                         state->mode = BAD;
                         break;
                     }
@@ -263,7 +263,7 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
                 goto dodist;
             }
             else {
-                strm->msg = (char *)"invalid distance code";
+                strm->msg = "invalid distance code";
                 state->mode = BAD;
                 break;
             }
@@ -278,7 +278,7 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
             break;
         }
         else {
-            strm->msg = (char *)"invalid literal/length code";
+            strm->msg = "invalid literal/length code";
             state->mode = BAD;
             break;
         }

source/lib/zlib/inflate.c

@@ -97,7 +97,7 @@ local int updatewindow OF((z_streamp strm, unsigned out));
 #ifdef BUILDFIXED
    void makefixed OF((void));
 #endif
-local unsigned syncsearch OF((unsigned FAR *have, unsigned char FAR *buf,
+local unsigned syncsearch OF((unsigned FAR *have, unsigned const char FAR *buf,
                               unsigned len));
 
 int ZEXPORT inflateReset2(strm, flags)
@@ -565,7 +565,7 @@ z_streamp strm;
 int flush;
 {
     struct inflate_state FAR *state;
-    unsigned char FAR *next;    /* next input */
+    unsigned const char FAR *next;    /* next input */
     unsigned char FAR *put;     /* next output */
     unsigned have, left;        /* available input and output */
     unsigned long hold;         /* bit buffer */
@@ -617,19 +617,19 @@ int flush;
             if (
 #endif
                 ((BITS(8) << 8) + (hold >> 8)) % 31) {
-                strm->msg = (char *)"incorrect header check";
+                strm->msg = "incorrect header check";
                 state->mode = BAD;
                 break;
             }
             if (BITS(4) != Z_DEFLATED) {
-                strm->msg = (char *)"unknown compression method";
+                strm->msg = "unknown compression method";
                 state->mode = BAD;
                 break;
             }
             DROPBITS(4);
             len = BITS(4) + 8;
             if (len > state->wbits) {
-                strm->msg = (char *)"invalid window size";
+                strm->msg = "invalid window size";
                 state->mode = BAD;
                 break;
             }
@@ -644,12 +644,12 @@ int flush;
             NEEDBITS(16);
             state->flags = (int)(hold);
             if ((state->flags & 0xff) != Z_DEFLATED) {
-                strm->msg = (char *)"unknown compression method";
+                strm->msg = "unknown compression method";
                 state->mode = BAD;
                 break;
             }
             if (state->flags & 0xe000) {
-                strm->msg = (char *)"unknown header flags set";
+                strm->msg = "unknown header flags set";
                 state->mode = BAD;
                 break;
             }
@@ -753,7 +753,7 @@ int flush;
             if (state->flags & 0x0200) {
                 NEEDBITS(16);
                 if (hold != (state->check & 0xffff)) {
-                    strm->msg = (char *)"header crc mismatch";
+                    strm->msg = "header crc mismatch";
                     state->mode = BAD;
                     break;
                 }
@@ -808,7 +808,7 @@ int flush;
                 state->mode = TABLE;
                 break;
             case 3:
-                strm->msg = (char *)"invalid block type";
+                strm->msg = "invalid block type";
                 state->mode = BAD;
             }
             DROPBITS(2);
@@ -817,7 +817,7 @@ int flush;
             BYTEBITS();                         /* go to byte boundary */
             NEEDBITS(32);
             if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
-                strm->msg = (char *)"invalid stored block lengths";
+                strm->msg = "invalid stored block lengths";
                 state->mode = BAD;
                 break;
             }
@@ -853,7 +853,7 @@ int flush;
             DROPBITS(4);
 #ifndef PKZIP_BUG_WORKAROUND
             if (state->nlen > 286 || state->ndist > 30) {
-                strm->msg = (char *)"too many length or distance symbols";
+                strm->msg = "too many length or distance symbols";
                 state->mode = BAD;
                 break;
             }
@@ -875,7 +875,7 @@ int flush;
             ret = inflate_table(CODES, state->lens, 19, &(state->next),
                                 &(state->lenbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid code lengths set";
+                strm->msg = "invalid code lengths set";
                 state->mode = BAD;
                 break;
             }
@@ -899,7 +899,7 @@ int flush;
                         NEEDBITS(this.bits + 2);
                         DROPBITS(this.bits);
                         if (state->have == 0) {
-                            strm->msg = (char *)"invalid bit length repeat";
+                            strm->msg = "invalid bit length repeat";
                             state->mode = BAD;
                             break;
                         }
@@ -922,7 +922,7 @@ int flush;
                         DROPBITS(7);
                     }
                     if (state->have + copy > state->nlen + state->ndist) {
-                        strm->msg = (char *)"invalid bit length repeat";
+                        strm->msg = "invalid bit length repeat";
                         state->mode = BAD;
                         break;
                     }
@@ -941,7 +941,7 @@ int flush;
             ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
                                 &(state->lenbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid literal/lengths set";
+                strm->msg = "invalid literal/lengths set";
                 state->mode = BAD;
                 break;
             }
@@ -950,7 +950,7 @@ int flush;
             ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
                             &(state->next), &(state->distbits), state->work);
             if (ret) {
-                strm->msg = (char *)"invalid distances set";
+                strm->msg = "invalid distances set";
                 state->mode = BAD;
                 break;
             }
@@ -993,7 +993,7 @@ int flush;
                 break;
             }
             if (this.op & 64) {
-                strm->msg = (char *)"invalid literal/length code";
+                strm->msg = "invalid literal/length code";
                 state->mode = BAD;
                 break;
             }
@@ -1025,7 +1025,7 @@ int flush;
             }
             DROPBITS(this.bits);
             if (this.op & 64) {
-                strm->msg = (char *)"invalid distance code";
+                strm->msg = "invalid distance code";
                 state->mode = BAD;
                 break;
             }
@@ -1040,13 +1040,13 @@ int flush;
             }
 #ifdef INFLATE_STRICT
             if (state->offset > state->dmax) {
-                strm->msg = (char *)"invalid distance too far back";
+                strm->msg = "invalid distance too far back";
                 state->mode = BAD;
                 break;
             }
 #endif
             if (state->offset > state->whave + out - left) {
-                strm->msg = (char *)"invalid distance too far back";
+                strm->msg = "invalid distance too far back";
                 state->mode = BAD;
                 break;
             }
@@ -1098,7 +1098,7 @@ int flush;
                      state->flags ? hold :
 #endif
                      REVERSE(hold)) != state->check) {
-                    strm->msg = (char *)"incorrect data check";
+                    strm->msg = "incorrect data check";
                     state->mode = BAD;
                     break;
                 }
@@ -1111,7 +1111,7 @@ int flush;
             if (state->wrap && state->flags) {
                 NEEDBITS(32);
                 if (hold != (state->total & 0xffffffffUL)) {
-                    strm->msg = (char *)"incorrect length check";
+                    strm->msg = "incorrect length check";
                     state->mode = BAD;
                     break;
                 }
@@ -1247,7 +1247,7 @@ gz_headerp head;
  */
 local unsigned syncsearch(have, buf, len)
 unsigned FAR *have;
-unsigned char FAR *buf;
+unsigned const char FAR *buf;
 unsigned len;
 {
     unsigned got;

source/lib/zlib/trees.c

@@ -150,8 +150,8 @@ local void send_tree      OF((deflate_state *s, ct_data *tree, int max_code));
 local int  build_bl_tree  OF((deflate_state *s));
 local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
                               int blcodes));
-local void compress_block OF((deflate_state *s, ct_data *ltree,
+local void compress_block OF((deflate_state *s, const ct_data *ltree,
-                              ct_data *dtree));
+                              const ct_data *dtree));
 local void set_data_type  OF((deflate_state *s));
 local unsigned bi_reverse OF((unsigned value, int length));
 local void bi_windup      OF((deflate_state *s));
@@ -986,7 +986,7 @@ void _tr_flush_block(s, buf, stored_len, eof)
     } else if (s->strategy == Z_FIXED || static_lenb == opt_lenb) {
 #endif
         send_bits(s, (STATIC_TREES<<1)+eof, 3);
-        compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
+        compress_block(s, static_ltree, static_dtree);
 #ifdef DEBUG
         s->compressed_len += 3 + s->static_len;
 #endif
@@ -994,7 +994,7 @@ void _tr_flush_block(s, buf, stored_len, eof)
         send_bits(s, (DYN_TREES<<1)+eof, 3);
         send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
                        max_blindex+1);
-        compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
+        compress_block(s, s->dyn_ltree, s->dyn_dtree);
 #ifdef DEBUG
         s->compressed_len += 3 + s->opt_len;
 #endif
@@ -1071,8 +1071,8 @@ int _tr_tally (s, dist, lc)
  */
 local void compress_block(s, ltree, dtree)
     deflate_state *s;
-    ct_data *ltree; /* literal tree */
+    const ct_data *ltree; /* literal tree */
-    ct_data *dtree; /* distance tree */
+    const ct_data *dtree; /* distance tree */
 {
     unsigned dist;      /* distance of matched string */
     int lc;             /* match length or unmatched char (if dist == 0) */

source/lib/zlib/uncompr.c

@@ -5,8 +5,7 @@
 
 /* @(#) $Id$ */
 
-#define ZLIB_INTERNAL
+#include "zutil.h"
-#include "zlib.h"
 
 /* ===========================================================================
      Decompresses the source buffer into the destination buffer.  sourceLen is
@@ -32,7 +31,7 @@ int ZEXPORT uncompress (dest, destLen, source, sourceLen)
     z_stream stream;
     int err;
 
-    stream.next_in = (Bytef*)source;
+    stream.next_in = source;
     stream.avail_in = (uInt)sourceLen;
     /* Check for source > 64K on 16-bit machine: */
     if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;

source/lib/zlib/zlib.h

@@ -37,8 +37,14 @@
 extern "C" {
 #endif
 
-#define ZLIB_VERSION "1.2.3"
+#define ZLIB_VERSION "1.2.3.1.Samba"
-#define ZLIB_VERNUM 0x1230
+#define ZLIB_VERNUM 0x1231
+/*
+ * Modified for Samba by Stefan Metzmacher <metze@samba.org> 2008
+ *
+ * inflateReset2() added and compiler warnings fixed
+ */
+
 
 /*
      The 'zlib' compression library provides in-memory compression and
@@ -80,7 +86,7 @@ typedef void   (*free_func)  OF((voidpf opaque, voidpf address));
 struct internal_state;
 
 typedef struct z_stream_s {
-    Bytef    *next_in;  /* next input byte */
+    const Bytef *next_in; /* next input byte */
     uInt     avail_in;  /* number of bytes available at next_in */
     uLong    total_in;  /* total nb of input bytes read so far */
 
@@ -88,7 +94,7 @@ typedef struct z_stream_s {
     uInt     avail_out; /* remaining free space at next_out */
     uLong    total_out; /* total nb of bytes output so far */
 
-    char     *msg;      /* last error message, NULL if no error */
+    const char    *msg; /* last error message, NULL if no error */
     struct internal_state FAR *state; /* not visible by applications */
 
     alloc_func zalloc;  /* used to allocate the internal state */
@@ -210,6 +216,16 @@ typedef gz_header FAR *gz_headerp;
 #define zlib_version zlibVersion()
 /* for compatibility with versions < 1.0.2 */
 
+#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1)
+/** Use gcc attribute to check printf fns.  a1 is the 1-based index of
+ * the parameter containing the format, and a2 the index of the first
+ * argument. Note that some gcc 2.x versions don't handle this
+ * properly **/
+#define _Z_PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2)))
+#else
+#define _Z_PRINTF_ATTRIBUTE(a1, a2)
+#endif
+
                         /* basic functions */
 
 ZEXTERN const char * ZEXPORT zlibVersion OF((void));
@@ -789,8 +805,6 @@ ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
    destination.
 */
 
-ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm, unsigned flags));
-
 ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
 /*
      This function is equivalent to inflateEnd followed by inflateInit,
@@ -889,7 +903,7 @@ ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits,
    match the version of the header file.
 */
 
-typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *));
+typedef unsigned (*in_func) OF((void FAR *, unsigned const char FAR * FAR *));
 typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
 
 ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm,
@@ -1134,7 +1148,8 @@ ZEXTERN int ZEXPORT    gzwrite OF((gzFile file,
    (0 in case of error).
 */
 
-ZEXTERN int ZEXPORTVA   gzprintf OF((gzFile file, const char *format, ...));
+ZEXTERN int ZEXPORTVA   gzprintf OF((gzFile file, const char *format, ...))
+				    _Z_PRINTF_ATTRIBUTE(2, 3);
 /*
      Converts, formats, and writes the args to the compressed file under
    control of the format string, as in fprintf. gzprintf returns the number of

source/lib/zlib/zutil.h

@@ -56,7 +56,7 @@ extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
 #define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
 
 #define ERR_RETURN(strm,err) \
-  return (strm->msg = (char*)ERR_MSG(err), (err))
+  return (strm->msg = ERR_MSG(err), (err))
 /* To be used only when the state is known to be valid */
 
         /* common constants */

source/librpc/config.mk

@@ -43,7 +43,8 @@ MANPAGES += $(librpcsrcdir)/tools/ndrdump.1
 ################################################
 # Start SUBSYSTEM NDR_COMPRESSION
 [SUBSYSTEM::NDR_COMPRESSION]
-PUBLIC_DEPENDENCIES = LIBCOMPRESSION LIBSAMBA-ERRORS LIBNDR
+PRIVATE_DEPENDENCIES = ZLIB LZXPRESS
+PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBNDR
 # End SUBSYSTEM NDR_COMPRESSION
 ################################################
 

source/librpc/ndr/ndr_compression.c

@@ -4,6 +4,7 @@
    libndr compression support
 
    Copyright (C) Stefan Metzmacher 2005
+   Copyright (C) Matthieu Suiche 2008
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,13 +21,24 @@
 */
 
 #include "includes.h"
-#include "lib/compression/mszip.h"
+#include "lib/compression/lzxpress.h"
 #include "librpc/ndr/libndr.h"
 #include "librpc/ndr/ndr_compression.h"
+#include <zlib.h>
+
+static voidpf ndr_zlib_alloc(voidpf opaque, uInt items, uInt size)
+{
+	return talloc_zero_size(opaque, items * size);
+}
+
+static void  ndr_zlib_free(voidpf opaque, voidpf address)
+{
+	talloc_free(address);
+}
 
 static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpull,
 						 struct ndr_push *ndrpush,
-						 struct decomp_state *decomp_state,
+						 z_stream *z,
 						 bool *last)
 {
 	DATA_BLOB comp_chunk;
@@ -35,7 +47,7 @@ static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpu
 	DATA_BLOB plain_chunk;
 	uint32_t plain_chunk_offset;
 	uint32_t plain_chunk_size;
-	int ret;
+	int z_ret;
 
 	NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &plain_chunk_size));
 	if (plain_chunk_size > 0x00008000) {
@@ -58,10 +70,71 @@ static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpu
 	plain_chunk.length = plain_chunk_size;
 	plain_chunk.data = ndrpush->data + plain_chunk_offset;
 
-	ret = ZIPdecompress(decomp_state, &comp_chunk, &plain_chunk);
+	if (comp_chunk.length < 2) {
-	if (ret != DECR_OK) {
+		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
-		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, "Bad ZIPdecompress() error %d (PULL)",
+				      "Bad MSZIP comp chunk size %u < 2 (PULL)",
-				      ret);
+				      (unsigned int)comp_chunk.length);
+	}
+	/* CK = Chris Kirmse, official Microsoft purloiner */
+	if (comp_chunk.data[0] != 'C' ||
+	    comp_chunk.data[1] != 'K') {
+		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+				      "Bad MSZIP invalid prefix [%c%c] != [CK]",
+				      comp_chunk.data[0], comp_chunk.data[1]);
+	}
+
+	z->next_in	= comp_chunk.data + 2;
+	z->avail_in	= comp_chunk.length -2;
+	z->total_in	= 0;
+
+	z->next_out	= plain_chunk.data;
+	z->avail_out	= plain_chunk.length;
+	z->total_out	= 0;
+
+	if (!z->opaque) {
+		/* the first time we need to intialize completely */
+		z->zalloc	= ndr_zlib_alloc;
+		z->zfree	= ndr_zlib_free;
+		z->opaque	= ndrpull;
+
+		z_ret = inflateInit2(z, -15);
+		if (z_ret != Z_OK) {
+			return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+					      "Bad inflateInit2 error %s(%d) (PULL)",
+					      zError(z_ret), z_ret);
+
+		}
+	} else {
+		z_ret = inflateReset2(z, Z_RESET_KEEP_WINDOW);
+		if (z_ret != Z_OK) {
+			return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+					      "Bad inflateReset2 error %s(%d) (PULL)",
+					      zError(z_ret), z_ret);
+		}
+	}
+
+	/* call inflate untill we get Z_STREAM_END or an error */
+	while (true) {
+		z_ret = inflate(z, Z_BLOCK);
+		if (z_ret != Z_OK) break;
+	}
+
+	if (z_ret != Z_STREAM_END) {
+		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+				      "Bad inflate(Z_BLOCK) error %s(%d) (PULL)",
+				      zError(z_ret), z_ret);
+	}
+
+	if (z->avail_in) {
+		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+				      "MSZIP not all avail_in[%u] bytes consumed (PULL)",
+				      z->avail_in);
+	}
+
+	if (z->avail_out) {
+		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+				      "MSZIP not all avail_out[%u] bytes consumed (PULL)",
+				      z->avail_out);
 	}
 
 	if ((plain_chunk_size < 0x00008000) || (ndrpull->offset+4 >= ndrpull->data_size)) {
@@ -83,17 +156,16 @@ static enum ndr_err_code ndr_pull_compression_mszip(struct ndr_pull *subndr,
 	uint32_t payload_size;
 	uint32_t payload_offset;
 	uint8_t *payload;
-	struct decomp_state *decomp_state;
+	z_stream z;
 	bool last = false;
 
 	ndrpush = ndr_push_init_ctx(subndr, subndr->iconv_convenience);
 	NDR_ERR_HAVE_NO_MEMORY(ndrpush);
 
-	decomp_state = ZIPdecomp_state(subndr);
+	ZERO_STRUCT(z);
-	NDR_ERR_HAVE_NO_MEMORY(decomp_state);
 
 	while (!last) {
-		NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, decomp_state, &last));
+		NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, &z, &last));
 	}
 
 	uncompressed = ndr_push_blob(ndrpush);
@@ -158,12 +230,12 @@ static enum ndr_err_code ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp
 						  bool *last)
 {
 	DATA_BLOB comp_chunk;
+	DATA_BLOB plain_chunk;
 	uint32_t comp_chunk_offset;
+	uint32_t plain_chunk_offset;
 	uint32_t comp_chunk_size;
 	uint32_t plain_chunk_size;
 
-	comp_chunk_offset = ndrpull->offset;
-
 	NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &plain_chunk_size));
 	if (plain_chunk_size > 0x00010000) {
 		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION, "Bad XPRESS plain chunk size %08X > 0x00010000 (PULL)", 
@@ -172,15 +244,21 @@ static enum ndr_err_code ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp
 
 	NDR_CHECK(ndr_pull_uint32(ndrpull, NDR_SCALARS, &comp_chunk_size));
 
+	comp_chunk_offset = ndrpull->offset;
 	NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size));
-	comp_chunk.length = comp_chunk_size + 8;
+	comp_chunk.length = comp_chunk_size;
 	comp_chunk.data = ndrpull->data + comp_chunk_offset;
 
+	plain_chunk_offset = ndrpush->offset;
+	NDR_CHECK(ndr_push_zero(ndrpush, plain_chunk_size));
+	plain_chunk.length = plain_chunk_size;
+	plain_chunk.data = ndrpush->data + plain_chunk_offset;
+
 	DEBUG(10,("XPRESS plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n",
 		  plain_chunk_size, plain_chunk_size, comp_chunk_size, comp_chunk_size));
 
-	/* For now, we just copy over the compressed blob */
+	/* Uncompressing the buffer using LZ Xpress algorithm */
-	NDR_CHECK(ndr_push_bytes(ndrpush, comp_chunk.data, comp_chunk.length));
+	lzxpress_decompress(&comp_chunk, &plain_chunk);
 
 	if ((plain_chunk_size < 0x00010000) || (ndrpull->offset+4 >= ndrpull->data_size)) {
 		/* this is the last chunk */
@@ -197,6 +275,10 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr,
 	struct ndr_push *ndrpush;
 	struct ndr_pull *comndr;
 	DATA_BLOB uncompressed;
+	uint32_t payload_header[4];
+	uint32_t payload_size;
+	uint32_t payload_offset;
+	uint8_t *payload;
 	bool last = false;
 
 	ndrpush = ndr_push_init_ctx(subndr, subndr->iconv_convenience);
@@ -207,6 +289,13 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr,
 	}
 
 	uncompressed = ndr_push_blob(ndrpush);
+	if (uncompressed.length != decompressed_len) {
+		return ndr_pull_error(subndr, NDR_ERR_COMPRESSION,
+				      "Bad XPRESS uncompressed_len [%u] != [%u](0x%08X) (PULL)",
+				      (int)uncompressed.length,
+				      (int)decompressed_len,
+				      (int)decompressed_len);
+	}
 
 	comndr = talloc_zero(subndr, struct ndr_pull);
 	NDR_ERR_HAVE_NO_MEMORY(comndr);
@@ -219,6 +308,38 @@ static enum ndr_err_code ndr_pull_compression_xpress(struct ndr_pull *subndr,
 
 	comndr->iconv_convenience = talloc_reference(comndr, subndr->iconv_convenience);
 
+	NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[0]));
+	NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[1]));
+	NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[2]));
+	NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[3]));
+
+	if (payload_header[0] != 0x00081001) {
+		return ndr_pull_error(subndr, NDR_ERR_COMPRESSION,
+				      "Bad XPRESS payload_header[0] [0x%08X] != [0x00081001] (PULL)",
+				      payload_header[0]);
+	}
+	if (payload_header[1] != 0xCCCCCCCC) {
+		return ndr_pull_error(subndr, NDR_ERR_COMPRESSION,
+				      "Bad XPRESS payload_header[1] [0x%08X] != [0xCCCCCCCC] (PULL)",
+				      payload_header[1]);
+	}
+
+	payload_size = payload_header[2];
+
+	if (payload_header[3] != 0x00000000) {
+		return ndr_pull_error(subndr, NDR_ERR_COMPRESSION,
+				      "Bad XPRESS payload_header[3] [0x%08X] != [0x00000000] (PULL)",
+				      payload_header[3]);
+	}
+
+	payload_offset = comndr->offset;
+	NDR_CHECK(ndr_pull_advance(comndr, payload_size));
+	payload = comndr->data + payload_offset;
+
+	comndr->data		= payload;
+	comndr->data_size	= payload_size;
+	comndr->offset		= 0;
+
 	*_comndr = comndr;
 	return NDR_ERR_SUCCESS;
 }

source/ntp_signd/ntp_signd.c

@@ -123,7 +123,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 	struct signed_reply signed_reply;
 	enum ndr_err_code ndr_err;
 	struct ldb_result *res;
-	const char *attrs[] = { "unicodePwd", "userAccountControl", NULL };
+	const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL };
 	struct MD5Context ctx;
 	struct samr_Password *nt_hash;
 	uint32_t user_account_control;
@@ -168,7 +168,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 
 	ret = ldb_search_exp_fmt(ntp_signdconn->ntp_signd->samdb, tmp_ctx,
 				 &res, samdb_base_dn(ntp_signdconn->ntp_signd->samdb),
-				 LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=computer))",
+				 LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=user))",
 				 dom_sid_string(tmp_ctx, sid));
 	if (ret != LDB_SUCCESS) {
 		DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: %s\n", dom_sid_string(tmp_ctx, sid),
@@ -188,7 +188,13 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 	user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
 
 	if (user_account_control & UF_ACCOUNTDISABLE) {
-		DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid)));
+		DEBUG(1, ("Account %s for SID [%s] is disabled\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!(user_account_control & (UF_INTERDOMAIN_TRUST_ACCOUNT|UF_SERVER_TRUST_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT))) {
+		DEBUG(1, ("Account %s for SID [%s] is not a trust account\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid)));
 		talloc_free(tmp_ctx);
 		return NT_STATUS_ACCESS_DENIED;
 	}

source/scripting/python/samba/provision.py

@@ -76,7 +76,9 @@ class ProvisionPaths(object):
         self.memberofconf = None
         self.fedoradsinf = None
         self.fedoradspartitions = None
- 
+	self.olmmron = None
+	self.olmmrserveridsconf = None
+	self.olmmrsyncreplconf = None
 
 class ProvisionNames(object):
     def __init__(self):
@@ -241,9 +243,13 @@ def provision_paths_from_lp(lp, dnsdomain):
     paths.memberofconf = os.path.join(paths.ldapdir, 
                                       "memberof.conf")
     paths.fedoradsinf = os.path.join(paths.ldapdir, 
-                                   "fedorads.inf")
+                                     "fedorads.inf")
     paths.fedoradspartitions = os.path.join(paths.ldapdir, 
                                             "fedorads-partitions.ldif")
+    paths.olmmrserveridsconf = os.path.join(paths.ldapdir, 
+                                            "mmr_serverids.conf")
+    paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, 
+                                           "mmr_syncrepl.conf")
     paths.hklm = "hklm.ldb"
     paths.hkcr = "hkcr.ldb"
     paths.hkcu = "hkcu.ldb"
@@ -331,7 +337,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=
     names.hostname = hostname
     names.sitename = sitename
     names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn)
-    
+ 
     return names
     
 
@@ -617,7 +623,17 @@ def setup_templatesdb(path, setup_path, session_info, credentials, lp):
     """
     templates_ldb = SamDB(path, session_info=session_info,
                           credentials=credentials, lp=lp)
-    templates_ldb.erase()
+    # Wipes the database
+    try:
+        templates_ldb.erase()
+    except:
+        os.unlink(path)
+
+    templates_ldb.load_ldif_file_add(setup_path("provision_templates_init.ldif"))
+
+    templates_ldb = SamDB(path, session_info=session_info,
+                          credentials=credentials, lp=lp)
+
     templates_ldb.load_ldif_file_add(setup_path("provision_templates.ldif"))
 
 
@@ -1141,7 +1157,8 @@ def provision_backend(setup_dir=None, message=None,
                       smbconf=None, targetdir=None, realm=None, 
                       rootdn=None, domaindn=None, schemadn=None, configdn=None,
                       domain=None, hostname=None, adminpass=None, root=None, serverrole=None, 
-                      ldap_backend_type=None, ldap_backend_port=None):
+                      ldap_backend_type=None, ldap_backend_port=None,
+		      ol_mmr_urls=None):
 
     def setup_path(file):
         return os.path.join(setup_dir, file)
@@ -1255,7 +1272,51 @@ def provision_backend(setup_dir=None, message=None,
 
         refint_config = read_and_sub_file(setup_path("refint.conf"),
                                             { "LINK_ATTRS" : refint_attributes})
-    
+
+# generate serverids, ldap-urls and syncrepl-blocks for mmr hosts
+	mmr_on_config = ""
+	mmr_serverids_config = ""
+        mmr_syncrepl_schema_config = "" 
+	mmr_syncrepl_config_config = "" 
+	mmr_syncrepl_user_config = "" 
+	
+	if ol_mmr_urls is not None:
+		mmr_hosts=filter(None,ol_mmr_urls.split(' ')) 
+                if (len(mmr_hosts) == 1):
+                    mmr_hosts=filter(None,ol_mmr_urls.split(',')) 
+                     
+
+		mmr_on_config = "MirrorMode On"
+ 		
+		z=0
+		for i in mmr_hosts:
+			z=z+1
+			mmr_serverids_config += read_and_sub_file(setup_path("mmr_serverids.conf"),
+								     { "SERVERID" : str(z),
+        		                                               "LDAPSERVER" : i })
+
+			z=z+1
+			mmr_syncrepl_schema_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+								     { 	"RID" : str(z),
+                    							"MMRDN": names.schemadn,
+        		                                               	"LDAPSERVER" : i,
+                                                                        "MMR_PASSWORD": adminpass})
+
+			z=z+1
+			mmr_syncrepl_config_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+								     { 	"RID" : str(z),
+                    							"MMRDN": names.configdn,
+        		                                               	"LDAPSERVER" : i,
+                                                                        "MMR_PASSWORD": adminpass})
+
+			z=z+1
+			mmr_syncrepl_user_config += read_and_sub_file(setup_path("mmr_syncrepl.conf"),
+								     { 	"RID" : str(z),
+                    							"MMRDN": names.domaindn,
+        		                                               	"LDAPSERVER" : i,
+                                                                        "MMR_PASSWORD": adminpass })
+
+
         setup_file(setup_path("slapd.conf"), paths.slapdconf,
                    {"DNSDOMAIN": names.dnsdomain,
                     "LDAPDIR": paths.ldapdir,
@@ -1263,8 +1324,14 @@ def provision_backend(setup_dir=None, message=None,
                     "CONFIGDN": names.configdn,
                     "SCHEMADN": names.schemadn,
                     "MEMBEROF_CONFIG": memberof_config,
+                    "MIRRORMODE": mmr_on_config,
+                    "MMR_SERVERIDS_CONFIG": mmr_serverids_config,
+                    "MMR_SYNCREPL_SCHEMA_CONFIG": mmr_syncrepl_schema_config,
+                    "MMR_SYNCREPL_CONFIG_CONFIG": mmr_syncrepl_config_config,
+                    "MMR_SYNCREPL_USER_CONFIG": mmr_syncrepl_user_config,
+                    "MMR_PASSWORD": adminpass,
                     "REFINT_CONFIG": refint_config})
-        setup_file(setup_path("modules.conf"), paths.modulesconf,
+	setup_file(setup_path("modules.conf"), paths.modulesconf,
                    {"REALM": names.realm})
         
         setup_db_config(setup_path, os.path.join(paths.ldapdir, "db", "user"))

source/setup/mmr_serverids.conf

@@ -0,0 +1,2 @@
+# Generated from template mmr_serverids.conf
+ServerID ${SERVERID} "${LDAPSERVER}"

source/setup/mmr_syncrepl.conf

@@ -0,0 +1,12 @@
+# Generated from template mmr_syncrepl.conf 
+
+syncrepl rid=${RID} 
+	provider="${LDAPSERVER}"
+	searchbase="${MMRDN}"
+	type=refreshAndPersist
+	retry="10 +"
+	bindmethod=simple
+	binddn="CN=Manager,${MMRDN}"
+	credentials="${MMR_PASSWORD}"
+
+	

source/setup/provision-backend

@@ -64,6 +64,9 @@ parser.add_option("--server-role", type="choice", metavar="ROLE",
 		help="Set server role to provision for (default standalone)")
 parser.add_option("--targetdir", type="string", metavar="DIR", 
 		          help="Set target directory")
+parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
+                help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR")
+
 
 opts = parser.parse_args()[0]
 
@@ -99,4 +102,6 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd
 		  adminpass=opts.ldap_admin_pass,
 		  root=opts.root, serverrole=server_role, 
 		  ldap_backend_type=opts.ldap_backend_type,
-		  ldap_backend_port=opts.ldap_backend_port)
+		  ldap_backend_port=opts.ldap_backend_port,
+		  ol_mmr_urls=opts.ol_mmr_urls)
+

source/setup/provision_templates.ldif

@@ -2,16 +2,6 @@
 # Templates to be put in templates.ldb.  Not part of main samdb any more.
 ###
 
-dn: @OPTIONS
-checkBaseOnSearch: TRUE
-
-dn: @INDEXLIST
-@IDXATTR: cn
-
-dn: @ATTRIBUTES
-cn: CASE_INSENSITIVE
-dn: CASE_INSENSITIVE
-
 dn: CN=Templates
 objectClass: top
 objectClass: container

source/setup/provision_templates_init.ldif

@@ -0,0 +1,10 @@
+dn: @OPTIONS
+checkBaseOnSearch: TRUE
+
+dn: @INDEXLIST
+@IDXATTR: cn
+
+dn: @ATTRIBUTES
+cn: CASE_INSENSITIVE
+dn: CASE_INSENSITIVE
+

source/setup/schema-map-openldap-2.3

@@ -39,3 +39,6 @@ modifyTimeStamp:samba4ModifyTimestamp
 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12
 #Treat Security Descriptors as binary
 1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40
+#Treat OIDs as case insensitive strings (as otherwise ldap class and
+#attribute names, declared at OIDs fail 
+1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44

source/setup/slapd.conf

@@ -1,5 +1,10 @@
 loglevel 0
 
+### Multimaster-ServerIDs and URLs ###
+
+${MMR_SERVERIDS_CONFIG}
+
+
 include ${LDAPDIR}/backend-schema.schema
 
 pidfile		${LDAPDIR}/slapd.pid
@@ -52,10 +57,12 @@ suffix		cn=Samba
 directory       ${LDAPDIR}/db/samba
 rootdn          cn=Manager,cn=Samba
 
-
+########################################
+### cn=schema ###
 database        hdb
 suffix		${SCHEMADN}
 rootdn          cn=Manager,${SCHEMADN}
+rootpw		"${MMR_PASSWORD}"
 directory	${LDAPDIR}/db/schema
 index           objectClass eq
 index           samAccountName eq
@@ -64,16 +71,25 @@ index objectCategory eq
 index lDAPDisplayName eq
 index subClassOf eq
 index cn eq
+index entryUUID,entryCSN eq
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We only need this for the contextCSN attribute anyway....
 overlay syncprov
-syncprov-checkpoint 100 10
 syncprov-sessionlog 100
+# syncprov-checkpoint 100 10
 
+
+### Multimaster-Replication of cn=schema Subcontext ###
+${MMR_SYNCREPL_SCHEMA_CONFIG}
+${MIRRORMODE}
+
+#########################################
+### cn=config ###
 database        hdb
 suffix		${CONFIGDN}
 rootdn          cn=Manager,${CONFIGDN}
+rootpw		"${MMR_PASSWORD}"
 directory	${LDAPDIR}/db/config
 index           objectClass eq
 index           samAccountName eq
@@ -85,16 +101,24 @@ index subClassOf eq
 index dnsRoot eq
 index nETBIOSName eq
 index cn eq
+index entryUUID,entryCSN eq
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We only need this for the contextCSN attribute anyway....
 overlay syncprov
-syncprov-checkpoint 100 10
 syncprov-sessionlog 100
+# syncprov-checkpoint 100 10
 
+### Multimaster-Replication of cn=config Subcontext ###
+${MMR_SYNCREPL_CONFIG_CONFIG}
+${MIRRORMODE}
+
+########################################
+### cn=users /base-dn  ###
 database        hdb
 suffix		${DOMAINDN}
 rootdn          cn=Manager,${DOMAINDN}
+rootpw		"${MMR_PASSWORD}"
 directory	${LDAPDIR}/db/user
 index           objectClass eq
 index           samAccountName eq
@@ -110,10 +134,14 @@ index subClassOf eq
 index dnsRoot eq
 index nETBIOSName eq
 index cn eq
+index entryUUID,entryCSN eq
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We only need this for the contextCSN attribute anyway....
 overlay syncprov
-syncprov-checkpoint 100 10
 syncprov-sessionlog 100
+# syncprov-checkpoint 100 10
 
+### Multimaster-Replication of cn=user/base-dn context ###
+${MMR_SYNCREPL_USER_CONFIG}
+${MIRRORMODE}

source/setup/tests/blackbox_provision-backend.sh

@@ -13,6 +13,7 @@ shift 1
 . `dirname $0`/../../../testprogs/blackbox/subunit.sh
 
 testit "openldap-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend
+testit "openldap-mmr-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls='ldap://localdc1:9000,ldap://localdc2:9000,ldap://localdc3:9000'
 testit "fedora-ds-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=fedora-ds --targetdir=$PREFIX/fedora-ds-backend
 
 reprovision() {

source/utils/ad2oLschema.c

@@ -229,7 +229,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch
 		const char *equality = NULL, *substring = NULL;
 		bool single_value = attribute->isSingleValued;
 
-		const struct dsdb_syntax_map *map = find_syntax_map_by_ad_oid(syntax);
+		const struct dsdb_syntax *map = find_syntax_map_by_ad_syntax(attribute->oMSyntax);
 		char *schema_entry = NULL;
 		int j;
 
@@ -251,7 +251,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch
 			/* We might have been asked to remap this oid,
 			 * due to a conflict, or lack of
 			 * implementation */
-			syntax = map->Standard_OID;
+			syntax = map->ldap_oid;
 			/* We might have been asked to remap this oid, due to a conflict */
 			for (j=0; syntax && oid_map && oid_map[j].old_oid; j++) {
 				if (strcasecmp(syntax, oid_map[j].old_oid) == 0) {

source/utils/oLschema2ldif.c

@@ -31,9 +31,10 @@
  *  Author: Simo Sorce
  */
 
+#include "includes.h"
 #include "ldb_includes.h"
 #include "tools/cmdline.h"
-#include "utils/schema_convert.h"
+#include "dsdb/samdb/samdb.h"
 
 #define SCHEMA_UNKNOWN 0
 #define SCHEMA_NAME 1
@@ -432,12 +433,12 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
 
 		case SCHEMA_SYNTAX:
 		{
-			const struct syntax_map *map = 
+			const struct dsdb_syntax *map = 
 				find_syntax_map_by_standard_oid(token->value);
 			if (!map) {
 				break;
 			}
-			MSG_ADD_STRING("attributeSyntax", map->AD_OID);
+			MSG_ADD_STRING("attributeSyntax", map->attributeSyntax_oid);
 			break;
 		}
 		case SCHEMA_DESC: