Merge branch 'master' of git://git.samba.org/samba into minschema

3 files changed, 124 insertions, 15 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 898d913965..7883bccfe7 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -414,6 +414,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
 	struct oc_context *ac;
 	struct ldb_dn *parent_dn;
 	int ret;
+	static const char * const parent_attrs[] = { "objectGUID", NULL };
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -449,7 +450,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
 
 	ret = ldb_build_search_req(&search_req, ldb,
 				   ac, parent_dn, LDB_SCOPE_BASE,
-				   "(objectClass=*)", NULL,
+				   "(objectClass=*)", parent_attrs,
 				   NULL,
 				   ac, get_search_callback,
 				   req);
@@ -500,7 +501,8 @@ static int objectclass_do_add(struct oc_context *ac)
 			return LDB_ERR_UNWILLING_TO_PERFORM;
 		}
 	} else {
-		
+		const struct ldb_val *parent_guid;
+
 		/* Fix up the DN to be in the standard form, taking particular care to match the parent DN */
 		ret = fix_dn(msg, 
 			     ac->req->op.add.message->dn,
@@ -514,10 +516,24 @@ static int objectclass_do_add(struct oc_context *ac)
 			return ret;
 		}
 
+		parent_guid = ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID");
+		if (parent_guid == NULL) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, parent does not have an objectGUID!", 
+					       ldb_dn_get_linearized(msg->dn));
+			talloc_free(mem_ctx);
+			return LDB_ERR_UNWILLING_TO_PERFORM;			
+		}
+
 		/* TODO: Check this is a valid child to this parent,
 		 * by reading the allowedChildClasses and
 		 * allowedChildClasssesEffective attributes */
-
+		ret = ldb_msg_add_steal_value(msg, "parentGUID", discard_const(parent_guid));
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, failed to add parentGUID", 
+					       ldb_dn_get_linearized(msg->dn));
+			talloc_free(mem_ctx);
+			return LDB_ERR_UNWILLING_TO_PERFORM;						
+		}
 	}
 
 	if (schema) {
@@ -974,7 +990,7 @@ static int objectclass_do_rename(struct oc_context *ac);
 
 static int objectclass_rename(struct ldb_module *module, struct ldb_request *req)
 {
-	static const char * const attrs[] = { NULL };
+	static const char * const attrs[] = { "objectGUID", NULL };
 	struct ldb_context *ldb;
 	struct ldb_request *search_req;
 	struct oc_context *ac;
@@ -1007,6 +1023,9 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
 		ldb_oom(ldb);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
+
+	/* note that the results of this search are kept and used to
+	   update the parentGUID in objectclass_rename_callback() */
 	ret = ldb_build_search_req(&search_req, ldb,
 				   ac, parent_dn, LDB_SCOPE_BASE,
 				   "(objectClass=*)",
@@ -1022,6 +1041,66 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req
 	return ldb_next_request(ac->module, search_req);
 }
 
+/* 
+   called after the rename happens. 
+   We now need to fix the parentGUID of the object to be the objectGUID of
+   the new parent 
+*/
+static int objectclass_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+	const struct ldb_val *parent_guid;
+	struct ldb_request *mod_req = NULL;
+	int ret;
+	struct ldb_message *msg;
+	struct ldb_message_element *el = NULL;
+
+	ac = talloc_get_type(req->context, struct oc_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* make sure the rename succeeded */
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+
+	/* the ac->search_res should contain the new parents objectGUID */
+	parent_guid = ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID");
+	if (parent_guid == NULL) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, new parent does not have an objectGUID!", 
+				       ldb_dn_get_linearized(ac->req->op.rename.newdn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+
+	}
+
+	/* construct the modify message */
+	msg = ldb_msg_new(ac);
+	if (msg == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg->dn = ac->req->op.rename.newdn;
+
+	ret = ldb_msg_add_value(msg, "parentGUID", parent_guid, &el);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	ret = ldb_build_mod_req(&mod_req, ldb, ac, msg,
+				NULL, ac, oc_op_callback, req);
+
+	return ldb_next_request(ac->module, mod_req);
+}
+
 static int objectclass_do_rename(struct oc_context *ac)
 {
 	struct ldb_context *ldb;
@@ -1055,7 +1134,7 @@ static int objectclass_do_rename(struct oc_context *ac)
 	ret = ldb_build_rename_req(&rename_req, ldb, ac,
 				   ac->req->op.rename.olddn, fixed_dn,
 				   ac->req->controls,
-				   ac, oc_op_callback,
+				   ac, objectclass_rename_callback,
 				   ac->req);
 	if (ret != LDB_SUCCESS) {
 		return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 56d4c4fe36..5a9926b6d1 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1379,7 +1379,8 @@ static int setup_password_fields(struct setup_password_fields_io *io)
 	if (io->n.cleartext_utf8) {
 		struct samr_Password *lm_hash;
 		char *cleartext_unix;
-		if (convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), 
+		if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm")) &&
+		    convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), 
 							 CH_UTF8, CH_UNIX, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length, 
 							 (void **)&cleartext_unix, &converted_pw_len, false)) {
 			lm_hash = talloc(io->ac, struct samr_Password);
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index fbd8946bb5..a67aecd1e8 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -1202,6 +1202,34 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb
 	} \
 } while (0)
 
+#define GET_STRING_LIST_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
+	int get_string_list_counter;					\
+	struct drsuapi_DsReplicaAttribute *_a; \
+	_a = dsdb_find_object_attr_name(s, r, attr, NULL); \
+	if (strict && !_a) { \
+		d_printf("%s: %s == NULL\n", __location__, attr); \
+		return WERR_INVALID_PARAM; \
+	} \
+	(p)->elem = _a ? talloc_array(mem_ctx, const char *, _a->value_ctr.num_values + 1) : NULL; \
+        for (get_string_list_counter=0;					\
+	     _a && get_string_list_counter < _a->value_ctr.num_values;	\
+	     get_string_list_counter++) {				\
+		size_t _ret;						\
+		if (!convert_string_talloc_convenience(mem_ctx, s->iconv_convenience, CH_UTF16, CH_UNIX, \
+					     _a->value_ctr.values[get_string_list_counter].blob->data, \
+					     _a->value_ctr.values[get_string_list_counter].blob->length, \
+						       (void **)discard_const(&(p)->elem[get_string_list_counter]), &_ret, false)) { \
+			DEBUG(0,("%s: invalid data!\n", attr)); \
+			dump_data(0, \
+				     _a->value_ctr.values[get_string_list_counter].blob->data, \
+				     _a->value_ctr.values[get_string_list_counter].blob->length); \
+			return WERR_FOOBAR; \
+		} \
+		(p)->elem[get_string_list_counter+1] = NULL;		\
+	}								\
+	talloc_steal(mem_ctx, (p)->elem);				\
+} while (0)
+
 #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \
 	struct drsuapi_DsReplicaAttribute *_a; \
 	_a = dsdb_find_object_attr_name(s, r, attr, NULL); \
@@ -1412,17 +1440,18 @@ WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema,
 
 	GET_STRING_DS(schema, r, "subClassOf", mem_ctx, obj, subClassOf, true);
 
-	obj->systemAuxiliaryClass	= NULL;
-	obj->systemPossSuperiors	= NULL;
-	obj->systemMustContain		= NULL;
-	obj->systemMayContain		= NULL;
 
-	obj->auxiliaryClass		= NULL;
-	obj->possSuperiors		= NULL;
-	obj->mustContain		= NULL;
-	obj->mayContain			= NULL;
+	GET_STRING_LIST_DS(schema, r, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass, false);
+	GET_STRING_LIST_DS(schema, r, "auxiliaryClass", mem_ctx, obj, auxiliaryClass, false);
+
+	GET_STRING_LIST_DS(schema, r, "systemMustContain", mem_ctx, obj, systemMustContain, false);
+	GET_STRING_LIST_DS(schema, r, "systemMayContain", mem_ctx, obj, systemMayContain, false);
+	GET_STRING_LIST_DS(schema, r, "mustContain", mem_ctx, obj, mustContain, false);
+	GET_STRING_LIST_DS(schema, r, "mayContain", mem_ctx, obj, mayContain, false);
 
-	obj->possibleInferiors          = NULL;
+	GET_STRING_LIST_DS(schema, r, "systemPossSuperiors", mem_ctx, obj, systemPossSuperiors, false);
+	GET_STRING_LIST_DS(schema, r, "possSuperiors", mem_ctx, obj, possSuperiors, false);
+	GET_STRING_LIST_DS(schema, r, "possibleInferiors", mem_ctx, obj, possibleInferiors, false);
 
 	GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);