5 files changed, 232 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index a41a29b5dd..dc407fbd8a 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -333,3 +333,16 @@ OBJ_FILES = \
 # End MODULE ldb_normalise
 ################################################
 
+################################################
+# Start MODULE ldb_instancetype
+[MODULE::ldb_instancetype]
+INIT_FUNCTION = ldb_instancetype_init
+CFLAGS = -Ilib/ldb/include
+OUTPUT_TYPE = SHARED_LIBRARY
+PRIVATE_DEPENDENCIES = LIBTALLOC
+SUBSYSTEM = LIBLDB
+OBJ_FILES = \
+		instancetype.o
+# End MODULE ldb_instancetype
+################################################
+
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
new file mode 100644
index 0000000000..064c28ec65
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -0,0 +1,128 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce  2004-2006
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb instancetype module
+ *
+ *  Description: add an instanceType onto every new record
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb/include/ldb_includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/flags.h"
+
+/* add_record: add instancetype attribute */
+static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	uint32_t instance_type;
+	int ret;
+	const struct ldb_control *partition_ctrl;
+	const struct dsdb_control_current_partition *partition;
+ 
+
+	ldb_debug(module->ldb, LDB_DEBUG_TRACE, "instancetype_add_record\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
+	if (!partition_ctrl) {
+		ldb_debug_set(module->ldb, LDB_DEBUG_FATAL,
+			      "instancetype_add: no current partition control found");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	partition = talloc_get_type(partition_ctrl->data,
+				    struct dsdb_control_current_partition);
+	SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION);
+
+	down_req = talloc(req, struct ldb_request);
+	if (down_req == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*down_req = *req;
+
+	/* we have to copy the message as the caller might have it as a const */
+	down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message);
+	if (msg == NULL) {
+		talloc_free(down_req);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * TODO: calculate correct instance type
+	 */
+	instance_type = INSTANCE_TYPE_WRITE;
+	if (ldb_dn_compare(partition->dn, msg->dn) == 0) {
+		instance_type |= INSTANCE_TYPE_IS_NC_HEAD;
+		if (ldb_dn_compare(msg->dn, samdb_base_dn(module->ldb)) != 0) {
+			instance_type |= INSTANCE_TYPE_NC_ABOVE;
+		}
+	}
+
+	ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(down_req);
+		ldb_oom(module->ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ldb_set_timeout_from_prev_req(module->ldb, req, down_req);
+
+	/* go on with the call chain */
+	ret = ldb_next_request(module, down_req);
+
+	/* do not free down_req as the call results may be linked to it,
+	 * it will be freed when the upper level request get freed */
+	if (ret == LDB_SUCCESS) {
+		req->handle = down_req->handle;
+	}
+
+	return ret;
+}
+
+static const struct ldb_module_ops instancetype_ops = {
+	.name          = "instancetype",
+	.add           = instancetype_add,
+};
+
+
+int ldb_instancetype_init(void)
+{
+	return ldb_register_module(&instancetype_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 803d24e34e..b3fdffe566 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -279,6 +279,27 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
 	return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn);
 }
 
+struct merge {
+	struct ldb_dn *dn;
+	bool add;
+	bool ignore;
+};
+
+static int merge_cmp(struct merge *merge1, struct merge *merge2) {
+	int ret;
+	ret = ldb_dn_compare(merge1->dn, merge2->dn);
+	if (ret == 0) {
+		if (merge1->add == merge2->add) {
+			return 0;
+		}
+		if (merge1->add == true) {
+			return 1;
+		}
+		return -1;
+	}
+	return ret;
+}
+
 static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) 
 {
 	struct replace_context *ac2 = talloc_get_type(context, struct replace_context);
@@ -296,16 +317,63 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb
 		
 		/* See if this element already exists */
 		if (search_el) {
-			int ret;
+
+			struct merge *merged_list = NULL;
+
+			int ret, size = 0, i;
 			struct ldb_message *msg = ldb_msg_new(ac);
 			if (!msg) {
 				ldb_oom(ac->module->ldb);
 				return LDB_ERR_OPERATIONS_ERROR;
 			}
 
-			/* Lazy option:  Delete and add the elements on all members */
-			msg->num_elements = 1;
-			msg->elements = search_el;
+			/* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */
+			for (i=0; i < search_el->num_values; i++) {
+				merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1);
+				merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)search_el->values[i].data);
+				merged_list[size].add = false;
+				merged_list[size].ignore = false;
+				size++;
+			}
+
+			/* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */
+			for (i=0; i < ac2->el->num_values; i++) {
+				merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1);
+				merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)ac2->el->values[i].data);
+				merged_list[size].add = true;
+				merged_list[size].ignore = false;
+				size++;
+			}
+
+			/* Sort the list, so we can pick out an add and delete for the same DN, and eliminate them */
+			qsort(merged_list, size,
+			      sizeof(*merged_list),
+			      (comparison_fn_t)merge_cmp);
+
+			/* Now things are sorted, it is trivial to mark pairs of DNs as 'ignore' */
+			for (i=0; i + 1 < size; i++) {
+				if (ldb_dn_compare(merged_list[i].dn, 
+						   merged_list[i+1].dn) == 0 
+				    /* Fortunetly the sort also sorts 'add == false' first */
+				    && merged_list[i].add == false
+				    && merged_list[i+1].add == true) {
+
+					/* Mark as ignore, so we include neither in the actual operations */
+					merged_list[i].ignore = true;
+					merged_list[i+1].ignore = true;
+				}
+			}
+
+			/* Arrange to delete anything the search found that we don't re-add */
+			for (i=0; i < size; i++) {
+				if (merged_list[i].ignore == false
+				    && merged_list[i].add == false) {
+					ldb_msg_add_steal_string(msg, search_el->name, 
+								 ldb_dn_get_linearized(merged_list[i].dn));
+				}
+			}
+
+			/* The DN to set on the linked attributes is the original DN of the modify message */
 			msg->dn = ac->orig_req->op.mod.message->dn;
 			
 			ret = setup_modifies(ac->module->ldb, ac2, ac, msg, ares->message->dn, NULL);
@@ -313,13 +381,21 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb
 				return ret;
 			}
 
-			msg->elements = ac2->el;
+			/* Now add links for all the actually new elements */
+			for (i=0; i < size; i++) {
+				if (merged_list[i].ignore == false && merged_list[i].add == true) {
+					ldb_msg_add_steal_string(msg, search_el->name, 
+								 ldb_dn_get_linearized(merged_list[i].dn));
+				}
+			}
 
 			ret = setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ares->message->dn);
 			if (ret != LDB_SUCCESS) {
 				return ret;
 			}
 			
+			talloc_free(merged_list);
+
 		} else {
 			/* Looks like it doesn't exist, process like an 'add' */
 			struct ldb_message *msg = ldb_msg_new(ac);
@@ -411,6 +487,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
 			return LDB_ERR_OBJECT_CLASS_VIOLATION;			
 		}
 
+		/* Replace with new set of values */
 		if (((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE)
 		    && el->num_values > 0) {
 			struct replace_context *ac2 = talloc(ac, struct replace_context);
@@ -461,6 +538,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
 			}
 			
 			continue;
+
+			/* Delete all values case */
 		} else if (((el->flags & LDB_FLAG_MOD_MASK) & (LDB_FLAG_MOD_DELETE|LDB_FLAG_MOD_REPLACE)) 
 			   && el->num_values == 0) {
 			const char **attrs = talloc_array(ac, const char *, 2);
@@ -508,7 +587,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
 			
 			continue;
 		}
-		/* Prepare the modify (mod element) on the targets */
+
+		/* Prepare the modify (mod element) on the targets, for a normal modify request */
 
 		/* For each value being moded, we need to setup the modify */
 		for (j=0; j < el->num_values; j++) {
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index d3beedc689..737475ca78 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -532,6 +532,10 @@ static int objectclass_do_add(struct ldb_handle *h)
 					ldb_msg_add_string(msg, "objectCategory", 
 							   current->objectclass->defaultObjectCategory);
 				}
+				if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (current->objectclass->defaultHidingValue == true)) {
+					ldb_msg_add_string(msg, "showInAdvancedViewOnly", 
+							   "TRUE");
+				}
 				if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
 					DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass);
 					ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index 6e66d0783a..acf2fd622c 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -448,6 +448,7 @@ static const char * const entryuuid_wildcard_attributes[] = {
 	"whenChanged",
 	"usnCreated",
 	"usnChanged",
+	"memberOf",
 	NULL
 };