The branch, master has been updated via 3055ead... s4:torture/ldap/basic.c - add more error code/messages tests via 7cbe303... s4:ldap_backend.c - more customisations to match Windows Server error behaviour on renames via e315ace... ldb:ldb_dn.c - don't support "ldb_dn_add_child" on a "" parent DN via bce8017... s4:python/samba/__init__.py - now specify the "relax" control for the delete operation before the provision via c0538a0... ldb:api.py - add a small test for the enhanced "py_ldb_delete" syntax via ca34ffa... ldb:python bindings - some small cleanup & improvements in "py_ldb_add" via 2aeea4b... ldb:python bindings - let also "py_ldb_delete" support controls via d16697d... s4:objectclass LDB module - disable delete operations when "SYSTEM_FLAG_DISALLOW_DELETE" is specified via 46bcf88... s4:rootdse LDB module - strip trailing whitespaces via 7f46a91... s4:rootdse LDB module - protect add and delete operations on the rootdse entry via 72e14ea... s4:rootdse LDB module - Return "UNWILLING_TO_PERFORM" when no attribute fits on a change via 2af67a3... s4:rootdse LDB module - refactor error messages via a438123... s4:objectclass LDB module - use the old DN when displaying error messages via ee2bb44... s4:objectclass LDB module - add a better message when the parent DN is invalid via 04890bb... s4:objectclass LDB module - add an error message when someone tries to add entries without objectclasses via 9da8b06... s4:objectclass LDB module - handle the case when there is a retry to add the root basedn from 24930aa... wafsamba: Use octal modes directly rather than constants.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3055ead4cff55895917ca88c3fb91c89da34ad5f Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu Jun 17 15:39:06 2010 +0200 s4:torture/ldap/basic.c - add more error code/messages tests And now we do match at least the LDAP error code (the WERROR one does still differ from Windows - we will see how to change that). commit 7cbe3035d9f0d534d017f65fa2250011c45bb415 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sat Jun 19 14:58:31 2010 +0200 s4:ldap_backend.c - more customisations to match Windows Server error behaviour on renames commit e315aceda357711284da08094f80b1e03346fef0 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sat Jun 19 14:49:23 2010 +0200 ldb:ldb_dn.c - don't support "ldb_dn_add_child" on a "" parent DN It's meaningless and could end in DNs as "cn=child,". commit bce8017ca9f64ce8e3bf94312d69f97e87d3d41a Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 22:20:22 2010 +0200 s4:python/samba/__init__.py - now specify the "relax" control for the delete operation before the provision commit c0538a006d5381f3bc17d90f873e791d35bbde17 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 22:17:54 2010 +0200 ldb:api.py - add a small test for the enhanced "py_ldb_delete" syntax commit ca34ffaaac4cc98dc600cb8b5bc6e8ecf93f7492 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 22:08:58 2010 +0200 ldb:python bindings - some small cleanup & improvements in "py_ldb_add" Also to make it similar to "py_ldb_delete". commit 2aeea4bb4d214675334da7c45e896d88ccb85832 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 22:04:07 2010 +0200 ldb:python bindings - let also "py_ldb_delete" support controls commit d16697df4908de57a379796e22c82929b8422b92 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 21:35:43 2010 +0200 s4:objectclass LDB module - disable delete operations when "SYSTEM_FLAG_DISALLOW_DELETE" is specified commit 46bcf883bfe07d50b1009f1878093d8643d70a95 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 21:13:39 2010 +0200 s4:rootdse LDB module - strip trailing whitespaces commit 7f46a91e7764766460cb374b5cc65e769184d91f Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 21:10:19 2010 +0200 s4:rootdse LDB module - protect add and delete operations on the rootdse entry commit 72e14ea8bd47695dcdf1a3c8ee3a017c6d2e4d5c Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 20:53:25 2010 +0200 s4:rootdse LDB module - Return "UNWILLING_TO_PERFORM" when no attribute fits on a change commit 2af67a3602528f55f3fb871bac0bc15ee88df702 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Fri Jun 18 20:52:33 2010 +0200 s4:rootdse LDB module - refactor error messages Fix indentations, use "set_errstring" when no "asprintf" functionality required. commit a4381239ba364ad025308e9b8f310942dde36db8 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sat Jun 19 17:47:22 2010 +0200 s4:objectclass LDB module - use the old DN when displaying error messages commit ee2bb4474f38ce3c8d7a641059ca85cde1a12e9c Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sat Jun 19 17:46:57 2010 +0200 s4:objectclass LDB module - add a better message when the parent DN is invalid commit 04890bb750ba900e8ee476690e8f882676217c72 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu Jun 17 15:32:48 2010 +0200 s4:objectclass LDB module - add an error message when someone tries to add entries without objectclasses commit 9da8b06112257f87860e31273c9d3128bc811371 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu Jun 17 15:17:05 2010 +0200 s4:objectclass LDB module - handle the case when there is a retry to add the root basedn This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a very special referral: one with the DN itself and the hostname is the last component value of the DN. ----------------------------------------------------------------------- Summary of changes: source4/dsdb/samdb/ldb_modules/objectclass.c | 127 ++++++++++- source4/dsdb/samdb/ldb_modules/rootdse.c | 142 ++++++++----- source4/ldap_server/ldap_backend.c | 29 ++-- source4/lib/ldb/common/ldb_dn.c | 7 + source4/lib/ldb/pyldb.c | 83 ++++++-- source4/lib/ldb/tests/python/api.py | 9 + source4/scripting/python/samba/__init__.py | 10 +- source4/torture/ldap/basic.c | 294 +++++++++++++++++++++++--- 8 files changed, 568 insertions(+), 133 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index e5769a6..ed97a7d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -360,6 +360,8 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) struct ldb_request *search_req; struct oc_context *ac; struct ldb_dn *parent_dn; + const struct ldb_val *val; + char *value; int ret; static const char * const parent_attrs[] = { "objectGUID", "objectClass", NULL }; @@ -372,9 +374,34 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* the objectClass must be specified on add */ - if (ldb_msg_find_element(req->op.add.message, - "objectClass") == NULL) { + /* An add operation on the root basedn has a special handling when the + * relax control isn't specified. */ + if (ldb_dn_compare(ldb_get_root_basedn(ldb), req->op.add.message->dn) == 0) { + if (ldb_request_get_control(req, + LDB_CONTROL_RELAX_OID) == NULL) { + /* When we are trying to readd the root basedn then + * this is denied, but with an interesting mechanism: + * there is generated a referral with the last + * component value as hostname. */ + val = ldb_dn_get_component_val(req->op.add.message->dn, + ldb_dn_get_comp_num(req->op.add.message->dn) - 1); + if (val == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + value = talloc_asprintf(req, "ldap://%s/%s", val->data, + ldb_dn_get_linearized(req->op.add.message->dn)); + if (value == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_module_send_referral(req, value); + } + } + + /* the various objectclasses must be specified on add operations */ + if (ldb_msg_find_element(req->op.add.message, "objectClass") == NULL) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, no objectclass specified!", + ldb_dn_get_linearized(req->op.add.message->dn)); return LDB_ERR_OBJECT_CLASS_VIOLATION; } @@ -1027,8 +1054,9 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req parent_dn = ldb_dn_get_parent(ac, req->op.rename.newdn); if (parent_dn == NULL) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, the parent DN does not exist!", + ldb_dn_get_linearized(req->op.rename.olddn)); + return LDB_ERR_NO_SUCH_OBJECT; } /* this looks up the parent object for fetching some important @@ -1072,7 +1100,7 @@ static int objectclass_do_rename(struct oc_context *ac) * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */ if (ac->search_res == NULL) { ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, parent does not exist!", - ldb_dn_get_linearized(ac->req->op.rename.newdn)); + ldb_dn_get_linearized(ac->req->op.rename.olddn)); return LDB_ERR_OTHER; } @@ -1112,7 +1140,7 @@ static int objectclass_do_rename2(struct oc_context *ac) * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */ if (ac->search_res == NULL) { ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, entry does not exist!", - ldb_dn_get_linearized(ac->req->op.rename.newdn)); + ldb_dn_get_linearized(ac->req->op.rename.olddn)); return LDB_ERR_NO_SUCH_OBJECT; } @@ -1214,10 +1242,84 @@ static int objectclass_do_rename2(struct oc_context *ac) return ldb_next_request(ac->module, rename_req); } +static int objectclass_do_delete(struct oc_context *ac); + +static int objectclass_delete(struct ldb_module *module, struct ldb_request *req) +{ + static const char * const attrs[] = { "systemFlags", NULL }; + struct ldb_context *ldb; + struct ldb_request *search_req; + struct oc_context *ac; + int ret; + + ldb = ldb_module_get_ctx(module); + + ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_delete\n"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.del.dn)) { + return ldb_next_request(module, req); + } + + /* Bypass the "systemFlags" checks when we do have the "RELAX" control + * set. */ + if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID) != NULL) { + return ldb_next_request(module, req); + } + + ac = oc_init_context(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* this looks up the entry object for fetching some important + * informations (systemFlags...) */ + ret = ldb_build_search_req(&search_req, ldb, + ac, req->op.del.dn, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + ac, get_search_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->step_fn = objectclass_do_delete; + + return ldb_next_request(ac->module, search_req); +} + +static int objectclass_do_delete(struct oc_context *ac) +{ + struct ldb_context *ldb; + int32_t systemFlags; + + ldb = ldb_module_get_ctx(ac->module); + + /* Check if we have a valid entry - this check is needed since + * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */ + if (ac->search_res == NULL) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, entry does not exist!", + ldb_dn_get_linearized(ac->req->op.del.dn)); + return LDB_ERR_NO_SUCH_OBJECT; + } + + systemFlags = ldb_msg_find_attr_as_int(ac->search_res->message, + "systemFlags", 0); + if ((systemFlags & SYSTEM_FLAG_DISALLOW_DELETE) != 0) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it isn't permitted!", + ldb_dn_get_linearized(ac->req->op.del.dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + return ldb_next_request(ac->module, ac->req); +} + static int objectclass_init(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); int ret; + /* Init everything else */ ret = ldb_next_init(module); if (ret != LDB_SUCCESS) { @@ -1231,9 +1333,10 @@ static int objectclass_init(struct ldb_module *module) } _PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { - .name = "objectclass", - .add = objectclass_add, - .modify = objectclass_modify, - .rename = objectclass_rename, - .init_context = objectclass_init + .name = "objectclass", + .add = objectclass_add, + .modify = objectclass_modify, + .rename = objectclass_rename, + .del = objectclass_delete, + .init_context = objectclass_init }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index bf56420..2b0e449 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -1,21 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. rootDSE ldb module Copyright (C) Andrew Tridgell 2005 Copyright (C) Simo Sorce 2005-2008 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -153,13 +153,13 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m talloc_free(tmp_ctx); return LDB_SUCCESS; -} - +} + /* add dynamically generated attributes to rootDSE result */ -static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, +static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs, struct ldb_request *req) { struct ldb_context *ldb; @@ -189,7 +189,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms ldb_msg_remove_attr(msg, "name"); if (do_attribute(attrs, "currentTime")) { - if (ldb_msg_add_steal_string(msg, "currentTime", + if (ldb_msg_add_steal_string(msg, "currentTime", ldb_timestring(msg, time(NULL))) != 0) { goto failed; } @@ -220,7 +220,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } - server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanims"), + server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanims"), char *); if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) { unsigned int i; @@ -240,7 +240,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms uint64_t seq_num; int ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num); if (ret == LDB_SUCCESS) { - if (ldb_msg_add_fmt(msg, "highestCommittedUSN", + if (ldb_msg_add_fmt(msg, "highestCommittedUSN", "%llu", (unsigned long long)seq_num) != 0) { goto failed; } @@ -255,7 +255,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms n++; } - if (ldb_msg_add_fmt(msg, "dsSchemaAttrCount", + if (ldb_msg_add_fmt(msg, "dsSchemaAttrCount", "%u", n) != 0) { goto failed; } @@ -269,14 +269,14 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms n++; } - if (ldb_msg_add_fmt(msg, "dsSchemaClassCount", + if (ldb_msg_add_fmt(msg, "dsSchemaClassCount", "%u", n) != 0) { goto failed; } } if (schema && do_attribute_explicit(attrs, "dsSchemaPrefixCount")) { - if (ldb_msg_add_fmt(msg, "dsSchemaPrefixCount", + if (ldb_msg_add_fmt(msg, "dsSchemaPrefixCount", "%u", schema->prefixmap->length) != 0) { goto failed; } @@ -320,14 +320,14 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } if (do_attribute_explicit(attrs, "vendorVersion")) { - if (ldb_msg_add_fmt(msg, "vendorVersion", + if (ldb_msg_add_fmt(msg, "vendorVersion", "%s", SAMBA_VERSION_STRING) != 0) { goto failed; } } if (priv && do_attribute(attrs, "domainFunctionality")) { - if (ldb_msg_add_fmt(msg, "domainFunctionality", + if (ldb_msg_add_fmt(msg, "domainFunctionality", "%d", dsdb_functional_level(ldb)) != 0) { goto failed; } @@ -335,7 +335,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms if (priv && do_attribute(attrs, "forestFunctionality") && (val = talloc_get_type(ldb_get_opaque(ldb, "forestFunctionality"), int))) { - if (ldb_msg_add_fmt(msg, "forestFunctionality", + if (ldb_msg_add_fmt(msg, "forestFunctionality", "%d", *val) != 0) { goto failed; } @@ -343,7 +343,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms if (priv && do_attribute(attrs, "domainControllerFunctionality") && (val = talloc_get_type(ldb_get_opaque(ldb, "domainControllerFunctionality"), int))) { - if (ldb_msg_add_fmt(msg, "domainControllerFunctionality", + if (ldb_msg_add_fmt(msg, "domainControllerFunctionality", "%d", *val) != 0) { goto failed; } @@ -633,7 +633,7 @@ static int rootdse_init(struct ldb_module *module) LDB_SCOPE_BASE, attrs, NULL); if (ret == LDB_SUCCESS && res->count == 1) { int domain_behaviour_version - = ldb_msg_find_attr_as_int(res->msgs[0], + = ldb_msg_find_attr_as_int(res->msgs[0], "msDS-Behavior-Version", -1); if (domain_behaviour_version != -1) { int *val = talloc(ldb, int); @@ -656,7 +656,7 @@ static int rootdse_init(struct ldb_module *module) LDB_SCOPE_BASE, attrs, NULL); if (ret == LDB_SUCCESS && res->count == 1) { int forest_behaviour_version - = ldb_msg_find_attr_as_int(res->msgs[0], + = ldb_msg_find_attr_as_int(res->msgs[0], "msDS-Behavior-Version", -1); if (forest_behaviour_version != -1) { int *val = talloc(ldb, int); @@ -679,14 +679,14 @@ static int rootdse_init(struct ldb_module *module) LDB_SCOPE_BASE, ds_attrs, NULL); if (ret == LDB_SUCCESS && res->count == 1) { struct ldb_dn *ds_dn - = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0], + = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0], "dsServiceName"); if (ds_dn) { - ret = ldb_search(ldb, mem_ctx, &res, ds_dn, + ret = ldb_search(ldb, mem_ctx, &res, ds_dn, LDB_SCOPE_BASE, attrs, NULL); if (ret == LDB_SUCCESS && res->count == 1) { int domain_controller_behaviour_version - = ldb_msg_find_attr_as_int(res->msgs[0], + = ldb_msg_find_attr_as_int(res->msgs[0], "msDS-Behavior-Version", -1); if (domain_controller_behaviour_version != -1) { int *val = talloc(ldb, int); @@ -696,7 +696,7 @@ static int rootdse_init(struct ldb_module *module) return LDB_ERR_OPERATIONS_ERROR; } *val = domain_controller_behaviour_version; - ret = ldb_set_opaque(ldb, + ret = ldb_set_opaque(ldb, "domainControllerFunctionality", val); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); @@ -708,7 +708,7 @@ static int rootdse_init(struct ldb_module *module) } talloc_free(mem_ctx); - + return LDB_SUCCESS; } @@ -729,28 +729,28 @@ static int get_optional_feature_dn_guid(struct ldb_request *req, struct ldb_cont ldb_val_str = ldb_msg_find_attr_as_string(msg, "enableOptionalFeature", NULL); if (!ldb_val_str) { - ldb_asprintf_errstring(ldb, - "rootdse: unable to find enableOptionalFeature\n"); + ldb_set_errstring(ldb, + "rootdse: unable to find 'enableOptionalFeature'!"); return LDB_ERR_UNWILLING_TO_PERFORM; } guid = strchr(ldb_val_str, ':'); if (!guid) { - ldb_asprintf_errstring(ldb, - "rootdse: unable to find GUID in enableOptionalFeature\n"); + ldb_set_errstring(ldb, + "rootdse: unable to find GUID in 'enableOptionalFeature'!"); return LDB_ERR_UNWILLING_TO_PERFORM; } status = GUID_from_string(guid+1, op_feature_guid); if (!NT_STATUS_IS_OK(status)) { - ldb_asprintf_errstring(ldb, - "rootdse: bad GUID in enableOptionalFeature\n"); + ldb_set_errstring(ldb, + "rootdse: bad GUID in 'enableOptionalFeature'!"); return LDB_ERR_UNWILLING_TO_PERFORM; } dn = talloc_strndup(tmp_ctx, ldb_val_str, guid-ldb_val_str); if (!dn) { - ldb_asprintf_errstring(ldb, - "rootdse: bad DN in enableOptionalFeature\n"); + ldb_set_errstring(ldb, + "rootdse: bad DN in 'enableOptionalFeature'!"); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -787,8 +787,8 @@ static int dsdb_find_optional_feature(struct ldb_module *module, struct ldb_cont } if (res->count != 1) { ldb_asprintf_errstring(ldb, - "More than one object found matching optional feature GUID %s\n", - GUID_string(tmp_ctx, &op_feature_guid)); + "More than one object found matching optional feature GUID %s\n", + GUID_string(tmp_ctx, &op_feature_guid)); talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -813,16 +813,15 @@ static int rootdse_enable_recycle_bin(struct ldb_module *module,struct ldb_conte ret = ldb_msg_find_attr_as_int(op_feature_msg, "msDS-RequiredForestBehaviorVersion", 0); if (domain_func_level < ret){ ldb_asprintf_errstring(ldb, - "rootdse: Domain functional level must be at least %d\n", - ret); + "rootdse_enable_recycle_bin: Domain functional level must be at least %d\n", + ret); return LDB_ERR_UNWILLING_TO_PERFORM; } tmp_ctx = talloc_new(mem_ctx); ntds_settings_dn = samdb_ntds_settings_dn(ldb); if (!ntds_settings_dn) { - ldb_asprintf_errstring(ldb, - __location__ ": Failed to find NTDS settings DN\n"); + DEBUG(0, (__location__ ": Failed to find NTDS settings DN\n")); ret = LDB_ERR_OPERATIONS_ERROR; talloc_free(tmp_ctx); return ret; @@ -845,8 +844,9 @@ static int rootdse_enable_recycle_bin(struct ldb_module *module,struct ldb_conte ret = dsdb_module_modify(module, msg, 0); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb, - "rootdse_enable_recycle_bin: Failed to modify object %s - %s", - ldb_dn_get_linearized(ntds_settings_dn), ldb_errstring(ldb)); + "rootdse_enable_recycle_bin: Failed to modify object %s - %s", + ldb_dn_get_linearized(ntds_settings_dn), + ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } @@ -854,8 +854,10 @@ static int rootdse_enable_recycle_bin(struct ldb_module *module,struct ldb_conte msg->dn = op_feature_scope_dn; ret = dsdb_module_modify(module, msg, 0); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "rootdse_enable_recycle_bin: Failed to modify object %s - %s", - ldb_dn_get_linearized(op_feature_scope_dn), ldb_errstring(ldb)); + ldb_asprintf_errstring(ldb, + "rootdse_enable_recycle_bin: Failed to modify object %s - %s", + ldb_dn_get_linearized(op_feature_scope_dn), + ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } @@ -886,7 +888,7 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r const char *guid_string; if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { - ldb_asprintf_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature"); + ldb_set_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature"); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -898,14 +900,15 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r guid_string = GUID_string(tmp_ctx, &op_feature_guid); if (!guid_string) { - ldb_asprintf_errstring(ldb, "rootdse: bad optional feature GUID"); + ldb_set_errstring(ldb, "rootdse: bad optional feature GUID"); return LDB_ERR_UNWILLING_TO_PERFORM; } ret = dsdb_find_optional_feature(module, ldb, tmp_ctx, op_feature_guid, &op_feature_msg); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ldb, "rootdse: unable to find optional feature for %s - %s", - guid_string, ldb_errstring(ldb)); + ldb_asprintf_errstring(ldb, + "rootdse: unable to find optional feature for %s - %s", + guid_string, ldb_errstring(ldb)); talloc_free(tmp_ctx); return ret; } @@ -915,13 +918,15 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r tmp_ctx, op_feature_scope_dn, op_feature_msg); } else { - ldb_asprintf_errstring(ldb, "rootdse: unknown optional feature %s", + ldb_asprintf_errstring(ldb, + "rootdse: unknown optional feature %s", guid_string); -- Samba Shared Repository