m = ldb.Message()

        m = ldb.Message()

        m.dn = obj.dn

        m.dn = obj.dn

        m['value'] = ldb.MessageElement(forward_vals, ldb.FLAG_MOD_REPLACE, forward_attr)

        m['value'] = ldb.MessageElement(forward_vals, ldb.FLAG_MOD_REPLACE, forward_attr)

                "Failed to fix duplicate links in attribute '%s'" % forward_attr):

                "Failed to fix duplicate links in attribute '%s'" % forward_attr):

            self.report("Fixed duplicate links in attribute '%s'" % (forward_attr))

            self.report("Fixed duplicate links in attribute '%s'" % (forward_attr))

            duplicate_cache_key = "%s:%s" % (str(obj.dn), forward_attr)

            duplicate_cache_key = "%s:%s" % (str(obj.dn), forward_attr)

	ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);

	ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

NOTE: old (due to rename or delete) DN string component for

NOTE: old (due to rename or delete) DN string component for

objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com -

objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com -

<GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;

<GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;

  CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com

  CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com

Change DN to <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;

Change DN to <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;

  CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com?

  CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com?

[y/N/all/none] y

[y/N/all/none] y

Failed to fix old DN string on attribute objectCategory : (16,

Failed to fix old DN string on attribute objectCategory : (16,

"attribute 'objectCategory': no matching attribute value while deleting

"attribute 'objectCategory': no matching attribute value while deleting

attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'")

attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'")

python/samba/dbchecker.py                     | 19 ++++--

python/samba/dbchecker.py                     | 19 ++++--

source4/dsdb/pydsdb.c                         |  1 +

source4/dsdb/pydsdb.c                         |  1 +

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 64 ++++++++++++++++++

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 64 ++++++++++++++++++

source4/dsdb/samdb/samdb.h                    |  3 +

source4/dsdb/samdb/samdb.h                    |  3 +

...-after-dbcheck-oneway-link-corruption.ldif | 19 ++++++

...-after-dbcheck-oneway-link-corruption.ldif | 19 ++++++

...eck-link-output-oneway-link-corruption.txt |  5 ++

...eck-link-output-oneway-link-corruption.txt |  5 ++

testprogs/blackbox/dbcheck-links.sh           | 65 +++++++++++++++++++

testprogs/blackbox/dbcheck-links.sh           | 65 +++++++++++++++++++

7 files changed, 171 insertions(+), 5 deletions(-)

7 files changed, 171 insertions(+), 5 deletions(-)

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-oneway-link-corruption.ldif

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-oneway-link-corruption.ldif

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-oneway-link-corruption.txt

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-oneway-link-corruption.txt

        m.dn = dn

        m.dn = dn

        m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)

        m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)

        m['new_value'] = ldb.MessageElement(str(dsdb_dn), ldb.FLAG_MOD_ADD, attrname)

        m['new_value'] = ldb.MessageElement(str(dsdb_dn), ldb.FLAG_MOD_ADD, attrname)

                          "Failed to fix old DN string on attribute %s" % (attrname)):

                          "Failed to fix old DN string on attribute %s" % (attrname)):

            self.report("Fixed old DN string on attribute %s" % (attrname))

            self.report("Fixed old DN string on attribute %s" % (attrname))

                                                      res[0].dn, "SID")

                                                      res[0].dn, "SID")

                continue

                continue

            # Now we have checked the GUID and SID, offer to fix old

            # Now we have checked the GUID and SID, offer to fix old

            # backlink).  Samba does not maintain this string

            # backlink).  Samba does not maintain this string

            # otherwise, so we don't increment error_count.

            # otherwise, so we don't increment error_count.

            if reverse_link_name is None:

            if reverse_link_name is None:

                continue

                continue

            # check the reverse_link is correct if there should be one

            # check the reverse_link is correct if there should be one

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

	const struct ldb_message_element *guid_el = NULL;

	const struct ldb_message_element *guid_el = NULL;

	struct ldb_control *sd_propagation_control;

	struct ldb_control *sd_propagation_control;

	struct ldb_control *fix_links_control = NULL;

	struct ldb_control *fix_links_control = NULL;

	struct replmd_private *replmd_private =

	struct replmd_private *replmd_private =

		talloc_get_type(ldb_module_get_private(module), struct replmd_private);

		talloc_get_type(ldb_module_get_private(module), struct replmd_private);

		return ldb_next_request(module, req);

		return ldb_next_request(module, req);

	}

	}

	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");

	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");

	guid_el = ldb_msg_find_element(req->op.mod.message, "objectGUID");

	guid_el = ldb_msg_find_element(req->op.mod.message, "objectGUID");

/* passed by dbcheck to fix duplicate linked attributes (bug #13095) */

/* passed by dbcheck to fix duplicate linked attributes (bug #13095) */

#define DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS "1.3.6.1.4.1.7165.4.3.19.2"

#define DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS "1.3.6.1.4.1.7165.4.3.19.2"

/* passed when importing plain text password on upgrades */

/* passed when importing plain text password on upgrades */

#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"

#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"

    fi

    fi

}

}

dbcheck_dangling_multi_valued() {

dbcheck_dangling_multi_valued() {

    $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes

    $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes

    testit "dbcheck_forward_link_corruption" dbcheck_forward_link_corruption

    testit "dbcheck_forward_link_corruption" dbcheck_forward_link_corruption

    testit "check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption

    testit "check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption

    testit "forward_link_corruption_clean" dbcheck_clean

    testit "forward_link_corruption_clean" dbcheck_clean

    testit "dangling_one_way_link" dangling_one_way_link

    testit "dangling_one_way_link" dangling_one_way_link

    testit "dbcheck_one_way" dbcheck_one_way

    testit "dbcheck_one_way" dbcheck_one_way

    testit "dbcheck_clean2" dbcheck_clean

    testit "dbcheck_clean2" dbcheck_clean

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME

source4/setup/schema_samba4.ldif | 1 +

source4/setup/schema_samba4.ldif | 1 +

1 file changed, 1 insertion(+)

1 file changed, 1 insertion(+)

#Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19

#Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19

#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1

#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1

#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2

#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2

#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20

#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20

#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21

#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21

#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23

#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME

source4/dsdb/samdb/samdb.h | 2 +-

source4/dsdb/samdb/samdb.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

1 file changed, 1 insertion(+), 1 deletion(-)

/* passed by dbcheck to fix duplicate linked attributes (bug #13095) */

/* passed by dbcheck to fix duplicate linked attributes (bug #13095) */

#define DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS "1.3.6.1.4.1.7165.4.3.19.2"

#define DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS "1.3.6.1.4.1.7165.4.3.19.2"

#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME "1.3.6.1.4.1.7165.4.3.19.3"

#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME "1.3.6.1.4.1.7165.4.3.19.3"

/* passed when importing plain text password on upgrades */

/* passed when importing plain text password on upgrades */

samba4.blackbox.test_primary_group test

samba4.blackbox.test_primary_group test

.../samba4.blackbox.test_primary_group        |  2 +

.../samba4.blackbox.test_primary_group        |  2 +

source4/selftest/tests.py                     |  2 +

source4/selftest/tests.py                     |  2 +

testprogs/blackbox/test_primary_group.sh      | 86 +++++++++++++++++++

testprogs/blackbox/test_primary_group.sh      | 86 +++++++++++++++++++

3 files changed, 90 insertions(+)

3 files changed, 90 insertions(+)

create mode 100644 selftest/knownfail.d/samba4.blackbox.test_primary_group

create mode 100644 selftest/knownfail.d/samba4.blackbox.test_primary_group

create mode 100755 testprogs/blackbox/test_primary_group.sh

create mode 100755 testprogs/blackbox/test_primary_group.sh

plantestsuite("samba4.blackbox.samba_tool(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])

plantestsuite("samba4.blackbox.samba_tool(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])

plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])

plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])

if have_heimdal_support:

if have_heimdal_support:

    for env in ["ad_dc_ntvfs", "ad_dc"]:

    for env in ["ad_dc_ntvfs", "ad_dc"]:

        plantestsuite("samba4.blackbox.pkinit(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])

        plantestsuite("samba4.blackbox.pkinit(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])

source4/dsdb/pydsdb.c            | 1 +

source4/dsdb/pydsdb.c            | 1 +

source4/dsdb/samdb/samdb.h       | 3 +++

source4/dsdb/samdb/samdb.h       | 3 +++

source4/setup/schema_samba4.ldif | 1 +

source4/setup/schema_samba4.ldif | 1 +

3 files changed, 5 insertions(+)

3 files changed, 5 insertions(+)

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME);

	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);

/* passed by dbcheck to fix the DN string of a one-way-link (bug #13495) */

/* passed by dbcheck to fix the DN string of a one-way-link (bug #13495) */

#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME "1.3.6.1.4.1.7165.4.3.19.3"

#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME "1.3.6.1.4.1.7165.4.3.19.3"

/* passed when importing plain text password on upgrades */

/* passed when importing plain text password on upgrades */

#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"

#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"

#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1

#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1

#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2

#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2

#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME 1.3.6.1.4.1.7165.4.3.19.3

#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME 1.3.6.1.4.1.7165.4.3.19.3

#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20

#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20

#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21

#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21

#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23

#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23

python/samba/dbchecker.py | 3 ++-

python/samba/dbchecker.py | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)

1 file changed, 2 insertions(+), 1 deletion(-)

    def do_modify(self, m, controls, msg, validate=True):

    def do_modify(self, m, controls, msg, validate=True):

        '''perform a modify with optional verbose output'''

        '''perform a modify with optional verbose output'''

        if self.verbose:

        if self.verbose:

            self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY))

            self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY))

        try:

        try:

            self.samdb.modify(m, controls=controls, validate=validate)

            self.samdb.modify(m, controls=controls, validate=validate)

        except Exception, err:

        except Exception, err:

            if self.in_transaction:

            if self.in_transaction:

python/samba/dbchecker.py | 42 ++++++++++++++++++++++++++++++++++++++-

python/samba/dbchecker.py | 42 ++++++++++++++++++++++++++++++++++++++-

1 file changed, 41 insertions(+), 1 deletion(-)

1 file changed, 41 insertions(+), 1 deletion(-)

        self.fix_all_string_dn_component_mismatch = False

        self.fix_all_string_dn_component_mismatch = False

        self.fix_all_GUID_dn_component_mismatch = False

        self.fix_all_GUID_dn_component_mismatch = False

        self.fix_all_SID_dn_component_mismatch = False

        self.fix_all_SID_dn_component_mismatch = False

        self.fix_all_old_dn_string_component_mismatch = False

        self.fix_all_old_dn_string_component_mismatch = False

        self.fix_all_metadata = False

        self.fix_all_metadata = False

        self.fix_time_metadata = False

        self.fix_time_metadata = False

                          "Failed to fix incorrect DN %s on attribute %s" % (mismatch_type, attrname)):

                          "Failed to fix incorrect DN %s on attribute %s" % (mismatch_type, attrname)):

            self.report("Fixed incorrect DN %s on attribute %s" % (mismatch_type, attrname))

            self.report("Fixed incorrect DN %s on attribute %s" % (mismatch_type, attrname))

    def err_unknown_attribute(self, obj, attrname):

    def err_unknown_attribute(self, obj, attrname):

        '''handle an unknown attribute error'''

        '''handle an unknown attribute error'''

        self.report("ERROR: unknown attribute '%s' in %s" % (attrname, obj.dn))

        self.report("ERROR: unknown attribute '%s' in %s" % (attrname, obj.dn))

                                                      res[0].dn, "GUID")

                                                      res[0].dn, "GUID")

                continue

                continue

                error_count += 1

                error_count += 1

                self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,

                self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,

                                                      res[0].dn, "SID")

                                                      res[0].dn, "SID")

<SID=...> on linked attributes

<SID=...> on linked attributes

.../knownfail.d/samba4.blackbox.dbcheck-links |   6 +

.../knownfail.d/samba4.blackbox.dbcheck-links |   6 +

...ink-output-missing-link-sid-corruption.txt |   8 ++

...ink-output-missing-link-sid-corruption.txt |   8 ++

testprogs/blackbox/dbcheck-links.sh           | 110 ++++++++++++++++++

testprogs/blackbox/dbcheck-links.sh           | 110 ++++++++++++++++++

3 files changed, 124 insertions(+)

3 files changed, 124 insertions(+)

create mode 100644 selftest/knownfail.d/samba4.blackbox.dbcheck-links

create mode 100644 selftest/knownfail.d/samba4.blackbox.dbcheck-links

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-missing-link-sid-corruption.txt

create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-missing-link-sid-corruption.txt

    fi

    fi

}

}

forward_link_corruption() {

forward_link_corruption() {

    #

    #

    # Step1: add a duplicate forward link from

    # Step1: add a duplicate forward link from

    testit "dangling_one_way_link" dangling_one_way_link

    testit "dangling_one_way_link" dangling_one_way_link

    testit "dbcheck_one_way" dbcheck_one_way

    testit "dbcheck_one_way" dbcheck_one_way

    testit "dbcheck_clean2" dbcheck_clean

    testit "dbcheck_clean2" dbcheck_clean

    testit "dangling_one_way_dn" dangling_one_way_dn

    testit "dangling_one_way_dn" dangling_one_way_dn

    testit "deleted_one_way_dn" deleted_one_way_dn

    testit "deleted_one_way_dn" deleted_one_way_dn

    testit "dbcheck_clean3" dbcheck_clean

    testit "dbcheck_clean3" dbcheck_clean

replmd_replicated_request to replmd_modify_handle_linked_attribs()

replmd_replicated_request to replmd_modify_handle_linked_attribs()

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 25 ++++++++-----------

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 25 ++++++++-----------

1 file changed, 10 insertions(+), 15 deletions(-)

1 file changed, 10 insertions(+), 15 deletions(-)

 */

 */

static int replmd_modify_handle_linked_attribs(struct ldb_module *module,

static int replmd_modify_handle_linked_attribs(struct ldb_module *module,

					       struct replmd_private *replmd_private,

					       struct replmd_private *replmd_private,

					       struct ldb_message *msg,

					       struct ldb_message *msg,

					       struct ldb_request *parent)

					       struct ldb_request *parent)

{

{

	struct ldb_result *res;

	struct ldb_result *res;

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	struct ldb_message *old_msg;

	struct ldb_message *old_msg;

	if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) {

	if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) {

		/*

		/*

		 * Nothing special is required for modifying or vanishing links

		 * Nothing special is required for modifying or vanishing links

	if (ret != LDB_SUCCESS) {

	if (ret != LDB_SUCCESS) {

		return ret;

		return ret;

	}

	}

	old_msg = res->msgs[0];

	old_msg = res->msgs[0];

		struct ldb_message_element *old_el, *new_el;

		struct ldb_message_element *old_el, *new_el;

		unsigned int mod_type = LDB_FLAG_MOD_TYPE(el->flags);

		unsigned int mod_type = LDB_FLAG_MOD_TYPE(el->flags);

		const struct dsdb_attribute *schema_attr

		const struct dsdb_attribute *schema_attr

		if (!schema_attr) {

		if (!schema_attr) {

			ldb_asprintf_errstring(ldb,

			ldb_asprintf_errstring(ldb,

					       "%s: attribute %s is not a valid attribute in schema",

					       "%s: attribute %s is not a valid attribute in schema",

		switch (mod_type) {

		switch (mod_type) {

		case LDB_FLAG_MOD_REPLACE:

		case LDB_FLAG_MOD_REPLACE:

			ret = replmd_modify_la_replace(module, replmd_private,

			ret = replmd_modify_la_replace(module, replmd_private,

						       old_msg->dn,

						       old_msg->dn,

						       parent);

						       parent);

			break;

			break;

		case LDB_FLAG_MOD_DELETE:

		case LDB_FLAG_MOD_DELETE:

			ret = replmd_modify_la_delete(module, replmd_private,

			ret = replmd_modify_la_delete(module, replmd_private,

						      old_msg->dn,

						      old_msg->dn,

						      parent);

						      parent);

			break;

			break;

		case LDB_FLAG_MOD_ADD:

		case LDB_FLAG_MOD_ADD:

			ret = replmd_modify_la_add(module, replmd_private,

			ret = replmd_modify_la_add(module, replmd_private,

						   old_msg->dn,

						   old_msg->dn,

						   parent);

						   parent);

			break;

			break;

	}

	}

	ret = replmd_modify_handle_linked_attribs(module, replmd_private,

	ret = replmd_modify_handle_linked_attribs(module, replmd_private,

	if (ret != LDB_SUCCESS) {

	if (ret != LDB_SUCCESS) {

		talloc_free(ac);

		talloc_free(ac);

		return ret;

		return ret;

replmd_replicated_request to replmd_modify_la_add()

replmd_replicated_request to replmd_modify_la_add()

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 27 +++++++------------

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 27 +++++++------------

1 file changed, 10 insertions(+), 17 deletions(-)

1 file changed, 10 insertions(+), 17 deletions(-)

 */

 */

static int replmd_modify_la_add(struct ldb_module *module,

static int replmd_modify_la_add(struct ldb_module *module,

				struct replmd_private *replmd_private,

				struct replmd_private *replmd_private,

				struct ldb_message *msg,

				struct ldb_message *msg,

				struct ldb_message_element *el,

				struct ldb_message_element *el,

				struct ldb_message_element *old_el,

				struct ldb_message_element *old_el,

				const struct dsdb_attribute *schema_attr,

				const struct dsdb_attribute *schema_attr,

				time_t t,

				time_t t,

				struct ldb_dn *msg_dn,

				struct ldb_dn *msg_dn,

				struct ldb_request *parent)

				struct ldb_request *parent)

	unsigned old_num_values = old_el ? old_el->num_values : 0;

	unsigned old_num_values = old_el ? old_el->num_values : 0;

	unsigned num_values = 0;

	unsigned num_values = 0;

	unsigned max_num_values;

	unsigned max_num_values;

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	NTTIME now;

	NTTIME now;

	unix_to_nt_time(&now, t);

	unix_to_nt_time(&now, t);

	/* get the DNs to be added, fully parsed.

	/* get the DNs to be added, fully parsed.

	 *

	 *

	 * We need full parsing because they came off the wire and we don't

	 * We need full parsing because they came off the wire and we don't

			ret = replmd_update_la_val(new_values, exact->v,

			ret = replmd_update_la_val(new_values, exact->v,

						   dns[i].dsdb_dn,

						   dns[i].dsdb_dn,

						   exact->dsdb_dn,

						   exact->dsdb_dn,

			if (ret != LDB_SUCCESS) {

			if (ret != LDB_SUCCESS) {

				talloc_free(tmp_ctx);

				talloc_free(tmp_ctx);

				return ret;

				return ret;

			}

			}

			ret = replmd_add_backlink(module, replmd_private,

			ret = replmd_add_backlink(module, replmd_private,

						  msg_dn,

						  msg_dn,

						  &dns[i].guid, 

						  &dns[i].guid, 

						  true,

						  true,

		}

		}

		ret = replmd_add_backlink(module, replmd_private,

		ret = replmd_add_backlink(module, replmd_private,

					  &dns[i].guid,

					  &dns[i].guid,

					  true, schema_attr,

					  true, schema_attr,

					  parent);

					  parent);

		/* Make the new linked attribute ldb_val. */

		/* Make the new linked attribute ldb_val. */

		ret = replmd_build_la_val(new_values, &new_values[num_values],

		ret = replmd_build_la_val(new_values, &new_values[num_values],

					  now, 0, false);

					  now, 0, false);

		if (ret != LDB_SUCCESS) {

		if (ret != LDB_SUCCESS) {

			talloc_free(tmp_ctx);

			talloc_free(tmp_ctx);

			return ret;

			return ret;

			break;

			break;

		case LDB_FLAG_MOD_ADD:

		case LDB_FLAG_MOD_ADD:

			ret = replmd_modify_la_add(module, replmd_private,

			ret = replmd_modify_la_add(module, replmd_private,

						   old_msg->dn,

						   old_msg->dn,

						   parent);

						   parent);

			break;

			break;

replmd_modify_la_add()

replmd_modify_la_add()

source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +-

source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

1 file changed, 1 insertion(+), 1 deletion(-)

	max_num_values = old_num_values + el->num_values;

	max_num_values = old_num_values + el->num_values;

	if (max_num_values < old_num_values) {

	if (max_num_values < old_num_values) {

		DEBUG(0, ("we seem to have overflow in replmd_modify_la_add. "

		DEBUG(0, ("we seem to have overflow in replmd_modify_la_add. "

			  old_num_values, el->num_values, max_num_values));

			  old_num_values, el->num_values, max_num_values));

		talloc_free(tmp_ctx);

		talloc_free(tmp_ctx);

		return LDB_ERR_OPERATIONS_ERROR;

		return LDB_ERR_OPERATIONS_ERROR;

replmd_replicated_request to replmd_modify_la_delete()

replmd_replicated_request to replmd_modify_la_delete()

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 27 ++++++++-----------

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 27 ++++++++-----------

1 file changed, 11 insertions(+), 16 deletions(-)

1 file changed, 11 insertions(+), 16 deletions(-)

 */

 */

static int replmd_modify_la_delete(struct ldb_module *module,

static int replmd_modify_la_delete(struct ldb_module *module,

				   struct replmd_private *replmd_private,

				   struct replmd_private *replmd_private,

				   struct ldb_message *msg,

				   struct ldb_message *msg,

				   struct ldb_message_element *el,

				   struct ldb_message_element *el,

				   struct ldb_message_element *old_el,

				   struct ldb_message_element *old_el,

				   const struct dsdb_attribute *schema_attr,

				   const struct dsdb_attribute *schema_attr,

				   time_t t,

				   time_t t,

				   struct ldb_dn *msg_dn,

				   struct ldb_dn *msg_dn,

				   struct ldb_request *parent)

				   struct ldb_request *parent)

	bool vanish_links = false;

	bool vanish_links = false;

	unsigned int num_to_delete = el->num_values;

	unsigned int num_to_delete = el->num_values;

	uint32_t rmd_flags;

	uint32_t rmd_flags;

	NTTIME now;

	NTTIME now;

	unix_to_nt_time(&now, t);

	unix_to_nt_time(&now, t);

	if (old_el == NULL || old_el->num_values == 0) {

	if (old_el == NULL || old_el->num_values == 0) {

		/* there is nothing to delete... */

		/* there is nothing to delete... */

		if (num_to_delete == 0) {

		if (num_to_delete == 0) {

				}

				}

			}

			}

			ret = replmd_add_backlink(module, replmd_private,

			ret = replmd_add_backlink(module, replmd_private,

						  false, schema_attr,

						  false, schema_attr,

						  parent);

						  parent);

			if (ret != LDB_SUCCESS) {

			if (ret != LDB_SUCCESS) {

			ret = replmd_update_la_val(old_el->values, p->v,

			ret = replmd_update_la_val(old_el->values, p->v,

						   p->dsdb_dn, p->dsdb_dn,

						   p->dsdb_dn, p->dsdb_dn,

			if (ret != LDB_SUCCESS) {

			if (ret != LDB_SUCCESS) {

				talloc_free(tmp_ctx);

				talloc_free(tmp_ctx);

				return ret;

				return ret;

			/* remove the backlink */

			/* remove the backlink */

			ret = replmd_add_backlink(module,

			ret = replmd_add_backlink(module,

						  replmd_private,

						  replmd_private,

						  msg_dn,

						  msg_dn,

						  &p->guid,

						  &p->guid,

						  false, schema_attr,

						  false, schema_attr,

		ret = replmd_update_la_val(old_el->values, exact->v,

		ret = replmd_update_la_val(old_el->values, exact->v,

					   exact->dsdb_dn, exact->dsdb_dn,

					   exact->dsdb_dn, exact->dsdb_dn,

					   now, 0, true);

					   now, 0, true);

		if (ret != LDB_SUCCESS) {

		if (ret != LDB_SUCCESS) {

			talloc_free(tmp_ctx);

			talloc_free(tmp_ctx);

			return ret;

			return ret;

		}

		}

		ret = replmd_add_backlink(module, replmd_private,

		ret = replmd_add_backlink(module, replmd_private,

					  &p->guid,

					  &p->guid,

					  false, schema_attr,

					  false, schema_attr,

					  parent);

					  parent);

			break;

			break;

		case LDB_FLAG_MOD_DELETE:

		case LDB_FLAG_MOD_DELETE:

			ret = replmd_modify_la_delete(module, replmd_private,

			ret = replmd_modify_la_delete(module, replmd_private,

						      old_msg->dn,

						      old_msg->dn,

						      parent);

						      parent);

			break;

			break;

replmd_replicated_request to replmd_modify_la_replace()

replmd_replicated_request to replmd_modify_la_replace()

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 31 +++++++------------

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 31 +++++++------------

1 file changed, 12 insertions(+), 19 deletions(-)

1 file changed, 12 insertions(+), 19 deletions(-)

 */

 */

static int replmd_modify_la_replace(struct ldb_module *module,

static int replmd_modify_la_replace(struct ldb_module *module,

				    struct replmd_private *replmd_private,

				    struct replmd_private *replmd_private,

				    struct ldb_message *msg,

				    struct ldb_message *msg,

				    struct ldb_message_element *el,

				    struct ldb_message_element *el,

				    struct ldb_message_element *old_el,

				    struct ldb_message_element *old_el,

				    const struct dsdb_attribute *schema_attr,

				    const struct dsdb_attribute *schema_attr,

				    time_t t,

				    time_t t,

				    struct ldb_dn *msg_dn,

				    struct ldb_dn *msg_dn,

				    struct ldb_request *parent)

				    struct ldb_request *parent)

	struct parsed_dn *dns, *old_dns;

	struct parsed_dn *dns, *old_dns;

	TALLOC_CTX *tmp_ctx = talloc_new(msg);

	TALLOC_CTX *tmp_ctx = talloc_new(msg);

	int ret;

	int ret;

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	struct ldb_context *ldb = ldb_module_get_ctx(module);

	struct ldb_val *new_values = NULL;

	struct ldb_val *new_values = NULL;

	const char *ldap_oid = schema_attr->syntax->ldap_oid;

	const char *ldap_oid = schema_attr->syntax->ldap_oid;

	unix_to_nt_time(&now, t);

	unix_to_nt_time(&now, t);

	/*

	/*

	 * The replace operation is unlike the replace and delete cases in that

	 * The replace operation is unlike the replace and delete cases in that

	 * we need to look at every existing link to see whether it is being

	 * we need to look at every existing link to see whether it is being

				ret = replmd_update_la_val(new_values, old_p->v,

				ret = replmd_update_la_val(new_values, old_p->v,

							   old_p->dsdb_dn,

							   old_p->dsdb_dn,

							   old_p->dsdb_dn,

							   old_p->dsdb_dn,

							   now, 0, true);

							   now, 0, true);

				if (ret != LDB_SUCCESS) {

				if (ret != LDB_SUCCESS) {

					talloc_free(tmp_ctx);

					talloc_free(tmp_ctx);

				}

				}

				ret = replmd_add_backlink(module, replmd_private,

				ret = replmd_add_backlink(module, replmd_private,

							  msg_dn,

							  msg_dn,

							  &old_p->guid, false,

							  &old_p->guid, false,

							  schema_attr,

							  schema_attr,

			ret = replmd_update_la_val(new_values, old_p->v,

			ret = replmd_update_la_val(new_values, old_p->v,

						   new_p->dsdb_dn,

						   new_p->dsdb_dn,

						   old_p->dsdb_dn,

						   old_p->dsdb_dn,

						   now, 0, false);

						   now, 0, false);

			if (ret != LDB_SUCCESS) {

			if (ret != LDB_SUCCESS) {

				talloc_free(tmp_ctx);

				talloc_free(tmp_ctx);

			rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);

			rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);

			if ((rmd_flags & DSDB_RMD_FLAG_DELETED) != 0) {

			if ((rmd_flags & DSDB_RMD_FLAG_DELETED) != 0) {

				ret = replmd_add_backlink(module, replmd_private,

				ret = replmd_add_backlink(module, replmd_private,

							  msg_dn,

							  msg_dn,

							  &new_p->guid, true,

							  &new_p->guid, true,

							  schema_attr,

							  schema_attr,

			ret = replmd_build_la_val(new_values,

			ret = replmd_build_la_val(new_values,

						  new_p->v,

						  new_p->v,

						  new_p->dsdb_dn,

						  new_p->dsdb_dn,

						  now, 0, false);

						  now, 0, false);

			if (ret != LDB_SUCCESS) {

			if (ret != LDB_SUCCESS) {

				talloc_free(tmp_ctx);

				talloc_free(tmp_ctx);

				return ret;

				return ret;

			}

			}

			ret = replmd_add_backlink(module, replmd_private,

			ret = replmd_add_backlink(module, replmd_private,

						  msg_dn,

						  msg_dn,

						  &new_p->guid, true,

						  &new_p->guid, true,

						  schema_attr,

						  schema_attr,

		switch (mod_type) {

		switch (mod_type) {

		case LDB_FLAG_MOD_REPLACE:

		case LDB_FLAG_MOD_REPLACE:

			ret = replmd_modify_la_replace(module, replmd_private,

			ret = replmd_modify_la_replace(module, replmd_private,

						       old_msg->dn,

						       old_msg->dn,

						       parent);

						       parent);

			break;

			break;

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID

DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID

.../knownfail.d/samba4.blackbox.dbcheck-links |   6 -

.../knownfail.d/samba4.blackbox.dbcheck-links |   6 -

.../samdb/ldb_modules/extended_dn_store.c     |   7 +

.../samdb/ldb_modules/extended_dn_store.c     |   7 +

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 145 ++++++++++++++++++

.../dsdb/samdb/ldb_modules/repl_meta_data.c   | 145 ++++++++++++++++++

source4/dsdb/samdb/ldb_modules/samldb.c       |  12 +-

source4/dsdb/samdb/ldb_modules/samldb.c       |  12 +-

4 files changed, 161 insertions(+), 9 deletions(-)

4 files changed, 161 insertions(+), 9 deletions(-)

delete mode 100644 selftest/knownfail.d/samba4.blackbox.dbcheck-links

delete mode 100644 selftest/knownfail.d/samba4.blackbox.dbcheck-links

	unsigned int i, j;

	unsigned int i, j;

	struct extended_dn_context *ac;

	struct extended_dn_context *ac;

	struct ldb_control *fix_links_control = NULL;

	struct ldb_control *fix_links_control = NULL;

	int ret;

	int ret;

	if (ldb_dn_is_special(req->op.mod.message->dn)) {

	if (ldb_dn_is_special(req->op.mod.message->dn)) {

		return ldb_next_request(module, req);

		return ldb_next_request(module, req);

	}

	}

	for (i=0; i < req->op.mod.message->num_elements; i++) {

	for (i=0; i < req->op.mod.message->num_elements; i++) {

		const struct ldb_message_element *el = &req->op.mod.message->elements[i];

		const struct ldb_message_element *el = &req->op.mod.message->elements[i];

		const struct dsdb_attribute *schema_attr

		const struct dsdb_attribute *schema_attr

	bool is_urgent;

	bool is_urgent;

	bool isDeleted;

	bool isDeleted;

};

};

static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar);

static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar);

			return err;

			return err;

		}

		}

		if (exact != NULL) {

		if (exact != NULL) {

			/*

			/*

			 * We are trying to add one that exists, which is only

			 * We are trying to add one that exists, which is only

	struct ldb_control *sd_propagation_control;

	struct ldb_control *sd_propagation_control;

	struct ldb_control *fix_links_control = NULL;

	struct ldb_control *fix_links_control = NULL;

	struct ldb_control *fix_dn_name_control = NULL;

	struct ldb_control *fix_dn_name_control = NULL;

	struct replmd_private *replmd_private =

	struct replmd_private *replmd_private =

		talloc_get_type(ldb_module_get_private(module), struct replmd_private);

		talloc_get_type(ldb_module_get_private(module), struct replmd_private);

		return LDB_ERR_OPERATIONS_ERROR;

		return LDB_ERR_OPERATIONS_ERROR;

	}

	}

	ldb_msg_remove_attr(msg, "whenChanged");

	ldb_msg_remove_attr(msg, "whenChanged");

	ldb_msg_remove_attr(msg, "uSNChanged");

	ldb_msg_remove_attr(msg, "uSNChanged");

		return ret;

		return ret;

	}

	}

	ret = replmd_modify_handle_linked_attribs(module, replmd_private,

	ret = replmd_modify_handle_linked_attribs(module, replmd_private,

						  ac, msg, t, req);

						  ac, msg, t, req);

	if (ret != LDB_SUCCESS) {

	if (ret != LDB_SUCCESS) {

	el = ldb_msg_find_element(ac->msg, "member");

	el = ldb_msg_find_element(ac->msg, "member");

	if (el != NULL) {

	if (el != NULL) {

		}

		}

	}

	}

the primaryGroupID field

the primaryGroupID field

.../samba4.blackbox.test_primary_group        |  2 --

.../samba4.blackbox.test_primary_group        |  2 --

source4/dsdb/samdb/ldb_modules/samldb.c       | 29 ++++++++++++++-----

source4/dsdb/samdb/ldb_modules/samldb.c       | 29 ++++++++++++++-----

2 files changed, 21 insertions(+), 10 deletions(-)

2 files changed, 21 insertions(+), 10 deletions(-)

delete mode 100644 selftest/knownfail.d/samba4.blackbox.test_primary_group

delete mode 100644 selftest/knownfail.d/samba4.blackbox.test_primary_group

	struct ldb_result *res, *group_res;

	struct ldb_result *res, *group_res;

	struct ldb_message_element *el;

	struct ldb_message_element *el;

	struct ldb_message *msg;

	struct ldb_message *msg;

	uint32_t prev_rid, new_rid, uac;

	uint32_t prev_rid, new_rid, uac;

	struct dom_sid *prev_sid, *new_sid;

	struct dom_sid *prev_sid, *new_sid;

	struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn;

	struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn;

	int ret;

	int ret;

	const char * const noattrs[] = { NULL };

	const char * const noattrs[] = { NULL };

	/* Fetch information from the existing object */

	/* Fetch information from the existing object */

	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,

	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,

	if (ret != LDB_SUCCESS) {

	if (ret != LDB_SUCCESS) {

		return ret;

		return ret;

	}

	}

	uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);

	uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);

	ret = dsdb_module_search(ac->module, ac, &group_res,

	ret = dsdb_module_search(ac->module, ac, &group_res,

				 ldb_get_default_basedn(ldb),

				 ldb_get_default_basedn(ldb),

				 LDB_SCOPE_SUBTREE,

				 LDB_SCOPE_SUBTREE,

				 ac->req,

				 ac->req,

				 "(objectSid=%s)",

				 "(objectSid=%s)",

				 ldap_encode_ndr_dom_sid(ac, prev_sid));

				 ldap_encode_ndr_dom_sid(ac, prev_sid));

	ret = dsdb_module_search(ac->module, ac, &group_res,

	ret = dsdb_module_search(ac->module, ac, &group_res,

				 ldb_get_default_basedn(ldb),

				 ldb_get_default_basedn(ldb),

				 LDB_SCOPE_SUBTREE,

				 LDB_SCOPE_SUBTREE,

				 ac->req,

				 ac->req,

				 "(objectSid=%s)",

				 "(objectSid=%s)",

				 ldap_encode_ndr_dom_sid(ac, new_sid));

				 ldap_encode_ndr_dom_sid(ac, new_sid));

		return LDB_ERR_UNWILLING_TO_PERFORM;

		return LDB_ERR_UNWILLING_TO_PERFORM;

	}

	}

	new_prim_group_dn = group_res->msgs[0]->dn;

	new_prim_group_dn = group_res->msgs[0]->dn;

	/* We need to be already a normal member of the new primary

	/* We need to be already a normal member of the new primary

	 * group in order to be successful. */

	 * group in order to be successful. */

	el = samdb_find_attribute(ldb, res->msgs[0], "memberOf",

	el = samdb_find_attribute(ldb, res->msgs[0], "memberOf",

	if (el == NULL) {

	if (el == NULL) {

		return LDB_ERR_UNWILLING_TO_PERFORM;

		return LDB_ERR_UNWILLING_TO_PERFORM;

	}

	}

	}

	}

	msg->dn = new_prim_group_dn;

	msg->dn = new_prim_group_dn;