From d5fc8b080fe47bf6f93de136788d56d51c526cb4 Mon Sep 17 00:00:00 2001
From: Kamen Mazdrashki <kamenim@samba.org>
Date: Fri, 7 Nov 2014 07:11:59 +0100
Subject: s4-dsdb/reanimate: Swap rename->modify operations to modify->rename
 sequence

This way it is more visible that we work on 'deleted object' during modify
and also will help us to handle 'stop rename for deletec objects'
propertly in future

[MS-ADTS]: 3.1.1.5.3.7.3 Undelete Processing Specifics

Change-Id: I9bb644e099a4a2afcb261ad22515c9c4ce4875bb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---
 .../dsdb/samdb/ldb_modules/tombstone_reanimate.c   | 38 +++++++++++++---------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
index 070d952aa1..825bbf1464 100644
--- a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
+++ b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
@@ -352,30 +352,21 @@ static int tombstone_reanimate_modify(struct ldb_module *module, struct ldb_requ
 	}
 
 	/* Simple implementation */
-	/* Rename request to modify distinguishedName */
-	dn_new = ldb_dn_from_ldb_val(req, ldb, &el_dn->values[0]);
-	if (dn_new == NULL) {
-		return ldb_oom(ldb);
-	}
-	ret = _tr_do_rename(module, req, req->op.mod.message->dn, dn_new);
-	if (ret != LDB_SUCCESS) {
-		ldb_debug(ldb, LDB_DEBUG_ERROR, "Renaming object to %s has failed with %s\n", el_dn->values[0].data, ldb_strerror(ret));
-		if (ret != LDB_ERR_ENTRY_ALREADY_EXISTS && ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS ) {
-			/* Windows returns Operations Error in case we can't rename the object */
-			return LDB_ERR_OPERATIONS_ERROR;
-		}
-		return ret;
-	}
 
 	/* Modify request to: */
 	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
 	if (msg == NULL) {
 		return ldb_module_oom(ac->module);
 	}
-	msg->dn = dn_new;
-	/* - delete isDeleted */
+	/* - remove distinguishedName - we don't need it */
 	ldb_msg_remove_attr(msg, "distinguishedName");
 
+	/* restore attributed depending on objectClass */
+	ret = _tr_restore_attributes(ldb, res_obj->msgs[0], msg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
 	/* - restore objectCategory if not present */
 	objectcategory = ldb_msg_find_attr_as_dn(ldb, ac, msg,
 						 "objectCategory");
@@ -398,6 +389,21 @@ static int tombstone_reanimate_modify(struct ldb_module *module, struct ldb_requ
 		return ret;
 	}
 
+	/* Rename request to modify distinguishedName */
+	dn_new = ldb_dn_from_ldb_val(req, ldb, &el_dn->values[0]);
+	if (dn_new == NULL) {
+		return ldb_oom(ldb);
+	}
+	ret = _tr_do_rename(module, req, req->op.mod.message->dn, dn_new);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR, "Renaming object to %s has failed with %s\n", el_dn->values[0].data, ldb_strerror(ret));
+		if (ret != LDB_ERR_ENTRY_ALREADY_EXISTS && ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS ) {
+			/* Windows returns Operations Error in case we can't rename the object */
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		return ret;
+	}
+
 	return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
 }
 
-- 
cgit