summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-14 20:29:39 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-15 08:20:37 +1100
commitd1784e7ca92ba8c6579da6a6238a3f95d67a463d (patch)
tree78726b75680b778789be33ff255615493cf3a538
parent59818f2f793ecc6349b87ee0debc7dd558272552 (diff)
downloadsamba-d1784e7ca92ba8c6579da6a6238a3f95d67a463d.tar.gz
samba-d1784e7ca92ba8c6579da6a6238a3f95d67a463d.tar.bz2
samba-d1784e7ca92ba8c6579da6a6238a3f95d67a463d.zip
s4-drs: support DRSUAPI_DRS_ADD_REF flag
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs call on behalf of the client after the DsGetNCChanges call. The lack of support for this option may explain why the repsTo attribute was not being created for w2k8-r2 replication partners.
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c34
1 files changed, 29 insertions, 5 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 5957038ad2..90ddab083c 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -141,8 +141,10 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
instanceType then don't include it */
if (md.ctr.ctr1.array[i].local_usn < highest_usn &&
md.ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType) continue;
+
/* don't include the rDN */
if (md.ctr.ctr1.array[i].attid == rdn_sa->attributeID_id) continue;
+
obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;
@@ -205,12 +207,10 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
sa->lDAPDisplayName, win_errstr(werr)));
return werr;
}
- /* if DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING is set
+ /* if DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING is set
* check if attribute is secret and send a null value
- * TODO: check if we can make this in the database layer
*/
- if ((replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING)
- == DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) {
+ if (replica_flags & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i],
&obj->meta_data_ctr->meta_data[i]);
}
@@ -551,6 +551,29 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
r->out.ctr->ctr6.nc_object_count = getnc_state->site_res->count;
+ /* the client can us to call UpdateRefs on its behalf to
+ re-establish monitoring of the NC */
+ if ((req8->replica_flags & DRSUAPI_DRS_ADD_REF) &&
+ !GUID_all_zero(&req8->destination_dsa_guid)) {
+ struct drsuapi_DsReplicaUpdateRefsRequest1 ureq;
+ ureq.naming_context = ncRoot;
+ ureq.dest_dsa_dns_name = talloc_asprintf(mem_ctx, "%s._msdcs.%s",
+ GUID_string(mem_ctx, &req8->destination_dsa_guid),
+ lp_realm(dce_call->conn->dce_ctx->lp_ctx));
+ if (!ureq.dest_dsa_dns_name) {
+ return WERR_NOMEM;
+ }
+ ureq.dest_dsa_guid = req8->destination_dsa_guid;
+ ureq.options = DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE |
+ DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION |
+ DRSUAPI_DS_REPLICA_UPDATE_GETCHG_CHECK;
+ werr = drsuapi_UpdateRefs(b_state, mem_ctx, &ureq);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed UpdateRefs in DsGetNCChanges - %s\n",
+ win_errstr(werr)));
+ }
+ }
+
if (i < getnc_state->site_res->count) {
r->out.ctr->ctr6.more_data = true;
} else {
@@ -571,8 +594,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
b_state->getncchanges_state = NULL;
}
- DEBUG(2,("DsGetNCChanges with uSNChanged >= %llu on %s gave %u objects\n",
+ DEBUG(2,("DsGetNCChanges with uSNChanged >= %llu flags 0x%08x on %s gave %u objects\n",
(unsigned long long)(req8->highwatermark.highest_usn+1),
+ req8->replica_flags,
ncRoot->dn, r->out.ctr->ctr6.object_count));
return WERR_OK;