diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-09-19 21:49:00 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-20 15:27:45 -0700 |
commit | 3fe8e97a7289c18903a9f481a13f8793f9f17bab (patch) | |
tree | 521f406b2e090e692efce2317be569646eeb7ce0 | |
parent | 59951163bea67b1a5d5eeef109f200a6323c00f3 (diff) | |
download | samba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.tar.gz samba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.tar.bz2 samba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.zip |
s4-rodc: fixed repsFrom store on RODC
We were disallowing repsFrom store as a RODC on the basis that it is a
write to the directory. It should be allowed, as its is a
non-replicated attribute.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 45ef4d9961..6ae8e928b0 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1246,20 +1246,6 @@ static int replmd_update_rpmd(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - /*we have elements that will be modified*/ - if (msg->num_elements > 0) { - /*if we are RODC and this is a DRSR update then its ok*/ - if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { - ret = samdb_rodc(ldb, &rodc); - if (ret != LDB_SUCCESS) { - DEBUG(4, (__location__ ": unable to tell if we are an RODC\n")); - } else if (rodc) { - ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n"); - return LDB_ERR_REFERRAL; - } - } - } - for (i=0; i<msg->num_elements; i++) { struct ldb_message_element *old_el; old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name); @@ -1283,6 +1269,17 @@ static int replmd_update_rpmd(struct ldb_module *module, struct ldb_val *md_value; struct ldb_message_element *el; + /*if we are RODC and this is a DRSR update then its ok*/ + if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + ret = samdb_rodc(ldb, &rodc); + if (ret != LDB_SUCCESS) { + DEBUG(4, (__location__ ": unable to tell if we are an RODC\n")); + } else if (rodc) { + ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n"); + return LDB_ERR_REFERRAL; + } + } + md_value = talloc(msg, struct ldb_val); if (md_value == NULL) { ldb_oom(ldb); |