summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-09-19 21:49:00 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-20 15:27:45 -0700
commit3fe8e97a7289c18903a9f481a13f8793f9f17bab (patch)
tree521f406b2e090e692efce2317be569646eeb7ce0
parent59951163bea67b1a5d5eeef109f200a6323c00f3 (diff)
downloadsamba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.tar.gz
samba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.tar.bz2
samba-3fe8e97a7289c18903a9f481a13f8793f9f17bab.zip
s4-rodc: fixed repsFrom store on RODC
We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 45ef4d9961..6ae8e928b0 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1246,20 +1246,6 @@ static int replmd_update_rpmd(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
- /*we have elements that will be modified*/
- if (msg->num_elements > 0) {
- /*if we are RODC and this is a DRSR update then its ok*/
- if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
- ret = samdb_rodc(ldb, &rodc);
- if (ret != LDB_SUCCESS) {
- DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
- } else if (rodc) {
- ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
- return LDB_ERR_REFERRAL;
- }
- }
- }
-
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *old_el;
old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
@@ -1283,6 +1269,17 @@ static int replmd_update_rpmd(struct ldb_module *module,
struct ldb_val *md_value;
struct ldb_message_element *el;
+ /*if we are RODC and this is a DRSR update then its ok*/
+ if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ ret = samdb_rodc(ldb, &rodc);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
+ } else if (rodc) {
+ ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
+ return LDB_ERR_REFERRAL;
+ }
+ }
+
md_value = talloc(msg, struct ldb_val);
if (md_value == NULL) {
ldb_oom(ldb);