s4-dsdb: Ensure we never write read-only objects onto a read-write replica

We should prevent this much further up the stack, but at least add a choke
at this point for now.

Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.

Andrew Bartlett

1 files changed, 8 insertions, 1 deletions

diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index ec4dffe0be..67999df573 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -202,6 +202,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 	uint32_t i;
 	struct ldb_message *msg;
 	struct replPropertyMetaDataBlob *md;
+	int instanceType;
 	struct ldb_val guid_value;
 	struct ldb_val parent_guid_value;
 	NTTIME whenChanged = 0;
@@ -352,12 +353,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 
 	}
 
+	instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
 	if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
 		/* the instanceType type for partial_replica
 		   replication is sent via DRS with TYPE_WRITE set, but
 		   must be used on the client with TYPE_WRITE removed
 		*/
-		int instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
 		if (instanceType & INSTANCE_TYPE_WRITE) {
 			instanceType &= ~INSTANCE_TYPE_WRITE;
 			ldb_msg_remove_attr(msg, "instanceType");
@@ -365,6 +366,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 				return WERR_INTERNAL_ERROR;
 			}
 		}
+	} else {
+		if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+			DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n",
+				  ldb_dn_get_linearized(msg->dn)));
+			return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
+		}
 	}
 
 	whenChanged_t = nt_time_to_unix(whenChanged);