summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-08-14 19:48:32 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-08-14 15:37:22 +0200
commit108c8b758ad23cd83630b2f8adf21171e815589a (patch)
tree38762f3c3f12cf35bdd23476175610d2d377cbe5 /source4/dsdb/samdb/ldb_modules
parentd582e1bef6783a788378e32c64199a639d51b4e1 (diff)
downloadsamba-108c8b758ad23cd83630b2f8adf21171e815589a.tar.gz
samba-108c8b758ad23cd83630b2f8adf21171e815589a.tar.bz2
samba-108c8b758ad23cd83630b2f8adf21171e815589a.zip
s4-dsdb: Use samdb_dn_is_our_ntdsa()
This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r--source4/dsdb/samdb/ldb_modules/ridalloc.c27
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c11
2 files changed, 34 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
index 915248c440..d0266eda8a 100644
--- a/source4/dsdb/samdb/ldb_modules/ridalloc.c
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -388,6 +388,8 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct GUID fsmo_role_guid, *our_ntds_guid;
+ NTSTATUS status;
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
@@ -407,7 +409,19 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me
return ret;
}
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) {
+ status = dsdb_get_extended_dn_guid(fsmo_role_dn, &fsmo_role_guid, "GUID");
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb_module_get_ctx(module));
+ }
+
+ our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module));
+ if (!our_ntds_guid) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb_module_get_ctx(module));
+ }
+
+ if (!GUID_equal(&fsmo_role_guid, our_ntds_guid)) {
ridalloc_poke_rid_manager(module);
ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
talloc_free(tmp_ctx);
@@ -429,6 +443,7 @@ static int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool,
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool is_us;
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
@@ -448,7 +463,15 @@ static int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool,
return ret;
}
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) {
+ ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to confirm if our ntdsDsa is %s: %s",
+ ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (!is_us) {
ridalloc_poke_rid_manager(module);
ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
talloc_free(tmp_ctx);
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 9ae5b20eb1..0668d1ad13 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -183,7 +183,7 @@ static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *d
struct ldb_dn *owner_dn;
ret = dsdb_module_search_dn(module, tmp_ctx, &res,
- dn, attrs, DSDB_FLAG_NEXT_MODULE, parent);
+ dn, attrs, DSDB_FLAG_NEXT_MODULE|DSDB_SEARCH_SHOW_EXTENDED_DN, parent);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
@@ -197,7 +197,14 @@ static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *d
return LDB_SUCCESS;
}
- *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module), tmp_ctx)) == 0);
+ ret = samdb_dn_is_our_ntdsa(ldb_module_get_ctx(module), dn, master);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to confirm if our ntdsDsa is %s: %s",
+ ldb_dn_get_linearized(owner_dn), ldb_errstring(ldb_module_get_ctx(module)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}