summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAnatoliy Atanasov <anatoliy.atanasov@postpath.com>2010-05-04 11:49:18 +0200
committerAnatoliy Atanasov <anatoliy.atanasov@postpath.com>2010-05-04 18:32:18 +0200
commitf84aeea7399eec38f7906dedaf3652af48c3d184 (patch)
tree1bd0d1f8757053ab5b2fa779d5c5464626b42994 /source4/dsdb
parentbcdaa23798f74cdec8973201a849f562929ea416 (diff)
downloadsamba-f84aeea7399eec38f7906dedaf3652af48c3d184.tar.gz
samba-f84aeea7399eec38f7906dedaf3652af48c3d184.tar.bz2
samba-f84aeea7399eec38f7906dedaf3652af48c3d184.zip
s4/rodc: Support read-only database
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/util.c1
-rw-r--r--source4/dsdb/samdb/ldb_modules/partition.c3
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c33
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c9
-rw-r--r--source4/dsdb/samdb/ldb_modules/util.c43
5 files changed, 76 insertions, 13 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 771d30a4cd..7064fcf67d 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2751,6 +2751,7 @@ int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *objectGUID, bo
if (ret != LDB_SUCCESS) {
DEBUG(1,(("Failed to find our own NTDS Settings object by objectGUID=%s!\n"),
GUID_string(tmp_ctx, objectGUID)));
+ *is_rodc = false;
talloc_free(tmp_ctx);
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 19bd03633a..6c0d9cdd4e 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -167,8 +167,7 @@ static int partition_req_callback(struct ldb_request *req,
switch (ares->type) {
case LDB_REPLY_REFERRAL:
- /* ignore referrals for now */
- break;
+ return ldb_module_send_referral(ac->req, ares->referral);
case LDB_REPLY_ENTRY:
if (ac->req->operation != LDB_SEARCH) {
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 11e043f5d0..374467cb94 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1076,6 +1076,7 @@ static int replmd_update_rpmd_element(struct ldb_context *ldb,
*/
static int replmd_update_rpmd(struct ldb_module *module,
const struct dsdb_schema *schema,
+ struct ldb_request *req,
struct ldb_message *msg, uint64_t *seq_num,
time_t t,
bool *is_urgent)
@@ -1092,6 +1093,7 @@ static int replmd_update_rpmd(struct ldb_module *module,
struct ldb_context *ldb;
struct ldb_message_element *objectclass_el;
enum urgent_situation situation;
+ bool rodc;
ldb = ldb_module_get_ctx(module);
@@ -1157,6 +1159,20 @@ static int replmd_update_rpmd(struct ldb_module *module,
return LDB_ERR_OPERATIONS_ERROR;
}
+ /*we have elements that will be modified*/
+ if (msg->num_elements > 0) {
+ /*if we are RODC and this is a DRSR update then its ok*/
+ if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ ret = samdb_rodc(ldb, &rodc);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
+ } else if (rodc) {
+ ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
+ return LDB_ERR_REFERRAL;
+ }
+ }
+ }
+
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *old_el;
old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
@@ -2043,6 +2059,8 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
time_t t = time(NULL);
int ret;
bool is_urgent = false;
+ struct loadparm_context *lp_ctx;
+ char *referral;
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.mod.message->dn)) {
@@ -2050,6 +2068,8 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
}
ldb = ldb_module_get_ctx(module);
+ lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+ struct loadparm_context);
ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
@@ -2069,7 +2089,18 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
ldb_msg_remove_attr(msg, "whenChanged");
ldb_msg_remove_attr(msg, "uSNChanged");
- ret = replmd_update_rpmd(module, ac->schema, msg, &ac->seq_num, t, &is_urgent);
+ ret = replmd_update_rpmd(module, ac->schema, req, msg, &ac->seq_num, t, &is_urgent);
+ if (ret == LDB_ERR_REFERRAL) {
+ talloc_free(ac);
+
+ referral = talloc_asprintf(req,
+ "ldap://%s/%s",
+ lp_dnsdomain(lp_ctx),
+ ldb_dn_get_linearized(msg->dn));
+ ret = ldb_module_send_referral(req, referral);
+ return ldb_module_done(req, NULL, NULL, ret);
+ }
+
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index 655b4892af..a6487441c1 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -141,6 +141,8 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
const char *oid_attr = NULL;
const char *oid = NULL;
WERROR status;
+ bool rodc;
+ int ret;
ldb = ldb_module_get_ctx(module);
@@ -159,7 +161,12 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
- if (!schema->fsmo.we_are_master) {
+ ret = samdb_rodc(ldb, &rodc);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(4, (__location__ ": unable to tell if we are an RODC \n"));
+ }
+
+ if (!schema->fsmo.we_are_master && !rodc) {
ldb_debug_set(ldb, LDB_DEBUG_ERROR,
"schema_data_add: we are not master: reject request\n");
return LDB_ERR_UNWILLING_TO_PERFORM;
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 18631c4350..c233df7216 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -243,12 +243,18 @@ int dsdb_module_modify(struct ldb_module *module,
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
TALLOC_CTX *tmp_ctx = talloc_new(module);
+ struct ldb_result *res;
+
+ res = talloc_zero(tmp_ctx, struct ldb_result);
+ if (!res) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
message,
NULL,
- NULL,
- ldb_op_default_callback,
+ res,
+ ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
@@ -292,13 +298,19 @@ int dsdb_module_rename(struct ldb_module *module,
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
TALLOC_CTX *tmp_ctx = talloc_new(module);
+ struct ldb_result *res;
+
+ res = talloc_zero(tmp_ctx, struct ldb_result);
+ if (!res) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
ret = ldb_build_rename_req(&req, ldb, tmp_ctx,
olddn,
newdn,
NULL,
- NULL,
- ldb_op_default_callback,
+ res,
+ ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
@@ -340,12 +352,18 @@ int dsdb_module_add(struct ldb_module *module,
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
TALLOC_CTX *tmp_ctx = talloc_new(module);
+ struct ldb_result *res;
+
+ res = talloc_zero(tmp_ctx, struct ldb_result);
+ if (!res) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
ret = ldb_build_add_req(&req, ldb, tmp_ctx,
message,
NULL,
- NULL,
- ldb_op_default_callback,
+ res,
+ ldb_modify_default_callback,
NULL);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
@@ -717,6 +735,7 @@ int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
struct ldb_message *msg;
struct dsdb_control_current_partition *p_ctrl;
int ret;
+ struct ldb_result *res;
msg = ldb_msg_new(module);
if (msg == NULL) {
@@ -729,6 +748,11 @@ int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
return LDB_ERR_OPERATIONS_ERROR;
}
+ res = talloc_zero(msg, struct ldb_result);
+ if (!res) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
ret = ldb_msg_add_fmt(msg, "uSNHighest", "%llu", (unsigned long long)uSN);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
@@ -754,11 +778,11 @@ int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
}
p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
p_ctrl->dn = dn;
-
ret = ldb_build_mod_req(&req, ldb, msg,
msg,
NULL,
- NULL, ldb_op_default_callback,
+ res,
+ ldb_modify_default_callback,
NULL);
again:
if (ret != LDB_SUCCESS) {
@@ -784,7 +808,8 @@ again:
ret = ldb_build_add_req(&req, ldb, msg,
msg,
NULL,
- NULL, ldb_op_default_callback,
+ res,
+ ldb_modify_default_callback,
NULL);
goto again;
}