diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-07-18 17:13:30 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-07-18 09:32:53 +0200 |
commit | e4001a78c1d0b286b37e19c733cf1bbc18166818 (patch) | |
tree | bb2099eaa6998935660d83ec2219e891bc9b411a /source4/dsdb | |
parent | 5630e25a35ea95ca848281933a5a3a96306986a4 (diff) | |
download | samba-e4001a78c1d0b286b37e19c733cf1bbc18166818.tar.gz samba-e4001a78c1d0b286b37e19c733cf1bbc18166818.tar.bz2 samba-e4001a78c1d0b286b37e19c733cf1bbc18166818.zip |
dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/pydsdb.c | 1 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 12 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 3 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.h | 3 |
4 files changed, 14 insertions, 5 deletions
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index f63d71e2d0..b9e1dd742c 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -1269,6 +1269,7 @@ void initdsdb(void) ADD_DSDB_STRING(DSDB_SYNTAX_STRING_DN); ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME); ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK); + ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA); ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER); ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER); diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index e50c8e2369..c521f332ae 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -408,10 +408,14 @@ static int attr_handler2(struct oc_context *ac) found = str_list_check(harmless_attrs, attr->lDAPDisplayName); } if (!found) { - ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!", - msg->elements[i].name, - ldb_dn_get_linearized(msg->dn)); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + /* we allow this for dbcheck to fix the rest of this broken entry */ + if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) || + ac->req->operation == LDB_ADD) { + ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!", + msg->elements[i].name, + ldb_dn_get_linearized(msg->dn)); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } } } diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 1dc7ea057c..6f26299c6a 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1391,7 +1391,8 @@ static int replmd_update_rpmd(struct ldb_module *module, struct ldb_message_element *el; /*if we are RODC and this is a DRSR update then its ok*/ - if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID) + && !ldb_request_get_control(req, DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)) { unsigned instanceType; ret = samdb_rodc(ldb, rodc); diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 5422218059..c4cb3bdb48 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -122,6 +122,9 @@ struct dsdb_control_password_change { /* passed when we want special behaviour for dbcheck */ #define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19" +/* passed when dbcheck wants to modify a read only replica (very special case) */ +#define DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA "1.3.6.1.4.1.7165.4.3.19.1" + /* passed when importing plain text password on upgrades */ #define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20" |