summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-07-17 15:48:15 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-07-18 09:32:53 +0200
commit96db13405bce8fa6d08b8b802439a606643e6db4 (patch)
treeaafa7d86a3e52bc05739dfae8bf6afd30f92e6f8 /source4/dsdb
parent127352c78c0328d59d742f0b4520ebaac6307854 (diff)
downloadsamba-96db13405bce8fa6d08b8b802439a606643e6db4.tar.gz
samba-96db13405bce8fa6d08b8b802439a606643e6db4.tar.bz2
samba-96db13405bce8fa6d08b8b802439a606643e6db4.zip
s4-dsdb: Ensure we never write read-only objects onto a read-write replica
We should prevent this much further up the stack, but at least add a choke at this point for now. Additionally, this avoids administrator-forced replications causing considerable damange to the directory. Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/repl/replicated_objects.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index ec4dffe0be..67999df573 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -202,6 +202,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
uint32_t i;
struct ldb_message *msg;
struct replPropertyMetaDataBlob *md;
+ int instanceType;
struct ldb_val guid_value;
struct ldb_val parent_guid_value;
NTTIME whenChanged = 0;
@@ -352,12 +353,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
}
+ instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
/* the instanceType type for partial_replica
replication is sent via DRS with TYPE_WRITE set, but
must be used on the client with TYPE_WRITE removed
*/
- int instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
if (instanceType & INSTANCE_TYPE_WRITE) {
instanceType &= ~INSTANCE_TYPE_WRITE;
ldb_msg_remove_attr(msg, "instanceType");
@@ -365,6 +366,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
return WERR_INTERNAL_ERROR;
}
}
+ } else {
+ if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+ DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n",
+ ldb_dn_get_linearized(msg->dn)));
+ return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
+ }
}
whenChanged_t = nt_time_to_unix(whenChanged);