diff options
author | Fernando J V da Silva <fernandojvsilva@yahoo.com.br> | 2010-04-15 17:37:40 -0300 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-04-22 19:36:15 +1000 |
commit | 57bcdf008fa44d4c550819cbceada968b11be63c (patch) | |
tree | c404018cef84c2e07b26a48f7618cfa31b76c622 /source4/rpc_server | |
parent | c023fc217ed370e5c890c1984da533e0133060d9 (diff) | |
download | samba-57bcdf008fa44d4c550819cbceada968b11be63c.tar.gz samba-57bcdf008fa44d4c550819cbceada968b11be63c.tar.bz2 samba-57bcdf008fa44d4c550819cbceada968b11be63c.zip |
s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 14 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 4 |
2 files changed, 16 insertions, 2 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index e70e863c36..56c061d2e8 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -684,6 +684,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ uint32_t options; uint32_t max_objects; struct ldb_dn *search_dn = NULL; + bool am_rodc; DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h->data; @@ -699,7 +700,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ r->out.ctr->ctr6.uptodateness_vector = NULL; /* a RODC doesn't allow for any replication */ - if (samdb_rodc(b_state->sam_ctx)) { + ret = samdb_rodc(b_state->sam_ctx, &am_rodc); + if (ret == LDB_SUCCESS && am_rodc) { DEBUG(0,(__location__ ": DsGetNCChanges attempt on RODC\n")); return WERR_DS_DRA_SOURCE_DISABLED; } @@ -733,6 +735,16 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ return WERR_DS_DRA_SOURCE_DISABLED; } + if (req8->replica_flags & DRSUAPI_DRS_WRIT_REP) { + bool is_rodc; + ret = samdb_is_rodc(b_state->sam_ctx, &req8->source_dsa_invocation_id, &is_rodc); + if (ret != LDB_SUCCESS || is_rodc) { + DEBUG(0,(__location__ ": Attempt to do writeable replication by RODC %s\n", + GUID_string(mem_ctx, &req8->source_dsa_invocation_id))); + return WERR_DS_DRA_INVALID_PARAMETER; + } + } + if (req8->replica_flags & DRSUAPI_DRS_FULL_SYNC_PACKET) { /* Ignore the _in_ uptpdateness vector*/ diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 792b016e93..e683348140 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1636,6 +1636,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, bool del_incoming = false; bool in_transaction = false; int ret; + bool am_rodc; switch (level) { case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: @@ -1697,7 +1698,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } } - if (samdb_rodc(p_state->sam_ldb)) { + ret = samdb_rodc(p_state->sam_ldb, &am_rodc); + if (ret == LDB_SUCCESS && am_rodc) { return NT_STATUS_NO_SUCH_DOMAIN; } |