summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorFernando J V da Silva <fernandojvsilva@yahoo.com.br>2010-04-15 17:37:40 -0300
committerAndrew Tridgell <tridge@samba.org>2010-04-22 19:36:15 +1000
commit57bcdf008fa44d4c550819cbceada968b11be63c (patch)
treec404018cef84c2e07b26a48f7618cfa31b76c622 /source4/rpc_server
parentc023fc217ed370e5c890c1984da533e0133060d9 (diff)
downloadsamba-57bcdf008fa44d4c550819cbceada968b11be63c.tar.gz
samba-57bcdf008fa44d4c550819cbceada968b11be63c.tar.bz2
samba-57bcdf008fa44d4c550819cbceada968b11be63c.zip
s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c14
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c4
2 files changed, 16 insertions, 2 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index e70e863c36..56c061d2e8 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -684,6 +684,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
uint32_t options;
uint32_t max_objects;
struct ldb_dn *search_dn = NULL;
+ bool am_rodc;
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
@@ -699,7 +700,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
r->out.ctr->ctr6.uptodateness_vector = NULL;
/* a RODC doesn't allow for any replication */
- if (samdb_rodc(b_state->sam_ctx)) {
+ ret = samdb_rodc(b_state->sam_ctx, &am_rodc);
+ if (ret == LDB_SUCCESS && am_rodc) {
DEBUG(0,(__location__ ": DsGetNCChanges attempt on RODC\n"));
return WERR_DS_DRA_SOURCE_DISABLED;
}
@@ -733,6 +735,16 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return WERR_DS_DRA_SOURCE_DISABLED;
}
+ if (req8->replica_flags & DRSUAPI_DRS_WRIT_REP) {
+ bool is_rodc;
+ ret = samdb_is_rodc(b_state->sam_ctx, &req8->source_dsa_invocation_id, &is_rodc);
+ if (ret != LDB_SUCCESS || is_rodc) {
+ DEBUG(0,(__location__ ": Attempt to do writeable replication by RODC %s\n",
+ GUID_string(mem_ctx, &req8->source_dsa_invocation_id)));
+ return WERR_DS_DRA_INVALID_PARAMETER;
+ }
+ }
+
if (req8->replica_flags & DRSUAPI_DRS_FULL_SYNC_PACKET) {
/* Ignore the _in_ uptpdateness vector*/
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 792b016e93..e683348140 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1636,6 +1636,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
bool del_incoming = false;
bool in_transaction = false;
int ret;
+ bool am_rodc;
switch (level) {
case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
@@ -1697,7 +1698,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
}
}
- if (samdb_rodc(p_state->sam_ldb)) {
+ ret = samdb_rodc(p_state->sam_ldb, &am_rodc);
+ if (ret == LDB_SUCCESS && am_rodc) {
return NT_STATUS_NO_SUCH_DOMAIN;
}