summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-09-18 14:27:26 -0700
committerAndrew Bartlett <abartlet@samba.org>2013-09-19 12:25:41 -0700
commita623359fb8a54083b81436d14b7ba022c11efb18 (patch)
treeb7fbf88263da9ee7144c6c7497ee577bf2f66b52 /source4
parent6965f918c04328535c55a0ef9b7fe6392fba193a (diff)
downloadsamba-a623359fb8a54083b81436d14b7ba022c11efb18.tar.gz
samba-a623359fb8a54083b81436d14b7ba022c11efb18.tar.bz2
samba-a623359fb8a54083b81436d14b7ba022c11efb18.zip
python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/common/util.c2
-rw-r--r--source4/dsdb/pydsdb.c5
-rw-r--r--source4/libnet/py_net.c17
3 files changed, 20 insertions, 4 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 7a243c3d37..55bd73e424 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1302,6 +1302,7 @@ const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
/* see if we have a cached copy */
invocation_id = (struct GUID *)ldb_get_opaque(ldb, "cache.invocation_id");
if (invocation_id) {
+ SMB_ASSERT(!GUID_all_zero(invocation_id));
return invocation_id;
}
@@ -1362,6 +1363,7 @@ bool samdb_set_ntds_invocation_id(struct ldb_context *ldb, const struct GUID *in
goto failed;
}
+ SMB_ASSERT(!GUID_all_zero(invocation_id_in));
*invocation_id_new = *invocation_id_in;
/* cache the domain_sid in the ldb */
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 99e239e60c..c9e80c2f1b 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -727,6 +727,11 @@ static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
PyErr_LDB_OR_RAISE(py_ldb, ldb);
GUID_from_string(PyString_AsString(py_guid), &guid);
+ if (GUID_all_zero(&guid)) {
+ PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id rejected due to all-zero invocation ID");
+ return NULL;
+ }
+
ret = samdb_set_ntds_invocation_id(ldb, &guid);
if (!ret) {
PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index acb0a37759..7981aad022 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -22,6 +22,7 @@
#include <Python.h>
#include "includes.h"
#include <pyldb.h>
+#include <pytalloc.h>
#include "libnet.h"
#include "auth/credentials/pycredentials.h"
#include "libcli/security/security.h"
@@ -33,6 +34,7 @@
#include "libcli/finddc.h"
#include "dsdb/samdb/samdb.h"
#include "py_net.h"
+#include "librpc/rpc/pyrpc_util.h"
void initnet(void);
@@ -363,16 +365,17 @@ struct replicate_state {
*/
static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
{
- const char *kwnames[] = { "samdb", "lp", "drspipe", NULL };
- PyObject *py_ldb, *py_lp, *py_drspipe;
+ const char *kwnames[] = { "samdb", "lp", "drspipe", "invocation_id", NULL };
+ PyObject *py_ldb, *py_lp, *py_drspipe, *py_invocation_id;
struct ldb_context *samdb;
struct loadparm_context *lp;
struct replicate_state *s;
NTSTATUS status;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOO",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOO",
discard_const_p(char *, kwnames),
- &py_ldb, &py_lp, &py_drspipe)) {
+ &py_ldb, &py_lp, &py_drspipe,
+ &py_invocation_id)) {
return NULL;
}
@@ -392,6 +395,12 @@ static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyOb
talloc_free(s);
return NULL;
}
+ if (!py_check_dcerpc_type(py_invocation_id, "samba.dcerpc.misc", "GUID")) {
+
+ talloc_free(s);
+ return NULL;
+ }
+ s->dest_dsa.invocation_id = *pytalloc_get_type(py_invocation_id, struct GUID);
s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);