diff options
| -rw-r--r-- | source4/dsdb/repl/replicated_objects.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index ec4dffe0be..67999df573 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -202,6 +202,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, uint32_t i; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; + int instanceType; struct ldb_val guid_value; struct ldb_val parent_guid_value; NTTIME whenChanged = 0; @@ -352,12 +353,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } + instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0); if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) { /* the instanceType type for partial_replica replication is sent via DRS with TYPE_WRITE set, but must be used on the client with TYPE_WRITE removed */ - int instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0); if (instanceType & INSTANCE_TYPE_WRITE) { instanceType &= ~INSTANCE_TYPE_WRITE; ldb_msg_remove_attr(msg, "instanceType"); @@ -365,6 +366,12 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, return WERR_INTERNAL_ERROR; } } + } else { + if (!(instanceType & INSTANCE_TYPE_WRITE)) { + DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n", + ldb_dn_get_linearized(msg->dn))); + return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA; + } } whenChanged_t = nt_time_to_unix(whenChanged); |