diff options
-rw-r--r-- | source4/dsdb/common/util.c | 68 | ||||
-rw-r--r-- | source4/dsdb/repl/drepl_out_helpers.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 2 |
3 files changed, 63 insertions, 9 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index cc75f7fdc9..faa96e6219 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2674,15 +2674,47 @@ int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1, /* see if we are a RODC - - TODO: This should take a sam_ctx, and lookup the right object (with - a cache) */ -bool samdb_rodc(struct loadparm_context *lp_ctx) +bool samdb_rodc(struct ldb_context *sam_ctx) { - return lp_parm_bool(lp_ctx, NULL, "repl", "RODC", false); -} + TALLOC_CTX *tmp_ctx; + const char *obj_category; + struct ldb_dn *obj_category_dn; + const struct ldb_val *obj_category_dn_rdn_val; + + tmp_ctx = talloc_new(sam_ctx); + if (tmp_ctx == NULL) { + DEBUG(1,("samdb_rodc: Failed to talloc new context.\n")); + goto failed; + } + + obj_category = samdb_ntds_object_category(tmp_ctx, sam_ctx); + if (!obj_category) { + DEBUG(1,("samdb_rodc: Failed to get object category.\n")); + goto failed; + } + + obj_category_dn = ldb_dn_new(tmp_ctx, sam_ctx, obj_category); + if (!obj_category_dn) { + DEBUG(1,("samdb_rodc: Failed to create object category dn.\n")); + goto failed; + } + obj_category_dn_rdn_val = ldb_dn_get_rdn_val(obj_category_dn); + if (!obj_category_dn_rdn_val) { + DEBUG(1, ("samdb_rodc: Failed to get object category dn rdn value.\n")); + goto failed; + } + + if (strequal((const char*)obj_category_dn_rdn_val->data, "NTDS-DSA-RO")) { + talloc_free(tmp_ctx); + return true; + } + +failed: + talloc_free(tmp_ctx); + return false; +} /* return NTDS options flags. See MS-ADTS 7.1.1.2.2.1.2.1.1 @@ -2717,11 +2749,33 @@ int samdb_ntds_options(struct ldb_context *ldb, uint32_t *options) return LDB_SUCCESS; failed: - DEBUG(1,("Failed to find our own NTDS Settings objectGUID in the ldb!\n")); + DEBUG(1,("Failed to find our own NTDS Settings options in the ldb!\n")); talloc_free(tmp_ctx); return LDB_ERR_NO_SUCH_OBJECT; } +const char* samdb_ntds_object_category(TALLOC_CTX *tmp_ctx, struct ldb_context *ldb) +{ + const char *attrs[] = { "objectCategory", NULL }; + int ret; + struct ldb_result *res; + + ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, attrs, NULL); + if (ret) { + goto failed; + } + + if (res->count != 1) { + goto failed; + } + + return samdb_result_string(res->msgs[0], "objectCategory", NULL); + +failed: + DEBUG(1,("Failed to find our own NTDS Settings objectCategory in the ldb!\n")); + return NULL; +} + /* * Function which generates a "lDAPDisplayName" attribute from a "CN" one. * Algorithm implemented according to MS-ADTS 3.1.1.2.3.4 diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 7b819ac4c3..422617082a 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -548,7 +548,7 @@ static void dreplsrv_update_refs_trigger(struct tevent_req *req) r->in.req.req1.dest_dsa_dns_name = ntds_dns_name; r->in.req.req1.dest_dsa_guid = service->ntds_guid; r->in.req.req1.options = DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_DEL_REF; - if (!samdb_rodc(service->task->lp_ctx)) { + if (!samdb_rodc(service->samdb)) { r->in.req.req1.options |= DRSUAPI_DRS_WRIT_REP; } diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index ac277e58b8..c65d10d35c 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -692,7 +692,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ r->out.ctr->ctr6.uptodateness_vector = NULL; /* a RODC doesn't allow for any replication */ - if (samdb_rodc(ldb_get_opaque(b_state->sam_ctx, "loadparm"))) { + if (samdb_rodc(b_state->sam_ctx)) { DEBUG(0,(__location__ ": DsGetNCChanges attempt on RODC\n")); return WERR_DS_DRA_SOURCE_DISABLED; } |