diff options
Diffstat (limited to 'source4/dsdb/repl/drepl_fsmo.c')
-rw-r--r-- | source4/dsdb/repl/drepl_fsmo.c | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c index 4a1d08ac1b..0e83982ab4 100644 --- a/source4/dsdb/repl/drepl_fsmo.c +++ b/source4/dsdb/repl/drepl_fsmo.c @@ -52,15 +52,6 @@ static void drepl_role_callback(struct dreplsrv_service *service, irpc_send_reply(fsmo->msg, NT_STATUS_OK); } -static bool fsmo_master_equal(struct ldb_dn *ntds_dn, struct ldb_dn *role_owner_dn) -{ - if (ldb_dn_compare(ntds_dn, role_owner_dn) == 0) { - DEBUG(0,("\nWe are the FSMO master.\n")); - return true; - } - return false; -} - /* see which role is we are asked to assume, initialize data and send request */ @@ -69,20 +60,15 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg, { struct dreplsrv_service *service = talloc_get_type(msg->private_data, struct dreplsrv_service); - struct ldb_dn *role_owner_dn, *fsmo_role_dn, *ntds_dn; + struct ldb_dn *role_owner_dn, *fsmo_role_dn; TALLOC_CTX *tmp_ctx = talloc_new(service); uint64_t fsmo_info = 0; enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE; WERROR werr; enum drepl_role_master role = r->in.role; struct fsmo_role_state *fsmo; - - ntds_dn = samdb_ntds_settings_dn(service->samdb, tmp_ctx); - if (!ntds_dn) { - talloc_free(tmp_ctx); - r->out.result = WERR_DS_DRA_INTERNAL_ERROR; - return NT_STATUS_OK; - } + bool is_us; + int ret; werr = dsdb_get_fsmo_role_info(tmp_ctx, service->samdb, role, &fsmo_role_dn, &role_owner_dn); @@ -112,7 +98,17 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg, return NT_STATUS_OK; } - if (fsmo_master_equal(ntds_dn, role_owner_dn) || + ret = samdb_dn_is_our_ntdsa(service->samdb, role_owner_dn, &is_us); + if (ret != LDB_SUCCESS) { + DEBUG(0,("FSMO role check failed (failed to confirm if our ntdsDsa) for DN %s and owner %s \n", + ldb_dn_get_linearized(fsmo_role_dn), + ldb_dn_get_linearized(role_owner_dn))); + talloc_free(tmp_ctx); + r->out.result = WERR_DS_DRA_INTERNAL_ERROR; + return NT_STATUS_OK; + } + + if (is_us || (extended_op == DRSUAPI_EXOP_NONE)) { DEBUG(0,("FSMO role check failed for DN %s and owner %s \n", ldb_dn_get_linearized(fsmo_role_dn), |