From 3fe8e97a7289c18903a9f481a13f8793f9f17bab Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Sep 2010 21:49:00 -0700 Subject: s4-rodc: fixed repsFrom store on RODC We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 45ef4d9961..6ae8e928b0 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1246,20 +1246,6 @@ static int replmd_update_rpmd(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - /*we have elements that will be modified*/ - if (msg->num_elements > 0) { - /*if we are RODC and this is a DRSR update then its ok*/ - if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { - ret = samdb_rodc(ldb, &rodc); - if (ret != LDB_SUCCESS) { - DEBUG(4, (__location__ ": unable to tell if we are an RODC\n")); - } else if (rodc) { - ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n"); - return LDB_ERR_REFERRAL; - } - } - } - for (i=0; inum_elements; i++) { struct ldb_message_element *old_el; old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name); @@ -1283,6 +1269,17 @@ static int replmd_update_rpmd(struct ldb_module *module, struct ldb_val *md_value; struct ldb_message_element *el; + /*if we are RODC and this is a DRSR update then its ok*/ + if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + ret = samdb_rodc(ldb, &rodc); + if (ret != LDB_SUCCESS) { + DEBUG(4, (__location__ ": unable to tell if we are an RODC\n")); + } else if (rodc) { + ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n"); + return LDB_ERR_REFERRAL; + } + } + md_value = talloc(msg, struct ldb_val); if (md_value == NULL) { ldb_oom(ldb); -- cgit