From 57bcdf008fa44d4c550819cbceada968b11be63c Mon Sep 17 00:00:00 2001 From: Fernando J V da Silva Date: Thu, 15 Apr 2010 17:37:40 -0300 Subject: s4-drs: samdb_is_rodc() function and new samdb_rodc() function This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell --- source4/dsdb/common/util.c | 73 ++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 32 deletions(-) (limited to 'source4/dsdb/common/util.c') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 30cb5c5c99..842f56b3ed 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2618,50 +2618,59 @@ int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1, return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id); } + /* - see if we are a RODC + see if a computer identified by its invocationId is a RODC */ -bool samdb_rodc(struct ldb_context *sam_ctx) -{ - TALLOC_CTX *tmp_ctx; - const char *obj_category; - struct ldb_dn *obj_category_dn; - const struct ldb_val *obj_category_dn_rdn_val; +int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *invocationId, bool *is_rodc) +{ + /* 1) find the DN for this servers NTDSDSA object + 2) search for the msDS-isRODC attribute + 3) if not present then not a RODC + 4) if present and TRUE then is a RODC + */ + struct ldb_dn *config_dn; + const char *attrs[] = { "msDS-isRODC", NULL }; + int ret; + struct ldb_result *res; + TALLOC_CTX *tmp_ctx = talloc_new(sam_ctx); - tmp_ctx = talloc_new(sam_ctx); - if (tmp_ctx == NULL) { - DEBUG(1,("samdb_rodc: Failed to talloc new context.\n")); - goto failed; + config_dn = samdb_config_dn(sam_ctx); + if (!config_dn) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; } - obj_category = samdb_ntds_object_category(tmp_ctx, sam_ctx); - if (!obj_category) { - DEBUG(1,("samdb_rodc: Failed to get object category.\n")); - goto failed; + ret = dsdb_search(sam_ctx, tmp_ctx, &res, config_dn, LDB_SCOPE_SUBTREE, attrs, + DSDB_SEARCH_ONE_ONLY, "invocationID=%s", GUID_string(tmp_ctx, invocationId)); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; } - obj_category_dn = ldb_dn_new(tmp_ctx, sam_ctx, obj_category); - if (!obj_category_dn) { - DEBUG(1,("samdb_rodc: Failed to create object category dn.\n")); - goto failed; - } + ret = ldb_msg_find_attr_as_bool(res->msgs[0], "msDS-isRODC", 0); + *is_rodc = (ret == 1); - obj_category_dn_rdn_val = ldb_dn_get_rdn_val(obj_category_dn); - if (!obj_category_dn_rdn_val) { - DEBUG(1, ("samdb_rodc: Failed to get object category dn rdn value.\n")); - goto failed; - } + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} - if (strequal((const char*)obj_category_dn_rdn_val->data, "NTDS-DSA-RO")) { - talloc_free(tmp_ctx); - return true; - } -failed: - talloc_free(tmp_ctx); - return false; +/* + see if we are a RODC +*/ +int samdb_rodc(struct ldb_context *sam_ctx, bool *am_rodc) +{ + const struct GUID *invocationId; + invocationId = samdb_ntds_invocation_id(sam_ctx); + if (!invocationId) { + return LDB_ERR_OPERATIONS_ERROR; + } + return samdb_is_rodc(sam_ctx, invocationId, am_rodc); } + + /* return NTDS options flags. See MS-ADTS 7.1.1.2.2.1.2.1.1 -- cgit