From a623359fb8a54083b81436d14b7ba022c11efb18 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 18 Sep 2013 14:27:26 -0700
Subject: python/drs: Ensure to pass in the local invocationID during the
 domain join

This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/dsdb/pydsdb.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/dsdb/pydsdb.c')

diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 99e239e60c..c9e80c2f1b 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -727,6 +727,11 @@ static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
 	PyErr_LDB_OR_RAISE(py_ldb, ldb);
 	GUID_from_string(PyString_AsString(py_guid), &guid);
 
+	if (GUID_all_zero(&guid)) {
+		PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id rejected due to all-zero invocation ID");
+		return NULL;
+	}
+
 	ret = samdb_set_ntds_invocation_id(ldb, &guid);
 	if (!ret) {
 		PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
-- 
cgit