From 108c8b758ad23cd83630b2f8adf21171e815589a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 14 Aug 2012 19:48:32 +1000 Subject: s4-dsdb: Use samdb_dn_is_our_ntdsa() This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett --- source4/dsdb/repl/drepl_fsmo.c | 32 ++++++++++++++------------------ source4/dsdb/repl/drepl_ridalloc.c | 11 ++++++++++- 2 files changed, 24 insertions(+), 19 deletions(-) (limited to 'source4/dsdb/repl') diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c index 4a1d08ac1b..0e83982ab4 100644 --- a/source4/dsdb/repl/drepl_fsmo.c +++ b/source4/dsdb/repl/drepl_fsmo.c @@ -52,15 +52,6 @@ static void drepl_role_callback(struct dreplsrv_service *service, irpc_send_reply(fsmo->msg, NT_STATUS_OK); } -static bool fsmo_master_equal(struct ldb_dn *ntds_dn, struct ldb_dn *role_owner_dn) -{ - if (ldb_dn_compare(ntds_dn, role_owner_dn) == 0) { - DEBUG(0,("\nWe are the FSMO master.\n")); - return true; - } - return false; -} - /* see which role is we are asked to assume, initialize data and send request */ @@ -69,20 +60,15 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg, { struct dreplsrv_service *service = talloc_get_type(msg->private_data, struct dreplsrv_service); - struct ldb_dn *role_owner_dn, *fsmo_role_dn, *ntds_dn; + struct ldb_dn *role_owner_dn, *fsmo_role_dn; TALLOC_CTX *tmp_ctx = talloc_new(service); uint64_t fsmo_info = 0; enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE; WERROR werr; enum drepl_role_master role = r->in.role; struct fsmo_role_state *fsmo; - - ntds_dn = samdb_ntds_settings_dn(service->samdb, tmp_ctx); - if (!ntds_dn) { - talloc_free(tmp_ctx); - r->out.result = WERR_DS_DRA_INTERNAL_ERROR; - return NT_STATUS_OK; - } + bool is_us; + int ret; werr = dsdb_get_fsmo_role_info(tmp_ctx, service->samdb, role, &fsmo_role_dn, &role_owner_dn); @@ -112,7 +98,17 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg, return NT_STATUS_OK; } - if (fsmo_master_equal(ntds_dn, role_owner_dn) || + ret = samdb_dn_is_our_ntdsa(service->samdb, role_owner_dn, &is_us); + if (ret != LDB_SUCCESS) { + DEBUG(0,("FSMO role check failed (failed to confirm if our ntdsDsa) for DN %s and owner %s \n", + ldb_dn_get_linearized(fsmo_role_dn), + ldb_dn_get_linearized(role_owner_dn))); + talloc_free(tmp_ctx); + r->out.result = WERR_DS_DRA_INTERNAL_ERROR; + return NT_STATUS_OK; + } + + if (is_us || (extended_op == DRSUAPI_EXOP_NONE)) { DEBUG(0,("FSMO role check failed for DN %s and owner %s \n", ldb_dn_get_linearized(fsmo_role_dn), diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c index c817c319f2..bd3a62b14b 100644 --- a/source4/dsdb/repl/drepl_ridalloc.c +++ b/source4/dsdb/repl/drepl_ridalloc.c @@ -168,6 +168,7 @@ WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service) WERROR werr; int ret; uint64_t alloc_pool; + bool is_us; if (service->am_rodc) { talloc_free(tmp_ctx); @@ -208,7 +209,15 @@ WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service) return WERR_DS_DRA_INTERNAL_ERROR; } - if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) == 0) { + ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us); + if (ret != LDB_SUCCESS) { + DEBUG(0,(__location__ ": Failed to find detrmine if %s is our ntdsDsa object - %s\n", + ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + if (is_us) { /* we are the RID Manager - no need to do a DRSUAPI_EXOP_FSMO_RID_ALLOC */ talloc_free(tmp_ctx); -- cgit