From f9d10a304d0197cc1ef5b14ab523d6462040088a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 11 Aug 2011 15:40:53 +1000 Subject: s4-dsdb: calculate validFSMOs at runtime instead of pre-computing this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/rootdse.c | 75 +++++++++++++++++++------------- 1 file changed, 45 insertions(+), 30 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/rootdse.c') diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 2499e82ad3..cfd75e8c43 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -170,6 +170,37 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m return LDB_SUCCESS; } +/* + see if we are master for a FSMO role + */ +static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *dn, bool *master, + struct ldb_request *parent) +{ + const char *attrs[] = { "fSMORoleOwner", NULL }; + TALLOC_CTX *tmp_ctx = talloc_new(parent); + struct ldb_result *res; + int ret; + struct ldb_dn *owner_dn; + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, + dn, attrs, DSDB_FLAG_NEXT_MODULE, parent); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + owner_dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module), + tmp_ctx, res->msgs[0], "fSMORoleOwner"); + if (!owner_dn) { + *master = false; + talloc_free(tmp_ctx); + return LDB_SUCCESS; + } + + *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module))) == 0); + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} /* add dynamically generated attributes to rootDSE result @@ -190,6 +221,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms "rootDomainNamingContext", "schemaNamingContext", "serverName", + "validFSMOs", NULL }; @@ -346,38 +378,21 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } if (do_attribute_explicit(attrs, "validFSMOs")) { - const struct dsdb_naming_fsmo *naming_fsmo; - const struct dsdb_pdc_fsmo *pdc_fsmo; - const char *dn_str; - - if (schema && schema->fsmo.we_are_master) { - dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(ldb)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } - } - } + struct ldb_dn *dns[3]; - naming_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_naming_fsmo"), - struct dsdb_naming_fsmo); - if (naming_fsmo && naming_fsmo->we_are_master) { - dn_str = ldb_dn_get_linearized(samdb_partitions_dn(ldb, msg)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } - } - } + dns[0] = ldb_get_schema_basedn(ldb); + dns[1] = samdb_partitions_dn(ldb, msg); + dns[2] = ldb_get_default_basedn(ldb); - pdc_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_pdc_fsmo"), - struct dsdb_pdc_fsmo); - if (pdc_fsmo && pdc_fsmo->we_are_master) { - dn_str = ldb_dn_get_linearized(ldb_get_default_basedn(ldb)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } + for (i=0; i<3; i++) { + bool master; + int ret = dsdb_module_we_are_master(module, dns[i], &master, req); + if (ret != LDB_SUCCESS) { + goto failed; + } + if (master && ldb_msg_add_fmt(msg, "validFSMOs", "%s", + ldb_dn_get_linearized(dns[i])) != LDB_SUCCESS) { + goto failed; } } } -- cgit