From 108c8b758ad23cd83630b2f8adf21171e815589a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 14 Aug 2012 19:48:32 +1000 Subject: s4-dsdb: Use samdb_dn_is_our_ntdsa() This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/ridalloc.c | 27 +++++++++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/rootdse.c | 11 +++++++++-- 2 files changed, 34 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c index 915248c440..d0266eda8a 100644 --- a/source4/dsdb/samdb/ldb_modules/ridalloc.c +++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c @@ -388,6 +388,8 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me struct ldb_dn *rid_manager_dn, *fsmo_role_dn; int ret; struct ldb_context *ldb = ldb_module_get_ctx(module); + struct GUID fsmo_role_guid, *our_ntds_guid; + NTSTATUS status; /* work out who is the RID Manager */ ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent); @@ -407,7 +409,19 @@ static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *me return ret; } - if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) { + status = dsdb_get_extended_dn_guid(fsmo_role_dn, &fsmo_role_guid, "GUID"); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return ldb_operr(ldb_module_get_ctx(module)); + } + + our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module)); + if (!our_ntds_guid) { + talloc_free(tmp_ctx); + return ldb_operr(ldb_module_get_ctx(module)); + } + + if (!GUID_equal(&fsmo_role_guid, our_ntds_guid)) { ridalloc_poke_rid_manager(module); ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); @@ -429,6 +443,7 @@ static int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool, struct ldb_dn *rid_manager_dn, *fsmo_role_dn; int ret; struct ldb_context *ldb = ldb_module_get_ctx(module); + bool is_us; /* work out who is the RID Manager */ ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent); @@ -448,7 +463,15 @@ static int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool, return ret; } - if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) { + ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "Failed to confirm if our ntdsDsa is %s: %s", + ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb)); + talloc_free(tmp_ctx); + return ret; + } + + if (!is_us) { ridalloc_poke_rid_manager(module); ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh"); talloc_free(tmp_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 9ae5b20eb1..0668d1ad13 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -183,7 +183,7 @@ static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *d struct ldb_dn *owner_dn; ret = dsdb_module_search_dn(module, tmp_ctx, &res, - dn, attrs, DSDB_FLAG_NEXT_MODULE, parent); + dn, attrs, DSDB_FLAG_NEXT_MODULE|DSDB_SEARCH_SHOW_EXTENDED_DN, parent); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; @@ -197,7 +197,14 @@ static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *d return LDB_SUCCESS; } - *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module), tmp_ctx)) == 0); + ret = samdb_dn_is_our_ntdsa(ldb_module_get_ctx(module), dn, master); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to confirm if our ntdsDsa is %s: %s", + ldb_dn_get_linearized(owner_dn), ldb_errstring(ldb_module_get_ctx(module))); + talloc_free(tmp_ctx); + return ret; + } + talloc_free(tmp_ctx); return LDB_SUCCESS; } -- cgit