From 25d4bafca7245e3f8291e5f0f304b1b4f8ce5600 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 21 Sep 2013 14:33:21 -0700
Subject: dsdb: Refuse to replicate an all-zero invocationID GUID in
 replPropertyMetaData

This matches Windows 2008R2.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source4/dsdb/repl/replicated_objects.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index e018aa4e77..d1d69fa8f8 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -427,6 +427,15 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 			continue;
 		}
 
+		if (GUID_all_zero(&d->originating_invocation_id)) {
+			status = WERR_DS_SRC_GUID_MISMATCH;
+			DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n",
+				  a->attid,
+				  ldb_dn_get_linearized(msg->dn),
+				  win_errstr(status)));
+			return status;
+		}
+
 		if (a->attid == DRSUAPI_ATTID_instanceType) {
 			if (instanceType_e != NULL) {
 				return WERR_FOOBAR;
-- 
cgit