}
}
+ if (dsdb_flags & DSDB_MODIFY_PARTIAL_REPLICA) {
+ ret = ldb_request_add_control(req, DSDB_CONTROL_PARTIAL_REPLICA, false, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
return LDB_SUCCESS;
}
}
return NT_STATUS_UNSUCCESSFUL;
}
+
+
+/*
+ create a new naming context that will hold a partial replica
+ */
+int dsdb_create_partial_replica_NC(struct ldb_context *ldb, struct ldb_dn *dn)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ struct ldb_message *msg;
+ int ret;
+
+ msg = ldb_msg_new(tmp_ctx);
+ if (msg == NULL) {
+ talloc_free(tmp_ctx);
+ return ldb_oom(ldb);
+ }
+
+ msg->dn = dn;
+ ret = ldb_msg_add_string(msg, "objectClass", "top");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ldb_oom(ldb);
+ }
+
+ /* [MS-DRSR] implies that we should only add the 'top'
+ * objectclass, but that would cause lots of problems with our
+ * objectclass code as top is not structural, so we add
+ * 'domainDNS' as well to keep things sane. We're expecting
+ * this new NC to be of objectclass domainDNS after
+ * replication anyway
+ */
+ ret = ldb_msg_add_string(msg, "objectClass", "domainDNS");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ldb_oom(ldb);
+ }
+
+ ret = ldb_msg_add_fmt(msg, "instanceType", "%u",
+ INSTANCE_TYPE_IS_NC_HEAD|
+ INSTANCE_TYPE_NC_ABOVE|
+ INSTANCE_TYPE_UNINSTANT);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ldb_oom(ldb);
+ }
+
+ ret = dsdb_add(ldb, msg, DSDB_MODIFY_PARTIAL_REPLICA);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,("Failed to create new NC for %s - %s\n",
+ ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ DEBUG(1,("Created new NC for %s\n", ldb_dn_get_linearized(dn)));
+
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
#define DSDB_PROVISION 0x0800
#define DSDB_BYPASS_PASSWORD_HASH 0x1000
#define DSDB_SEARCH_NO_GLOBAL_CATALOG 0x2000
+#define DSDB_MODIFY_PARTIAL_REPLICA 0x4000
bool is_attr_in_list(const char * const * attrs, const char *attr);
return WERR_OK;
}
-/*
- create a new naming context via a DsAddEntry() with a nCName in a
- crossRef object
- */
-static WERROR dsdb_origin_create_NC(struct ldb_context *ldb,
- struct ldb_dn *dn)
-{
- TALLOC_CTX *tmp_ctx = talloc_new(ldb);
- struct ldb_message *msg;
- int ret;
-
- msg = ldb_msg_new(tmp_ctx);
- W_ERROR_HAVE_NO_MEMORY_AND_FREE(msg, tmp_ctx);
-
- msg->dn = dn;
- ret = ldb_msg_add_string(msg, "objectClass", "top");
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return WERR_NOMEM;
- }
-
- /* [MS-DRSR] implies that we should only add the 'top'
- * objectclass, but that would cause lots of problems with our
- * objectclass code as top is not structural, so we add
- * 'domainDNS' as well to keep things sane. We're expecting
- * this new NC to be of objectclass domainDNS after
- * replication anyway
- */
- ret = ldb_msg_add_string(msg, "objectClass", "domainDNS");
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return WERR_NOMEM;
- }
-
- ret = ldb_msg_add_fmt(msg, "instanceType", "%u",
- INSTANCE_TYPE_IS_NC_HEAD|
- INSTANCE_TYPE_NC_ABOVE|
- INSTANCE_TYPE_UNINSTANT);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return WERR_NOMEM;
- }
-
- ret = dsdb_add(ldb, msg, 0);
- if (ret != LDB_SUCCESS) {
- DEBUG(0,("Failed to create new NC for %s - %s\n",
- ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
- talloc_free(tmp_ctx);
- return WERR_NOMEM;
- }
-
- DEBUG(1,("Created new NC for %s\n", ldb_dn_get_linearized(dn)));
-
- talloc_free(tmp_ctx);
- return WERR_OK;
-}
-
-
WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct drsuapi_DsReplicaObjectListItem *first_object,
if (!ldb_dn_validate(nc_dn)) {
continue;
}
- status = dsdb_origin_create_NC(ldb, nc_dn);
- if (!W_ERROR_IS_OK(status)) {
+ ret = dsdb_create_partial_replica_NC(ldb, nc_dn);
+ if (ret != LDB_SUCCESS) {
+ status = WERR_DS_INTERNAL_FAILURE;
goto cancel;
}
}
#include "librpc/gen_ndr/ndr_misc.h"
#include "dsdb/samdb/samdb.h"
#include "../libds/common/flags.h"
+#include "dsdb/common/util.h"
struct np_context {
struct ldb_module *module;
ret = ldb_build_extended_req(&ac->part_add,
ldb, ac, DSDB_EXTENDED_CREATE_PARTITION_OID, ex_op,
NULL, ac, np_part_mod_callback, req);
+
+ /* if the parent was asking for a partial replica, then we
+ * need the extended operation to also ask for a partial
+ * replica */
+ if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) {
+ ret = dsdb_request_add_controls(ac->part_add, DSDB_MODIFY_PARTIAL_REPLICA);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
LDB_REQ_SET_LOCATION(ac->part_add);
if (ret != LDB_SUCCESS) {
if (ret != LDB_SUCCESS) {
return ret;
}
+
+ if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) {
+ /* this new partition is a partial replica */
+ ret = ldb_msg_add_empty(mod_msg, "partialReplica", LDB_FLAG_MOD_ADD, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ ret = ldb_msg_add_fmt(mod_msg, "partialReplica", "%s", ldb_dn_get_linearized(dn));
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
/* Perform modify on @PARTITION record */
ret = ldb_build_mod_req(&mod_req, ldb, req, mod_msg, NULL, NULL,
/* passed when we want to get the behaviour of the non-global catalog port */
#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
+/* passed when we want special behaviour for partial replicas */
+#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18"
+
struct dsdb_control_password_change {
const struct samr_Password *old_nt_pwd_hash;
const struct samr_Password *old_lm_pwd_hash;
#Allocated: (not used anymore) DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15
#Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16
#Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
+#Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
# Extended 1.3.6.1.4.1.7165.4.4.x
#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
git.samba.org / kai / samba.git / commitdiff