return ret;
}
- status = dsdb_get_extended_dn_guid(referenced_dn, &referenced_guid, "GUID");
+ ret = samdb_dn_is_our_ntdsa(ldb, referenced_dn, is_ntdsa);
+
talloc_free(tmp_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
-
- our_ntds_guid = samdb_ntds_objectGUID(ldb);
- if (!our_ntds_guid) {
- DEBUG(0, ("Failed to find our NTDS Settings GUID for comparison with %s on %s - %s\n", attribute, ldb_dn_get_linearized(base), ldb_errstring(ldb)));
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- *is_ntdsa = GUID_equal(&referenced_guid, our_ntds_guid);
- return LDB_SUCCESS;
+ return ret;
}
/*
irpc_send_reply(fsmo->msg, NT_STATUS_OK);
}
-static bool fsmo_master_equal(struct ldb_dn *ntds_dn, struct ldb_dn *role_owner_dn)
-{
- if (ldb_dn_compare(ntds_dn, role_owner_dn) == 0) {
- DEBUG(0,("\nWe are the FSMO master.\n"));
- return true;
- }
- return false;
-}
-
/*
see which role is we are asked to assume, initialize data and send request
*/
{
struct dreplsrv_service *service = talloc_get_type(msg->private_data,
struct dreplsrv_service);
- struct ldb_dn *role_owner_dn, *fsmo_role_dn, *ntds_dn;
+ struct ldb_dn *role_owner_dn, *fsmo_role_dn;
TALLOC_CTX *tmp_ctx = talloc_new(service);
uint64_t fsmo_info = 0;
enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE;
WERROR werr;
enum drepl_role_master role = r->in.role;
struct fsmo_role_state *fsmo;
-
- ntds_dn = samdb_ntds_settings_dn(service->samdb, tmp_ctx);
- if (!ntds_dn) {
- talloc_free(tmp_ctx);
- r->out.result = WERR_DS_DRA_INTERNAL_ERROR;
- return NT_STATUS_OK;
- }
+ bool is_us;
+ int ret;
werr = dsdb_get_fsmo_role_info(tmp_ctx, service->samdb, role,
&fsmo_role_dn, &role_owner_dn);
return NT_STATUS_OK;
}
- if (fsmo_master_equal(ntds_dn, role_owner_dn) ||
+ ret = samdb_dn_is_our_ntdsa(service->samdb, role_owner_dn, &is_us);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,("FSMO role check failed (failed to confirm if our ntdsDsa) for DN %s and owner %s \n",
+ ldb_dn_get_linearized(fsmo_role_dn),
+ ldb_dn_get_linearized(role_owner_dn)));
+ talloc_free(tmp_ctx);
+ r->out.result = WERR_DS_DRA_INTERNAL_ERROR;
+ return NT_STATUS_OK;
+ }
+
+ if (is_us ||
(extended_op == DRSUAPI_EXOP_NONE)) {
DEBUG(0,("FSMO role check failed for DN %s and owner %s \n",
ldb_dn_get_linearized(fsmo_role_dn),
WERROR werr;
int ret;
uint64_t alloc_pool;
+ bool is_us;
if (service->am_rodc) {
talloc_free(tmp_ctx);
return WERR_DS_DRA_INTERNAL_ERROR;
}
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) == 0) {
+ ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find detrmine if %s is our ntdsDsa object - %s\n",
+ ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ if (is_us) {
/* we are the RID Manager - no need to do a
DRSUAPI_EXOP_FSMO_RID_ALLOC */
talloc_free(tmp_ctx);
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct GUID fsmo_role_guid, *our_ntds_guid;
+ NTSTATUS status;
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
return ret;
}
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) {
+ status = dsdb_get_extended_dn_guid(fsmo_role_dn, &fsmo_role_guid, "GUID");
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb_module_get_ctx(module));
+ }
+
+ our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module));
+ if (!our_ntds_guid) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb_module_get_ctx(module));
+ }
+
+ if (!GUID_equal(&fsmo_role_guid, our_ntds_guid)) {
ridalloc_poke_rid_manager(module);
ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
talloc_free(tmp_ctx);
struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
int ret;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool is_us;
/* work out who is the RID Manager */
ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
return ret;
}
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), fsmo_role_dn) != 0) {
+ ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to confirm if our ntdsDsa is %s: %s",
+ ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (!is_us) {
ridalloc_poke_rid_manager(module);
ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
talloc_free(tmp_ctx);
struct ldb_dn *owner_dn;
ret = dsdb_module_search_dn(module, tmp_ctx, &res,
- dn, attrs, DSDB_FLAG_NEXT_MODULE, parent);
+ dn, attrs, DSDB_FLAG_NEXT_MODULE|DSDB_SEARCH_SHOW_EXTENDED_DN, parent);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
return LDB_SUCCESS;
}
- *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module), tmp_ctx)) == 0);
+ ret = samdb_dn_is_our_ntdsa(ldb_module_get_ctx(module), dn, master);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to confirm if our ntdsDsa is %s: %s",
+ ldb_dn_get_linearized(owner_dn), ldb_errstring(ldb_module_get_ctx(module)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}