git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5630e25)
dsdb: Allocate new OID to allow updates of a read-only replica
authorAndrew Bartlett <abartlet@samba.org>
Wed, 18 Jul 2012 07:13:30 +0000 (17:13 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 18 Jul 2012 07:32:53 +0000 (09:32 +0200)
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.

Andrew Bartlett

source4/dsdb/pydsdb.c patch | blob | history
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c patch | blob | history
source4/dsdb/samdb/ldb_modules/repl_meta_data.c patch | blob | history
source4/dsdb/samdb/samdb.h patch | blob | history
source4/setup/schema_samba4.ldif patch | blob | history

diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index f63d71e2d092886a2c322c6717882b79d449c29f..b9e1dd742c5437102161f225ea5d9876b00abe5c 100644 (file)
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -1269,6 +1269,7 @@ void initdsdb(void)
        ADD_DSDB_STRING(DSDB_SYNTAX_STRING_DN);
        ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);
        ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);
+       ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);
 
        ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
        ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index e50c8e23690a15a690c0e059c2078317c78c11e8..c521f332ae288a3651cce437d7499570cc291436 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -408,10 +408,14 @@ static int attr_handler2(struct oc_context *ac)
                        found = str_list_check(harmless_attrs, attr->lDAPDisplayName);
                }
                if (!found) {
-                       ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
-                                              msg->elements[i].name,
-                                              ldb_dn_get_linearized(msg->dn));
-                       return LDB_ERR_OBJECT_CLASS_VIOLATION;
+                       /* we allow this for dbcheck to fix the rest of this broken entry */
+                       if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) || 
+                           ac->req->operation == LDB_ADD) {
+                               ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
+                                                      msg->elements[i].name,
+                                                      ldb_dn_get_linearized(msg->dn));
+                               return LDB_ERR_OBJECT_CLASS_VIOLATION;
+                       }
                }
        }
 
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 1dc7ea057c618fe5918b1c6d40e643fd183bda40..6f26299c6a8d79177235050fe94bc69af203594d 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1391,7 +1391,8 @@ static int replmd_update_rpmd(struct ldb_module *module,
                struct ldb_message_element *el;
 
                /*if we are RODC and this is a DRSR update then its ok*/
-               if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+               if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)
+                   && !ldb_request_get_control(req, DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)) {
                        unsigned instanceType;
 
                        ret = samdb_rodc(ldb, rodc);
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 5422218059f58967d24de2d18f32912397d09b98..c4cb3bdb480031986ffa3208717dfb1555d3a894 100644 (file)
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -122,6 +122,9 @@ struct dsdb_control_password_change {
 /* passed when we want special behaviour for dbcheck */
 #define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
 
+/* passed when dbcheck wants to modify a read only replica (very special case) */
+#define DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA "1.3.6.1.4.1.7165.4.3.19.1"
+
 /* passed when importing plain text password on upgrades */
 #define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
 
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 3d004c5ab17aa7ab6a1b1c3e434be04610730fa1..0c5c7872e3c0e0838c343ac63b5b2016317ec63b 100644 (file)
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -194,6 +194,7 @@
 #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
 #Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
 #Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
+#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1
 #Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
 
 # Extended 1.3.6.1.4.1.7165.4.4.x
Work in progress branches