From: Andrew Bartlett Date: Wed, 25 Jan 2023 02:24:01 +0000 (+1300) Subject: s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET X-Git-Tag: tevent-0.14.1~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09ec6a1db2d3b831548bf7d66475c486be29b1d1;p=thirdparty%2Fsamba.git s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET We need to find the RODC per the destination_dsa_guid to mark the secrets as having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under the CN=Configuration partition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index e2d0781fc4a..0e4272a9b62 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -1188,9 +1188,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, { struct drsuapi_DsReplicaObjectIdentifier *ncRoot = req10->naming_context; struct ldb_dn *obj_dn = NULL; + struct ldb_message *ntds_msg = NULL; struct ldb_dn *ntds_dn = NULL, *server_dn = NULL; struct ldb_dn *rodc_dn, *krbtgt_link_dn; int ret; + const char *ntds_attrs[] = { NULL }; const char *rodc_attrs[] = { "msDS-KrbTgtLink", "msDS-NeverRevealGroup", "msDS-RevealOnDemandGroup", @@ -1223,13 +1225,17 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, * * If we are the RODC, we will check that this matches the SID. */ - ret = dsdb_find_dn_by_guid(b_state->sam_ctx_system, mem_ctx, - &req10->destination_dsa_guid, 0, - &ntds_dn); + ret = samdb_get_ntds_obj_by_guid(mem_ctx, + b_state->sam_ctx_system, + &req10->destination_dsa_guid, + ntds_attrs, + &ntds_msg); if (ret != LDB_SUCCESS) { goto failed; } + ntds_dn = ntds_msg->dn; + server_dn = ldb_dn_get_parent(mem_ctx, ntds_dn); if (server_dn == NULL) { goto failed;