From: Andrew Bartlett Date: Tue, 15 Mar 2016 02:15:07 +0000 (+1300) Subject: repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero... X-Git-Tag: tdb-1.3.10~975 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7773116f9074d2ee89aa1828bf6a3807680d9370;p=thirdparty%2Fsamba.git repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 54a9572cfff..8d5332b7cfd 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -4802,6 +4802,7 @@ static int replmd_replicated_apply_search_callback(struct ldb_request *req, const struct ldb_val *omd_value; struct replPropertyMetaDataBlob *rmd; struct ldb_message *msg; + int instanceType; ar->objs->objects[ar->index_current].local_parent_dn = NULL; ar->objs->objects[ar->index_current].last_known_parent = NULL; @@ -4846,11 +4847,26 @@ static int replmd_replicated_apply_search_callback(struct ldb_request *req, ar->local_parent_guid = samdb_result_guid(ar->search_msg, "parentGUID"); + instanceType = ldb_msg_find_attr_as_int(ar->search_msg, "instanceType", 0); + if (((instanceType & INSTANCE_TYPE_IS_NC_HEAD) == 0) + && GUID_all_zero(&ar->local_parent_guid)) { + DEBUG(0, ("Refusing to replicate new version of %s " + "as local object has an all-zero parentGUID attribute, " + "despite not being an NC root\n", + ldb_dn_get_linearized(ar->search_msg->dn))); + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + /* * now we need to check for double renames. We could have a * local rename pending which our replication partner hasn't * received yet. We choose which one wins by looking at the - * attribute stamps on the two objects, the newer one wins + * attribute stamps on the two objects, the newer one wins. + * + * This also simply applies the correct algorithms for + * determining if a change was made to name at all, or + * if the object has just been renamed under the same + * parent. */ md_remote = replmd_replPropertyMetaData1_find_attid(rmd, DRSUAPI_ATTID_name); md_local = replmd_replPropertyMetaData1_find_attid(&omd, DRSUAPI_ATTID_name);