summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-07-18 17:13:30 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-07-18 09:32:53 +0200
commite4001a78c1d0b286b37e19c733cf1bbc18166818 (patch)
treebb2099eaa6998935660d83ec2219e891bc9b411a
parent5630e25a35ea95ca848281933a5a3a96306986a4 (diff)
downloadsamba-e4001a78c1d0b286b37e19c733cf1bbc18166818.tar.gz
samba-e4001a78c1d0b286b37e19c733cf1bbc18166818.tar.xz
samba-e4001a78c1d0b286b37e19c733cf1bbc18166818.zip
dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType is the only case where this makes sense. Andrew Bartlett
-rw-r--r--source4/dsdb/pydsdb.c1
-rw-r--r--source4/dsdb/samdb/ldb_modules/objectclass_attrs.c12
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c3
-rw-r--r--source4/dsdb/samdb/samdb.h3
-rw-r--r--source4/setup/schema_samba4.ldif1
5 files changed, 15 insertions, 5 deletions
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index f63d71e2d0..b9e1dd742c 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -1269,6 +1269,7 @@ void initdsdb(void)
ADD_DSDB_STRING(DSDB_SYNTAX_STRING_DN);
ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);
ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);
+ ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);
ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index e50c8e2369..c521f332ae 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -408,10 +408,14 @@ static int attr_handler2(struct oc_context *ac)
found = str_list_check(harmless_attrs, attr->lDAPDisplayName);
}
if (!found) {
- ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
- msg->elements[i].name,
- ldb_dn_get_linearized(msg->dn));
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ /* we allow this for dbcheck to fix the rest of this broken entry */
+ if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) ||
+ ac->req->operation == LDB_ADD) {
+ ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
+ msg->elements[i].name,
+ ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 1dc7ea057c..6f26299c6a 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1391,7 +1391,8 @@ static int replmd_update_rpmd(struct ldb_module *module,
struct ldb_message_element *el;
/*if we are RODC and this is a DRSR update then its ok*/
- if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)
+ && !ldb_request_get_control(req, DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)) {
unsigned instanceType;
ret = samdb_rodc(ldb, rodc);
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 5422218059..c4cb3bdb48 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -122,6 +122,9 @@ struct dsdb_control_password_change {
/* passed when we want special behaviour for dbcheck */
#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
+/* passed when dbcheck wants to modify a read only replica (very special case) */
+#define DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA "1.3.6.1.4.1.7165.4.3.19.1"
+
/* passed when importing plain text password on upgrades */
#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 3d004c5ab1..0c5c7872e3 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -194,6 +194,7 @@
#Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
#Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
#Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
+#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1
#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
# Extended 1.3.6.1.4.1.7165.4.4.x