s4/rodc: Implement samdb_rodc with ldb context

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index cc75f7fdc9f2135f557a79b1c849ad0977b6affe..faa96e6219c201b56e63a87642ef7e63057519f2 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2674,15 +2674,47 @@ int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1,
 
 /*
   see if we are a RODC
-
-  TODO: This should take a sam_ctx, and lookup the right object (with
-  a cache)
 */
-bool samdb_rodc(struct loadparm_context *lp_ctx)
+bool samdb_rodc(struct ldb_context *sam_ctx)
 {
-       return lp_parm_bool(lp_ctx, NULL, "repl", "RODC", false);
-}
+       TALLOC_CTX *tmp_ctx;
+       const char *obj_category;
+       struct ldb_dn *obj_category_dn;
+       const struct ldb_val *obj_category_dn_rdn_val;
+
+       tmp_ctx = talloc_new(sam_ctx);
+       if (tmp_ctx == NULL) {
+               DEBUG(1,("samdb_rodc: Failed to talloc new context.\n"));
+               goto failed;
+       }
+
+       obj_category = samdb_ntds_object_category(tmp_ctx, sam_ctx);
+       if (!obj_category) {
+               DEBUG(1,("samdb_rodc: Failed to get object category.\n"));
+               goto failed;
+       }
+
+       obj_category_dn = ldb_dn_new(tmp_ctx, sam_ctx, obj_category);
+       if (!obj_category_dn) {
+               DEBUG(1,("samdb_rodc: Failed to create object category dn.\n"));
+               goto failed;
+       }
 
+       obj_category_dn_rdn_val = ldb_dn_get_rdn_val(obj_category_dn);
+       if (!obj_category_dn_rdn_val) {
+               DEBUG(1, ("samdb_rodc: Failed to get object category dn rdn value.\n"));
+               goto failed;
+       }
+
+       if (strequal((const char*)obj_category_dn_rdn_val->data, "NTDS-DSA-RO")) {
+               talloc_free(tmp_ctx);
+               return true;
+       }
+
+failed:
+       talloc_free(tmp_ctx);
+       return false;
+}
 
 /*
   return NTDS options flags. See MS-ADTS 7.1.1.2.2.1.2.1.1 
@@ -2717,11 +2749,33 @@ int samdb_ntds_options(struct ldb_context *ldb, uint32_t *options)
        return LDB_SUCCESS;
 
 failed:
-       DEBUG(1,("Failed to find our own NTDS Settings objectGUID in the ldb!\n"));
+       DEBUG(1,("Failed to find our own NTDS Settings options in the ldb!\n"));
        talloc_free(tmp_ctx);
        return LDB_ERR_NO_SUCH_OBJECT;
 }
 
+const char* samdb_ntds_object_category(TALLOC_CTX *tmp_ctx, struct ldb_context *ldb)
+{
+       const char *attrs[] = { "objectCategory", NULL };
+       int ret;
+       struct ldb_result *res;
+
+       ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, attrs, NULL);
+       if (ret) {
+               goto failed;
+       }
+
+       if (res->count != 1) {
+               goto failed;
+       }
+
+       return samdb_result_string(res->msgs[0], "objectCategory", NULL);
+
+failed:
+       DEBUG(1,("Failed to find our own NTDS Settings objectCategory in the ldb!\n"));
+       return NULL;
+}
+
 /*
  * Function which generates a "lDAPDisplayName" attribute from a "CN" one.
  * Algorithm implemented according to MS-ADTS 3.1.1.2.3.4

diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 7b819ac4c3b7a18444fa46763484ba4ca08e5b21..422617082ab5f42922288dc8649c440b72fff210 100644 (file)
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -548,7 +548,7 @@ static void dreplsrv_update_refs_trigger(struct tevent_req *req)
        r->in.req.req1.dest_dsa_dns_name  = ntds_dns_name;
        r->in.req.req1.dest_dsa_guid      = service->ntds_guid;
        r->in.req.req1.options            = DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_DEL_REF;
-       if (!samdb_rodc(service->task->lp_ctx)) {
+       if (!samdb_rodc(service->samdb)) {
                r->in.req.req1.options |= DRSUAPI_DRS_WRIT_REP;
        }
 

diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index ac277e58b82d450171d9f32ba3b9e61175039d06..c65d10d35c34825bd3e9dfe3eb831c39a66053cd 100644 (file)
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -692,7 +692,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
        r->out.ctr->ctr6.uptodateness_vector = NULL;
 
        /* a RODC doesn't allow for any replication */
-       if (samdb_rodc(ldb_get_opaque(b_state->sam_ctx, "loadparm"))) {
+       if (samdb_rodc(b_state->sam_ctx)) {
                DEBUG(0,(__location__ ": DsGetNCChanges attempt on RODC\n"));
                return WERR_DS_DRA_SOURCE_DISABLED;
        }