This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
class drs_Replicate(object):
'''DRS replication calls'''
- def __init__(self, binding_string, lp, creds, samdb):
+ def __init__(self, binding_string, lp, creds, samdb, invocation_id):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
- self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
+ if not isinstance(invocation_id, misc.GUID):
+ raise RuntimeError("Must supply GUID for invocation_id")
+ if invocation_id == misc.GUID("00000000-0000-0000-0000-000000000000"):
+ raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id")
+ self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
def drs_get_rodc_partial_attribute_set(self):
'''get a list of attributes for RODC replication'''
binding_options += ",print"
repl = drs_utils.drs_Replicate(
"ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
- ctx.lp, repl_creds, ctx.local_samdb)
+ ctx.lp, repl_creds, ctx.local_samdb, ctx.invocation_id)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
destination_dsa_guid, schema=True, rodc=ctx.RODC,
source_dsa_invocation_id = misc.GUID(self.samdb.get_invocation_id())
+ dest_dsa_invocation_id = misc.GUID(self.local_samdb.get_invocation_id())
destination_dsa_guid = self.ntds_guid
self.samdb.transaction_start()
repl = drs_utils.drs_Replicate("ncacn_ip_tcp:%s[seal]" % self.server, self.lp,
- self.creds, self.local_samdb)
+ self.creds, self.local_samdb, dest_dsa_invocation_id)
+
try:
repl.replicate(NC, source_dsa_invocation_id, destination_dsa_guid)
except Exception, e:
/* see if we have a cached copy */
invocation_id = (struct GUID *)ldb_get_opaque(ldb, "cache.invocation_id");
if (invocation_id) {
+ SMB_ASSERT(!GUID_all_zero(invocation_id));
return invocation_id;
}
goto failed;
}
+ SMB_ASSERT(!GUID_all_zero(invocation_id_in));
*invocation_id_new = *invocation_id_in;
/* cache the domain_sid in the ldb */
PyErr_LDB_OR_RAISE(py_ldb, ldb);
GUID_from_string(PyString_AsString(py_guid), &guid);
+ if (GUID_all_zero(&guid)) {
+ PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id rejected due to all-zero invocation ID");
+ return NULL;
+ }
+
ret = samdb_set_ntds_invocation_id(ldb, &guid);
if (!ret) {
PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
#include <Python.h>
#include "includes.h"
#include <pyldb.h>
+#include <pytalloc.h>
#include "libnet.h"
#include "auth/credentials/pycredentials.h"
#include "libcli/security/security.h"
#include "libcli/finddc.h"
#include "dsdb/samdb/samdb.h"
#include "py_net.h"
+#include "librpc/rpc/pyrpc_util.h"
void initnet(void);
*/
static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
{
- const char *kwnames[] = { "samdb", "lp", "drspipe", NULL };
- PyObject *py_ldb, *py_lp, *py_drspipe;
+ const char *kwnames[] = { "samdb", "lp", "drspipe", "invocation_id", NULL };
+ PyObject *py_ldb, *py_lp, *py_drspipe, *py_invocation_id;
struct ldb_context *samdb;
struct loadparm_context *lp;
struct replicate_state *s;
NTSTATUS status;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOO",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOO",
discard_const_p(char *, kwnames),
- &py_ldb, &py_lp, &py_drspipe)) {
+ &py_ldb, &py_lp, &py_drspipe,
+ &py_invocation_id)) {
return NULL;
}
talloc_free(s);
return NULL;
}
+ if (!py_check_dcerpc_type(py_invocation_id, "samba.dcerpc.misc", "GUID")) {
+
+ talloc_free(s);
+ return NULL;
+ }
+ s->dest_dsa.invocation_id = *pytalloc_get_type(py_invocation_id, struct GUID);
s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);