/* we allow LDB_ERR_NO_SUCH_ATTRIBUTE as success to
cope with possible corruption where the backlink has
already been removed */
- DEBUG(0,("WARNING: backlink from %s already removed from %s - %s\n",
+ DEBUG(3,("WARNING: backlink from %s already removed from %s - %s\n",
ldb_dn_get_linearized(target_dn),
ldb_dn_get_linearized(source_dn),
ldb_errstring(ldb)));
}
if (ares->error != LDB_SUCCESS) {
- DEBUG(0,("%s failure. Error is: %s\n", __FUNCTION__, ldb_strerror(ares->error)));
+ DEBUG(5,("%s failure. Error is: %s\n", __FUNCTION__, ldb_strerror(ares->error)));
return ldb_module_done(ac->req, controls,
ares->response, ares->error);
}
/* if the attribute's value haven't changed then return LDB_SUCCESS */
if (old_el != NULL && ldb_msg_element_compare(el, old_el) == 0) {
- return LDB_SUCCESS;
+ if (!ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID)) {
+ /*
+ * allow this to make it possible for dbcheck
+ * to rebuild broken metadata
+ */
+ return LDB_SUCCESS;
+ }
}
for (i=0; i<omd->ctr.ctr1.count; i++) {
int ret;
const char * const *attrs = NULL;
const char * const attrs1[] = { "replPropertyMetaData", "*", NULL };
- const char * const attrs2[] = { "uSNChanged", "objectClass", NULL };
+ const char * const attrs2[] = { "uSNChanged", "objectClass", "instanceType", NULL };
struct ldb_result *res;
struct ldb_context *ldb;
struct ldb_message_element *objectclass_el;
/*if we are RODC and this is a DRSR update then its ok*/
if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+ unsigned instanceType;
+
ret = samdb_rodc(ldb, &rodc);
if (ret != LDB_SUCCESS) {
DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
return LDB_ERR_REFERRAL;
}
+
+ instanceType = ldb_msg_find_attr_as_uint(res->msgs[0], "instanceType", INSTANCE_TYPE_WRITE);
+ if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+ "cannot change replicated attribute on partial replica");
+ }
}
md_value = talloc(msg, struct ldb_val);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Unable to find GUID for DN %s\n",
ldb_dn_get_linearized(dn));
+ if (ret == LDB_ERR_NO_SUCH_OBJECT &&
+ LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE &&
+ ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
return ret;
}
ret = dsdb_set_extended_dn_guid(dn, p->guid, "GUID");
ldb_asprintf_errstring(ldb, "Attribute %s already exists for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
talloc_free(tmp_ctx);
- return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+ /* error codes for 'member' need to be
+ special cased */
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ } else {
+ return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+ }
}
ret = replmd_update_la_val(old_el->values, p->v, dns[i].dsdb_dn, p->dsdb_dn,
invocation_id, seq_num, seq_num, now, 0, false);
if (!p2) {
ldb_asprintf_errstring(ldb, "Attribute %s doesn't exist for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
- return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
}
rmd_flags = dsdb_dn_rmd_flags(p2->dsdb_dn->dn);
if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
ldb_asprintf_errstring(ldb, "Attribute %s already deleted for target GUID %s",
el->name, GUID_string(tmp_ctx, p->guid));
- return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ if (ldb_attr_cmp(el->name, "member") == 0) {
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
}
}
const struct dsdb_attribute *rdn_attr;
const char *rdn_name;
const struct ldb_val *rdn_val;
- const char *attrs[4] = { NULL, };
+ const char *attrs[5] = { NULL, };
time_t t = time(NULL);
int ret;
bool is_urgent = false;
*/
attrs[0] = "replPropertyMetaData";
attrs[1] = "objectClass";
- attrs[2] = rdn_name;
- attrs[3] = NULL;
+ attrs[2] = "instanceType";
+ attrs[3] = rdn_name;
+ attrs[4] = NULL;
ret = replmd_update_rpmd(ac->module, ac->schema, req, attrs,
msg, &ac->seq_num, t, &is_urgent);
lpcfg_dnsdomain(lp_ctx),
ldb_dn_get_linearized(olddn));
ret = ldb_module_send_referral(req, referral);
- talloc_free(ac);
+ talloc_free(ares);
return ldb_module_done(req, NULL, NULL, ret);
}
OBJECT_TOMBSTONE=4, OBJECT_REMOVED=5 };
enum deletion_state deletion_state, next_deletion_state;
bool enabled;
+ int functional_level;
if (ldb_dn_is_special(req->op.del.dn)) {
return ldb_next_request(module, req);
return LDB_ERR_OPERATIONS_ERROR;
}
+ functional_level = dsdb_functional_level(ldb);
+
old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
/* we need the complete msg off disk, so we can work out which
/* we also mark it as recycled, meaning this object can't be
recovered (we are stripping its attributes) */
- if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008_R2) {
+ if (functional_level >= DS_DOMAIN_FUNCTION_2008_R2) {
ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to add isRecycled string to the msg\n"));
/* don't remove the rDN */
continue;
}
- if (sa->linkID && sa->linkID & 1) {
+ if (sa->linkID && (sa->linkID & 1)) {
+ /*
+ we have a backlink in this object
+ that needs to be removed. We're not
+ allowed to remove it directly
+ however, so we instead setup a
+ modify to delete the corresponding
+ forward link
+ */
ret = replmd_delete_remove_link(module, schema, old_dn, el, sa, req);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
+ /* now we continue, which means we
+ won't remove this backlink
+ directly
+ */
continue;
}
if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
false, NULL);
if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+ if (ar->objs->dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
+ /* this tells the partition module to make it a
+ partial replica if creating an NC */
+ ret = ldb_request_add_control(change_req,
+ DSDB_CONTROL_PARTIAL_REPLICA,
+ false, NULL);
+ if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+ }
+
return ldb_next_request(ar->module, change_req);
}
continue;
}
- cmp = replmd_replPropertyMetaData1_is_newer(&nmd.ctr.ctr1.array[j],
- &rmd->ctr.ctr1.array[i]);
+ if (ar->objs->dsdb_repl_flags & DSDB_REPL_FLAG_PRIORITISE_INCOMING) {
+ /* if we compare equal then do an
+ update. This is used when a client
+ asks for a FULL_SYNC, and can be
+ used to recover a corrupt
+ replica */
+ cmp = !replmd_replPropertyMetaData1_is_newer(&rmd->ctr.ctr1.array[i],
+ &nmd.ctr.ctr1.array[j]);
+ } else {
+ cmp = replmd_replPropertyMetaData1_is_newer(&nmd.ctr.ctr1.array[j],
+ &rmd->ctr.ctr1.array[i]);
+ }
if (cmp) {
/* replace the entry */
nmd.ctr.ctr1.array[j] = rmd->ctr.ctr1.array[i];
unix_to_nt_time(&now, t);
+ if (ar->search_msg == NULL) {
+ /* this happens for a REPL_OBJ call where we are
+ creating the target object by replicating it. The
+ subdomain join code does this for the partition DN
+ */
+ DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as no target DN\n"));
+ return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
+ }
+
instanceType = ldb_msg_find_attr_as_uint(ar->search_msg, "instanceType", 0);
if (! (instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as not NC root: %s\n",
*/
nrf_el->flags = LDB_FLAG_MOD_REPLACE;
- if (DEBUGLVL(4)) {
+ if (CHECK_DEBUGLVL(4)) {
char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
DEBUG(4, ("DRS replication uptodate modify message:\n%s\n", s));
talloc_free(s);
break;
case LDB_REPLY_DONE:
- if (ar->search_msg == NULL) {
- ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
- } else {
- ret = replmd_replicated_uptodate_modify(ar);
- }
+ ret = replmd_replicated_uptodate_modify(ar);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ar->req, NULL, NULL, ret);
}
uint32_t i;
struct replmd_private *replmd_private =
talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+ struct dsdb_control_replicated_update *rep_update;
ldb = ldb_module_get_ctx(module);
if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOMEM);
}
- /* This allows layers further down to know if a change came in over replication */
- ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL);
+ /* This allows layers further down to know if a change came in
+ over replication and what the replication flags were */
+ rep_update = talloc_zero(ar, struct dsdb_control_replicated_update);
+ if (rep_update == NULL) {
+ return ldb_module_oom(module);
+ }
+ rep_update->dsdb_repl_flags = objs->dsdb_repl_flags;
+
+ ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, rep_update);
if (ret != LDB_SUCCESS) {
return ret;
}
old DN value */
ret = dsdb_module_dn_by_guid(module, dsdb_dn, &guid, &dsdb_dn->dn, parent);
if (ret != LDB_SUCCESS) {
- DEBUG(2,(__location__ ": WARNING: Failed to re-resolve GUID %s - using %s",
+ DEBUG(2,(__location__ ": WARNING: Failed to re-resolve GUID %s - using %s\n",
GUID_string(tmp_ctx, &guid),
ldb_dn_get_linearized(dsdb_dn->dn)));
}