diff options
author | Andrew Bartlett <abartlet@samba.org> | 2023-01-25 15:24:57 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-02-03 10:28:42 +0000 |
commit | cee7ecee5caea78beae099cbde4f34c7c0c663b7 (patch) | |
tree | 5c27e62c6b89df1afbd4fef03ae0b8d5d2e11ccc | |
parent | c7658589fa53a7905678361409341a916b0d41f5 (diff) | |
download | samba-cee7ecee5caea78beae099cbde4f34c7c0c663b7.tar.gz |
s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224
(cherry picked from commit 0f2978bbc0ed5b65d75c20472650a749643312e7)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Feb 3 10:28:42 UTC 2023 on sn-devel-184
-rw-r--r-- | selftest/knownfail.d/getncchanges | 2 | ||||
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 14 |
2 files changed, 12 insertions, 4 deletions
diff --git a/selftest/knownfail.d/getncchanges b/selftest/knownfail.d/getncchanges index 7adc669855d..5ef1bc98bef 100644 --- a/selftest/knownfail.d/getncchanges +++ b/selftest/knownfail.d/getncchanges @@ -4,5 +4,3 @@ samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegri samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_chain\(promoted_dc\) samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_and_anc\(promoted_dc\) samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_repl_get_tgt_multivalued_links\(promoted_dc\) -# New tests for GetNCChanges with a GUID and a bad DN, like Azure AD Cloud Sync -^samba4.drs.getnc_exop.python\(.*\).getnc_exop.DrsReplicaSyncTestCase.test_DummyDN_valid_GUID_REPL_SECRET diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index ca805d9f958..74b173c3965 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -1201,6 +1201,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, const char *obj_attrs[] = { "tokenGroups", "objectSid", "UserAccountControl", "msDS-KrbTgtLinkBL", NULL }; struct ldb_result *rodc_res = NULL, *obj_res = NULL; WERROR werr; + struct GUID_txt_buf guid_buf; DEBUG(3,(__location__ ": DRSUAPI_EXOP_REPL_SECRET extended op on %s\n", drs_ObjectIdentifier_to_debug_string(mem_ctx, ncRoot))); @@ -1231,7 +1232,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, ntds_attrs, &ntds_msg); if (ret != LDB_SUCCESS) { - goto failed; + goto dest_dsa_error; } ntds_dn = ntds_msg->dn; @@ -1245,7 +1246,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, "serverReference", machine_dn); if (ret != LDB_SUCCESS) { - goto failed; + goto dest_dsa_error; } /* @@ -1346,6 +1347,15 @@ failed: ldb_dn_get_linearized(obj_dn), dom_sid_string(mem_ctx, user_sid))); ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; return WERR_DS_DRA_BAD_DN; + +dest_dsa_error: + DBG_WARNING("Failed secret replication for %s by RODC %s as dest_dsa_guid %s is invalid\n", + ldb_dn_get_linearized(obj_dn), + dom_sid_string(mem_ctx, user_sid), + GUID_buf_string(&req10->destination_dsa_guid, + &guid_buf)); + ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; + return WERR_DS_DRA_DB_ERROR; } /* |