dsdb-repl: Always set DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING when we are an RODC

Unless we are using DRSUAPI_EXOP_REPL_SECRET, always remove DRSUAPI_DRS_WRIT_REP and always set DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING Otherwise, we will not work as an RODC, because replication will fail with access denied errors. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2015-02-20 17:55:49 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2015-03-16 03:00:07 +0100
commit: 288117507f6ba0faa25bc83df532cdd254738e00 (patch)
tree: 5a09cb2c88815f38a20e7bf9e112ffed48b54316 /source4
parent: b5be45c453bd51373bade26c29828b500ba586ec (diff)
download: samba-288117507f6ba0faa25bc83df532cdd254738e00.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index c8a28ac998c..a0478813681 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -476,8 +476,11 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 			DEBUG(0,(__location__ ": Failed to construct RODC partial attribute set : %s\n", nt_errstr(status)));
 			return;
 		}
+		replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
 		if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
 			replica_flags &= ~DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
+		} else {
+			replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
 		}
 	}
 	if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
author	Andrew Bartlett <abartlet@samba.org>	2015-02-20 17:55:49 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2015-03-16 03:00:07 +0100
commit	288117507f6ba0faa25bc83df532cdd254738e00 (patch)
tree	5a09cb2c88815f38a20e7bf9e112ffed48b54316 /source4
parent	b5be45c453bd51373bade26c29828b500ba586ec (diff)
download	samba-288117507f6ba0faa25bc83df532cdd254738e00.tar.gz