diff options
-rw-r--r-- | source4/dsdb/repl/replicated_objects.c | 18 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_syntax.c | 12 |
2 files changed, 25 insertions, 5 deletions
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index e9225f586c0..a112e18e076 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -455,7 +455,7 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) { WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, - a, msg->elements, e); + a, msg->elements, e, NULL); if (W_ERROR_IS_OK(get_name_status)) { DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n", e->name, ldb_dn_get_linearized(msg->dn))); @@ -467,11 +467,21 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb, return status; } + /* + * This function also fills in the local attid value, + * based on comparing the remote and local prefixMap + * tables. If we don't convert the value, then we can + * have invalid values in the replPropertyMetaData we + * store on disk, as the prefixMap is per host, not + * per-domain. This may be why Microsoft added the + * msDS-IntID feature, however this is not used for + * extra attributes in the schema partition itself. + */ status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote, - a, msg->elements, e); + a, msg->elements, e, + &m->attid); W_ERROR_NOT_OK_RETURN(status); - m->attid = a->attid; m->version = d->version; m->originating_change_time = d->originating_change_time; m->originating_invocation_id = d->originating_invocation_id; @@ -1038,7 +1048,7 @@ static WERROR dsdb_origin_object_convert(struct ldb_context *ldb, e = &msg->elements[i]; status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap, - a, msg->elements, e); + a, msg->elements, e, NULL); W_ERROR_NOT_OK_RETURN(status); } diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index 94e319c11f3..5b7c8b13d80 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -2702,7 +2702,8 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb, const struct dsdb_schema_prefixmap *pfm_remote, const struct drsuapi_DsReplicaAttribute *in, TALLOC_CTX *mem_ctx, - struct ldb_message_element *out) + struct ldb_message_element *out, + enum drsuapi_DsAttributeId *local_attid_as_enum) { const struct dsdb_attribute *sa; struct dsdb_syntax_ctx syntax_ctx; @@ -2738,6 +2739,15 @@ WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb, return WERR_DS_ATT_NOT_DEF_IN_SCHEMA; } + /* + * We return the same class of attid as we were given. That + * is, we trust the remote server not to use an + * msDS-IntId value in the schema partition + */ + if (local_attid_as_enum != NULL) { + *local_attid_as_enum = (enum drsuapi_DsAttributeId)attid_local; + } + return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out); } |