mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:drsuapi:getncchanges: allow 0 reserved_usn reply
Azure AD will set reserved_usn to zero when we expect it to be the number we gave them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15701 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
5ef2701903
commit
7a623d8d56
@ -1,5 +0,0 @@
|
|||||||
^samba4.drs.getncchanges.python\(vampire_dc\).getncchanges.DrsReplicaSyncFakeAzureAdTests.test_repl_get_tgt_multivalued_links\(vampire_dc\)
|
|
||||||
^samba4.drs.getncchanges.python\(vampire_dc\).getncchanges.DrsReplicaSyncFakeAzureAdTests.test_repl_integrity\(vampire_dc\)
|
|
||||||
^samba4.drs.getncchanges.python\(vampire_dc\).getncchanges.DrsReplicaSyncFakeAzureAdTests.test_repl_integrity_link_attr\(vampire_dc\)
|
|
||||||
^samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncFakeAzureAdTests.test_repl_integrity\(promoted_dc\)
|
|
||||||
^samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncFakeAzureAdTests.test_repl_integrity_link_attr\(promoted_dc\)
|
|
@ -3029,16 +3029,67 @@ allowed:
|
|||||||
ret = drsuapi_DsReplicaHighWaterMark_cmp(&getnc_state->last_hwm,
|
ret = drsuapi_DsReplicaHighWaterMark_cmp(&getnc_state->last_hwm,
|
||||||
&req10->highwatermark);
|
&req10->highwatermark);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
DBG_ERR("DsGetNCChanges 2nd replication "
|
if (req10->highwatermark.reserved_usn == 0) {
|
||||||
"on DN %s %s highwatermark "
|
/*
|
||||||
"(last_dn %s)\n",
|
* Entra ID Connect / Azure AD is known to set
|
||||||
ldb_dn_get_linearized(
|
* reserved_usn to zero in replies, when we
|
||||||
getnc_state->ncRoot_dn),
|
* were expecting it to be returned unchanged
|
||||||
(ret > 0) ? "older" : "newer",
|
* (it is supposed to be an opaque cookie).
|
||||||
ldb_dn_get_linearized(
|
*
|
||||||
getnc_state->last_dn));
|
* If the only difference is in the
|
||||||
TALLOC_FREE(getnc_state);
|
* reserved_usn, and it is 0 on the return, we
|
||||||
b_state->getncchanges_full_repl_state = NULL;
|
* assume it is Azure AD and treat the
|
||||||
|
* highwatermarks as equal.
|
||||||
|
*/
|
||||||
|
req10->highwatermark.reserved_usn =
|
||||||
|
getnc_state->last_hwm.reserved_usn;
|
||||||
|
|
||||||
|
ret = drsuapi_DsReplicaHighWaterMark_cmp(
|
||||||
|
&getnc_state->last_hwm,
|
||||||
|
&req10->highwatermark);
|
||||||
|
|
||||||
|
/* put things as they were */
|
||||||
|
req10->highwatermark.reserved_usn = 0;
|
||||||
|
|
||||||
|
if (ret != 0) {
|
||||||
|
/* we will start again */
|
||||||
|
DBG_ERR("DsGetNCChanges 2nd replication "
|
||||||
|
"on DN %s %s highwatermark "
|
||||||
|
"(last_dn %s) after Azure AD "
|
||||||
|
"reserved_usn adjustment\n",
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->ncRoot_dn),
|
||||||
|
(ret > 0) ? "older" : "newer",
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->last_dn));
|
||||||
|
TALLOC_FREE(getnc_state);
|
||||||
|
b_state->getncchanges_full_repl_state =
|
||||||
|
NULL;
|
||||||
|
} else {
|
||||||
|
/* log and continue as normal */
|
||||||
|
DBG_NOTICE(
|
||||||
|
"DsGetNCChanges 2nd replication "
|
||||||
|
"on DN %s: highwatermark "
|
||||||
|
"matches only after Azure AD "
|
||||||
|
"reserved_usn adjustment "
|
||||||
|
"(last_dn %s)\n",
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->ncRoot_dn),
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->last_dn));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
DBG_ERR("DsGetNCChanges 2nd replication "
|
||||||
|
"on DN %s %s highwatermark "
|
||||||
|
"(last_dn %s)\n",
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->ncRoot_dn),
|
||||||
|
(ret > 0) ? "older" : "newer",
|
||||||
|
ldb_dn_get_linearized(
|
||||||
|
getnc_state->last_dn));
|
||||||
|
TALLOC_FREE(getnc_state);
|
||||||
|
b_state->getncchanges_full_repl_state = NULL;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user