1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

repl: Set GET_ALL_GROUP_MEMBERSHIP flag in the drepl server

Although we do not currently support this in the server, this will cause
data loss against a Windows DC unless we set this flag as per the docs.
This flag is required for the RODC.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 15 05:31:59 CEST 2017 on sn-devel-144
This commit is contained in:
Garming Sam 2016-11-16 14:44:40 +13:00 committed by Garming Sam
parent a7ef0f8be4
commit e244ba4a8f
3 changed files with 14 additions and 2 deletions

View File

@ -909,7 +909,6 @@ class KCC(object):
drsuapi.DRSUAPI_DRS_PER_SYNC |
drsuapi.DRSUAPI_DRS_ADD_REF |
drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP |
drsuapi.DRSUAPI_DRS_NONGC_RO_REP)
if t_repsFrom.replica_flags != replica_flags:
t_repsFrom.replica_flags = replica_flags

View File

@ -178,7 +178,6 @@ uint32_t kccsrv_replica_flags(struct kccsrv_service *s)
DRSUAPI_DRS_PER_SYNC |
DRSUAPI_DRS_ADD_REF |
DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP |
DRSUAPI_DRS_NONGC_RO_REP;
}
return DRSUAPI_DRS_INIT_SYNC |

View File

@ -518,7 +518,21 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
} else {
replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
}
/*
* As per MS-DRSR:
*
* 4.1.10.4
* Client Behavior When Sending the IDL_DRSGetNCChanges Request
*
* 4.1.10.4.1
* ReplicateNCRequestMsg
*/
replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
} else {
replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
}
if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
/*
* If it's an exop never set the ADD_REF even if it's in