Line data Source code
1 : /*
2 : Unix SMB/CIFS Implementation.
3 : DSDB replication service
4 :
5 : Copyright (C) Stefan Metzmacher 2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 :
20 : */
21 :
22 : #include "includes.h"
23 : #include "dsdb/samdb/samdb.h"
24 : #include "auth/auth.h"
25 : #include "samba/service.h"
26 : #include "lib/events/events.h"
27 : #include "dsdb/repl/drepl_service.h"
28 : #include <ldb_errors.h>
29 : #include "../lib/util/dlinklist.h"
30 : #include "librpc/gen_ndr/ndr_misc.h"
31 : #include "librpc/gen_ndr/ndr_drsuapi.h"
32 : #include "librpc/gen_ndr/ndr_drsblobs.h"
33 : #include "libcli/security/security.h"
34 : #include "param/param.h"
35 : #include "dsdb/common/util.h"
36 :
37 : #undef DBGC_CLASS
38 : #define DBGC_CLASS DBGC_DRS_REPL
39 :
40 : #undef strcasecmp
41 :
42 : /*
43 : load the partitions list based on replicated NC attributes in our
44 : NTDSDSA object
45 : */
46 59 : WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
47 : {
48 2 : WERROR status;
49 2 : static const char *attrs[] = { "hasMasterNCs", "msDS-hasMasterNCs", "hasPartialReplicaNCs", "msDS-HasFullReplicaNCs", NULL };
50 2 : unsigned int a;
51 2 : int ret;
52 2 : TALLOC_CTX *tmp_ctx;
53 2 : struct ldb_result *res;
54 2 : struct ldb_message_element *el;
55 2 : struct ldb_dn *ntds_dn;
56 :
57 59 : tmp_ctx = talloc_new(s);
58 59 : W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
59 :
60 59 : ntds_dn = samdb_ntds_settings_dn(s->samdb, tmp_ctx);
61 59 : if (!ntds_dn) {
62 0 : DEBUG(1,(__location__ ": Unable to find ntds_dn: %s\n", ldb_errstring(s->samdb)));
63 0 : talloc_free(tmp_ctx);
64 0 : return WERR_DS_DRA_INTERNAL_ERROR;
65 : }
66 :
67 59 : ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, ntds_dn, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
68 59 : if (ret != LDB_SUCCESS) {
69 0 : DEBUG(1,("Searching for hasMasterNCs in NTDS DN failed: %s\n", ldb_errstring(s->samdb)));
70 0 : talloc_free(tmp_ctx);
71 0 : return WERR_DS_DRA_INTERNAL_ERROR;
72 : }
73 :
74 295 : for (a=0; attrs[a]; a++) {
75 8 : int i;
76 :
77 236 : el = ldb_msg_find_element(res->msgs[0], attrs[a]);
78 236 : if (el == NULL) {
79 120 : continue;
80 : }
81 574 : for (i=0; i<el->num_values; i++) {
82 16 : struct ldb_dn *pdn;
83 16 : struct dreplsrv_partition *p, *tp;
84 16 : bool found;
85 :
86 458 : pdn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
87 458 : if (pdn == NULL) {
88 0 : talloc_free(tmp_ctx);
89 0 : return WERR_DS_DRA_INTERNAL_ERROR;
90 : }
91 458 : if (!ldb_dn_validate(pdn)) {
92 0 : return WERR_DS_DRA_INTERNAL_ERROR;
93 : }
94 :
95 458 : p = talloc_zero(s, struct dreplsrv_partition);
96 458 : W_ERROR_HAVE_NO_MEMORY(p);
97 :
98 458 : p->dn = talloc_steal(p, pdn);
99 458 : p->service = s;
100 :
101 458 : if (strcasecmp(attrs[a], "hasPartialReplicaNCs") == 0) {
102 0 : p->partial_replica = true;
103 458 : } else if (strcasecmp(attrs[a], "msDS-HasFullReplicaNCs") == 0) {
104 5 : p->rodc_replica = true;
105 : }
106 :
107 : /* Do not add partitions more than once */
108 458 : found = false;
109 1369 : for (tp = s->partitions; tp; tp = tp->next) {
110 1082 : if (ldb_dn_compare(tp->dn, p->dn) == 0) {
111 165 : found = true;
112 165 : break;
113 : }
114 : }
115 458 : if (found) {
116 171 : talloc_free(p);
117 171 : continue;
118 : }
119 :
120 287 : DLIST_ADD(s->partitions, p);
121 287 : DEBUG(2, ("dreplsrv_partition[%s] loaded\n", ldb_dn_get_linearized(p->dn)));
122 : }
123 : }
124 :
125 59 : talloc_free(tmp_ctx);
126 :
127 59 : status = dreplsrv_refresh_partitions(s);
128 59 : W_ERROR_NOT_OK_RETURN(status);
129 :
130 59 : return WERR_OK;
131 : }
132 :
133 : /*
134 : Check if particular SPN exists for an account
135 : */
136 51 : static bool dreplsrv_spn_exists(struct ldb_context *samdb, struct ldb_dn *account_dn,
137 : const char *principal_name)
138 : {
139 0 : TALLOC_CTX *tmp_ctx;
140 51 : const char *attrs_empty[] = { NULL };
141 0 : int ret;
142 0 : struct ldb_result *res;
143 51 : const char *principal_name_encoded = NULL;
144 :
145 51 : tmp_ctx = talloc_new(samdb);
146 51 : if (tmp_ctx == NULL) {
147 0 : return false;
148 : }
149 :
150 51 : principal_name_encoded = ldb_binary_encode_string(tmp_ctx, principal_name);
151 51 : if (principal_name_encoded == NULL) {
152 0 : talloc_free(tmp_ctx);
153 0 : return false;
154 : }
155 :
156 51 : ret = dsdb_search(samdb, tmp_ctx, &res, account_dn, LDB_SCOPE_BASE, attrs_empty,
157 : 0, "servicePrincipalName=%s",
158 : principal_name_encoded);
159 51 : if (ret != LDB_SUCCESS || res->count != 1) {
160 0 : talloc_free(tmp_ctx);
161 0 : return false;
162 : }
163 :
164 51 : talloc_free(tmp_ctx);
165 51 : return true;
166 : }
167 :
168 : /*
169 : work out the principal to use for DRS replication connections
170 : */
171 56 : static NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
172 : TALLOC_CTX *mem_ctx,
173 : const struct repsFromTo1 *rft,
174 : char **target_principal)
175 : {
176 0 : TALLOC_CTX *tmp_ctx;
177 0 : struct ldb_result *res;
178 56 : const char *attrs_server[] = { "dNSHostName", "serverReference", NULL };
179 56 : const char *attrs_ntds[] = { "msDS-HasDomainNCs", "hasMasterNCs", NULL };
180 0 : int ret;
181 56 : const char *hostname, *dnsdomain=NULL;
182 0 : struct ldb_dn *ntds_dn, *server_dn, *computer_dn;
183 0 : struct ldb_dn *forest_dn, *nc_dn;
184 :
185 56 : *target_principal = NULL;
186 :
187 56 : tmp_ctx = talloc_new(mem_ctx);
188 :
189 : /* we need to find their hostname */
190 56 : ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, 0, &ntds_dn);
191 56 : if (ret != LDB_SUCCESS) {
192 1 : talloc_free(tmp_ctx);
193 : /* its OK for their NTDSDSA DN not to be in our database */
194 1 : return NT_STATUS_OK;
195 : }
196 :
197 55 : server_dn = ldb_dn_copy(tmp_ctx, ntds_dn);
198 55 : if (server_dn == NULL) {
199 0 : talloc_free(tmp_ctx);
200 0 : return NT_STATUS_OK;
201 : }
202 :
203 : /* strip off the NTDS Settings */
204 55 : if (!ldb_dn_remove_child_components(server_dn, 1)) {
205 0 : talloc_free(tmp_ctx);
206 0 : return NT_STATUS_OK;
207 : }
208 :
209 55 : ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, server_dn, attrs_server, 0);
210 55 : if (ret != LDB_SUCCESS) {
211 0 : talloc_free(tmp_ctx);
212 : /* its OK for their server DN not to be in our database */
213 0 : return NT_STATUS_OK;
214 : }
215 :
216 55 : forest_dn = ldb_get_root_basedn(s->samdb);
217 55 : if (forest_dn == NULL) {
218 0 : talloc_free(tmp_ctx);
219 0 : return NT_STATUS_OK;
220 : }
221 :
222 55 : hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
223 55 : computer_dn = ldb_msg_find_attr_as_dn(s->samdb, tmp_ctx, res->msgs[0], "serverReference");
224 55 : if (hostname != NULL && computer_dn != NULL) {
225 0 : char *local_principal;
226 :
227 : /*
228 : if we have the dNSHostName attribute then we can use
229 : the GC/hostname/realm SPN. All DCs should have this SPN
230 :
231 : Windows DC may set up it's dNSHostName before setting up
232 : GC/xx/xx SPN. So make sure it exists, before using it.
233 : */
234 51 : local_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
235 : hostname,
236 : samdb_dn_to_dns_domain(tmp_ctx, forest_dn));
237 51 : if (local_principal == NULL) {
238 0 : talloc_free(tmp_ctx);
239 0 : return NT_STATUS_NO_MEMORY;
240 : }
241 51 : if (dreplsrv_spn_exists(s->samdb, computer_dn, local_principal)) {
242 51 : *target_principal = local_principal;
243 51 : talloc_free(tmp_ctx);
244 51 : return NT_STATUS_OK;
245 : }
246 :
247 0 : talloc_free(local_principal);
248 : }
249 :
250 : /*
251 : if we can't find the dNSHostName then we will try for the
252 : E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
253 : SPN. To use that we need the DNS domain name of the target
254 : DC. We find that by first looking for the msDS-HasDomainNCs
255 : in the NTDSDSA object of the DC, and if we don't find that,
256 : then we look for the hasMasterNCs attribute, and eliminate
257 : the known schema and configuruation DNs. Despite how
258 : bizarre this seems, Hongwei tells us that this is in fact
259 : what windows does to find the SPN!!
260 : */
261 4 : ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, ntds_dn, attrs_ntds, 0);
262 4 : if (ret != LDB_SUCCESS) {
263 0 : talloc_free(tmp_ctx);
264 0 : return NT_STATUS_OK;
265 : }
266 :
267 4 : nc_dn = ldb_msg_find_attr_as_dn(s->samdb, tmp_ctx, res->msgs[0], "msDS-HasDomainNCs");
268 4 : if (nc_dn != NULL) {
269 4 : dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
270 : }
271 :
272 4 : if (dnsdomain == NULL) {
273 0 : struct ldb_message_element *el;
274 0 : int i;
275 0 : el = ldb_msg_find_element(res->msgs[0], "hasMasterNCs");
276 0 : for (i=0; el && i<el->num_values; i++) {
277 0 : nc_dn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
278 0 : if (nc_dn == NULL ||
279 0 : ldb_dn_compare(ldb_get_config_basedn(s->samdb), nc_dn) == 0 ||
280 0 : ldb_dn_compare(ldb_get_schema_basedn(s->samdb), nc_dn) == 0) {
281 0 : continue;
282 : }
283 : /* it must be a domain DN, get the equivalent
284 : DNS domain name */
285 0 : dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
286 0 : break;
287 : }
288 : }
289 :
290 4 : if (dnsdomain != NULL) {
291 4 : *target_principal = talloc_asprintf(mem_ctx,
292 : "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
293 : GUID_string(tmp_ctx, &rft->source_dsa_obj_guid),
294 : dnsdomain, dnsdomain);
295 : }
296 :
297 4 : talloc_free(tmp_ctx);
298 4 : return NT_STATUS_OK;
299 : }
300 :
301 :
302 21433 : WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
303 : const struct repsFromTo1 *rft,
304 : struct dreplsrv_out_connection **_conn)
305 : {
306 21433 : struct dreplsrv_out_connection *cur, *conn = NULL;
307 0 : const char *hostname;
308 :
309 21433 : if (!rft->other_info) {
310 0 : return WERR_FOOBAR;
311 : }
312 :
313 21433 : if (!rft->other_info->dns_name) {
314 0 : return WERR_FOOBAR;
315 : }
316 :
317 21433 : hostname = rft->other_info->dns_name;
318 :
319 32127 : for (cur = s->connections; cur; cur = cur->next) {
320 0 : const char *host;
321 :
322 32071 : host = dcerpc_binding_get_string_option(cur->binding, "host");
323 32071 : if (host == NULL) {
324 0 : continue;
325 : }
326 :
327 32071 : if (strcmp(host, hostname) == 0) {
328 21377 : conn = cur;
329 21377 : break;
330 : }
331 : }
332 :
333 21433 : if (!conn) {
334 0 : NTSTATUS nt_status;
335 0 : char *binding_str;
336 56 : char *target_principal = NULL;
337 :
338 56 : conn = talloc_zero(s, struct dreplsrv_out_connection);
339 56 : W_ERROR_HAVE_NO_MEMORY(conn);
340 :
341 56 : conn->service = s;
342 :
343 56 : binding_str = talloc_asprintf(conn, "ncacn_ip_tcp:%s[krb5,seal]",
344 : hostname);
345 56 : W_ERROR_HAVE_NO_MEMORY(binding_str);
346 56 : nt_status = dcerpc_parse_binding(conn, binding_str, &conn->binding);
347 56 : talloc_free(binding_str);
348 56 : if (!NT_STATUS_IS_OK(nt_status)) {
349 0 : return ntstatus_to_werror(nt_status);
350 : }
351 :
352 : /* use the GC principal for DRS replication */
353 56 : nt_status = dreplsrv_get_target_principal(s, conn->binding,
354 : rft, &target_principal);
355 56 : if (!NT_STATUS_IS_OK(nt_status)) {
356 0 : return ntstatus_to_werror(nt_status);
357 : }
358 :
359 56 : nt_status = dcerpc_binding_set_string_option(conn->binding,
360 : "target_principal",
361 : target_principal);
362 56 : TALLOC_FREE(target_principal);
363 56 : if (!NT_STATUS_IS_OK(nt_status)) {
364 0 : return ntstatus_to_werror(nt_status);
365 : }
366 :
367 56 : DLIST_ADD_END(s->connections, conn);
368 :
369 56 : DEBUG(4,("dreplsrv_out_connection_attach(%s): create\n", hostname));
370 : } else {
371 21377 : DEBUG(4,("dreplsrv_out_connection_attach(%s): attach\n", hostname));
372 : }
373 :
374 21433 : *_conn = conn;
375 21433 : return WERR_OK;
376 : }
377 :
378 : /*
379 : find an existing source dsa in a list
380 : */
381 10060 : static struct dreplsrv_partition_source_dsa *dreplsrv_find_source_dsa(struct dreplsrv_partition_source_dsa *list,
382 : struct GUID *guid)
383 : {
384 0 : struct dreplsrv_partition_source_dsa *s;
385 13588 : for (s=list; s; s=s->next) {
386 10261 : if (GUID_equal(&s->repsFrom1->source_dsa_obj_guid, guid)) {
387 6733 : return s;
388 : }
389 : }
390 3327 : return NULL;
391 : }
392 :
393 :
394 :
395 19553 : static WERROR dreplsrv_partition_add_source_dsa(struct dreplsrv_service *s,
396 : struct dreplsrv_partition *p,
397 : struct dreplsrv_partition_source_dsa **listp,
398 : struct dreplsrv_partition_source_dsa *check_list,
399 : const struct ldb_val *val)
400 : {
401 0 : WERROR status;
402 0 : enum ndr_err_code ndr_err;
403 0 : struct dreplsrv_partition_source_dsa *source, *s2;
404 :
405 19553 : source = talloc_zero(p, struct dreplsrv_partition_source_dsa);
406 19553 : W_ERROR_HAVE_NO_MEMORY(source);
407 :
408 19553 : ndr_err = ndr_pull_struct_blob(val, source,
409 19553 : &source->_repsFromBlob,
410 : (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
411 19553 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
412 0 : NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
413 0 : talloc_free(source);
414 0 : return ntstatus_to_werror(nt_status);
415 : }
416 : /* NDR_PRINT_DEBUG(repsFromToBlob, &source->_repsFromBlob); */
417 19553 : if (source->_repsFromBlob.version != 1) {
418 0 : talloc_free(source);
419 0 : return WERR_DS_DRA_INTERNAL_ERROR;
420 : }
421 :
422 19553 : source->partition = p;
423 19553 : source->repsFrom1 = &source->_repsFromBlob.ctr.ctr1;
424 :
425 19553 : status = dreplsrv_out_connection_attach(s, source->repsFrom1, &source->conn);
426 19553 : W_ERROR_NOT_OK_RETURN(status);
427 :
428 29613 : if (check_list &&
429 10060 : dreplsrv_find_source_dsa(check_list, &source->repsFrom1->source_dsa_obj_guid)) {
430 : /* its in the check list, don't add it again */
431 6733 : talloc_free(source);
432 6733 : return WERR_OK;
433 : }
434 :
435 : /* re-use an existing source if found */
436 18141 : for (s2=*listp; s2; s2=s2->next) {
437 17875 : if (GUID_equal(&s2->repsFrom1->source_dsa_obj_guid,
438 17875 : &source->repsFrom1->source_dsa_obj_guid)) {
439 12554 : talloc_free(s2->repsFrom1->other_info);
440 12554 : *s2->repsFrom1 = *source->repsFrom1;
441 12554 : talloc_steal(s2, s2->repsFrom1->other_info);
442 12554 : talloc_free(source);
443 12554 : return WERR_OK;
444 : }
445 : }
446 :
447 266 : DLIST_ADD_END(*listp, source);
448 266 : return WERR_OK;
449 : }
450 :
451 : /**
452 : * Find a partition when given a NC
453 : * If the NC can't be found it will return BAD_NC
454 : * Initial checks for invalid parameters have to be done beforehand
455 : */
456 2211 : WERROR dreplsrv_partition_find_for_nc(struct dreplsrv_service *s,
457 : struct GUID *nc_guid,
458 : struct dom_sid *nc_sid,
459 : const char *nc_dn_str,
460 : struct dreplsrv_partition **_p)
461 : {
462 0 : struct dreplsrv_partition *p;
463 0 : bool valid_sid, valid_guid;
464 :
465 2211 : SMB_ASSERT(_p);
466 :
467 2211 : valid_sid = nc_sid && !is_null_sid(nc_sid);
468 2211 : valid_guid = nc_guid && !GUID_all_zero(nc_guid);
469 :
470 2211 : if (!valid_sid && !valid_guid && (!nc_dn_str)) {
471 0 : return WERR_DS_DRA_BAD_NC;
472 : }
473 :
474 8744 : for (p = s->partitions; p; p = p->next) {
475 8744 : if ((valid_guid && GUID_equal(&p->nc.guid, nc_guid))
476 7513 : || strequal(p->nc.dn, nc_dn_str)
477 6533 : || (valid_sid && dom_sid_equal(&p->nc.sid, nc_sid)))
478 : {
479 : /* fill in the right guid and sid if possible */
480 2211 : if (nc_guid && !valid_guid) {
481 967 : dsdb_get_extended_dn_guid(p->dn, nc_guid, "GUID");
482 : }
483 2211 : if (nc_sid && !valid_sid) {
484 1524 : dsdb_get_extended_dn_sid(p->dn, nc_sid, "SID");
485 : }
486 2211 : *_p = p;
487 2211 : return WERR_OK;
488 : }
489 : }
490 :
491 0 : return WERR_DS_DRA_BAD_NC;
492 : }
493 :
494 4085 : WERROR dreplsrv_partition_source_dsa_by_guid(struct dreplsrv_partition *p,
495 : const struct GUID *dsa_guid,
496 : struct dreplsrv_partition_source_dsa **_dsa)
497 : {
498 0 : struct dreplsrv_partition_source_dsa *dsa;
499 :
500 4085 : SMB_ASSERT(dsa_guid != NULL);
501 4085 : SMB_ASSERT(!GUID_all_zero(dsa_guid));
502 4085 : SMB_ASSERT(_dsa);
503 :
504 4145 : for (dsa = p->sources; dsa; dsa = dsa->next) {
505 4139 : if (GUID_equal(dsa_guid, &dsa->repsFrom1->source_dsa_obj_guid)) {
506 4079 : *_dsa = dsa;
507 4079 : return WERR_OK;
508 : }
509 : }
510 :
511 6 : return WERR_DS_DRA_NO_REPLICA;
512 : }
513 :
514 0 : WERROR dreplsrv_partition_source_dsa_by_dns(const struct dreplsrv_partition *p,
515 : const char *dsa_dns,
516 : struct dreplsrv_partition_source_dsa **_dsa)
517 : {
518 0 : struct dreplsrv_partition_source_dsa *dsa;
519 :
520 0 : SMB_ASSERT(dsa_dns != NULL);
521 0 : SMB_ASSERT(_dsa);
522 :
523 0 : for (dsa = p->sources; dsa; dsa = dsa->next) {
524 0 : if (strequal(dsa_dns, dsa->repsFrom1->other_info->dns_name)) {
525 0 : *_dsa = dsa;
526 0 : return WERR_OK;
527 : }
528 : }
529 :
530 0 : return WERR_DS_DRA_NO_REPLICA;
531 : }
532 :
533 :
534 : /*
535 : create a temporary dsa structure for a replication. This is needed
536 : for the initial replication of a new partition, such as when a new
537 : domain NC is created and we are a global catalog server
538 : */
539 6 : WERROR dreplsrv_partition_source_dsa_temporary(struct dreplsrv_partition *p,
540 : TALLOC_CTX *mem_ctx,
541 : const struct GUID *dsa_guid,
542 : struct dreplsrv_partition_source_dsa **_dsa)
543 : {
544 0 : struct dreplsrv_partition_source_dsa *dsa;
545 0 : WERROR werr;
546 :
547 6 : dsa = talloc_zero(mem_ctx, struct dreplsrv_partition_source_dsa);
548 6 : W_ERROR_HAVE_NO_MEMORY(dsa);
549 :
550 6 : dsa->partition = p;
551 6 : dsa->repsFrom1 = &dsa->_repsFromBlob.ctr.ctr1;
552 6 : dsa->repsFrom1->replica_flags = 0;
553 6 : dsa->repsFrom1->source_dsa_obj_guid = *dsa_guid;
554 :
555 6 : dsa->repsFrom1->other_info = talloc_zero(dsa, struct repsFromTo1OtherInfo);
556 6 : W_ERROR_HAVE_NO_MEMORY(dsa->repsFrom1->other_info);
557 :
558 12 : dsa->repsFrom1->other_info->dns_name = samdb_ntds_msdcs_dns_name(p->service->samdb,
559 6 : dsa->repsFrom1->other_info, dsa_guid);
560 6 : W_ERROR_HAVE_NO_MEMORY(dsa->repsFrom1->other_info->dns_name);
561 :
562 6 : werr = dreplsrv_out_connection_attach(p->service, dsa->repsFrom1, &dsa->conn);
563 6 : if (!W_ERROR_IS_OK(werr)) {
564 0 : DEBUG(0,(__location__ ": Failed to attach connection to %s\n",
565 : ldb_dn_get_linearized(p->dn)));
566 0 : talloc_free(dsa);
567 0 : return werr;
568 : }
569 :
570 6 : *_dsa = dsa;
571 :
572 6 : return WERR_OK;
573 : }
574 :
575 :
576 9837 : static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s,
577 : struct dreplsrv_partition *p)
578 : {
579 20 : WERROR status;
580 20 : NTSTATUS ntstatus;
581 9837 : struct ldb_message_element *orf_el = NULL;
582 9837 : struct ldb_result *r = NULL;
583 20 : unsigned int i;
584 20 : int ret;
585 9837 : TALLOC_CTX *mem_ctx = talloc_new(p);
586 20 : static const char *attrs[] = {
587 : "repsFrom",
588 : "repsTo",
589 : NULL
590 : };
591 20 : struct ldb_dn *dn;
592 :
593 9837 : DEBUG(4, ("dreplsrv_refresh_partition(%s)\n",
594 : ldb_dn_get_linearized(p->dn)));
595 :
596 9837 : ret = dsdb_search_dn(s->samdb, mem_ctx, &r, p->dn, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
597 9837 : if (ret == LDB_ERR_NO_SUCH_OBJECT) {
598 : /* we haven't replicated the partition yet, but we
599 : * can fill in the guid, sid etc from the partition DN */
600 0 : dn = p->dn;
601 9837 : } else if (ret != LDB_SUCCESS) {
602 0 : talloc_free(mem_ctx);
603 0 : return WERR_FOOBAR;
604 : } else {
605 9837 : dn = r->msgs[0]->dn;
606 : }
607 :
608 9837 : talloc_free(discard_const(p->nc.dn));
609 9837 : ZERO_STRUCT(p->nc);
610 9837 : p->nc.dn = ldb_dn_alloc_linearized(p, dn);
611 9837 : W_ERROR_HAVE_NO_MEMORY(p->nc.dn);
612 9837 : ntstatus = dsdb_get_extended_dn_guid(dn, &p->nc.guid, "GUID");
613 9837 : if (!NT_STATUS_IS_OK(ntstatus)) {
614 0 : DEBUG(0,(__location__ ": unable to get GUID for %s: %s\n",
615 : p->nc.dn, nt_errstr(ntstatus)));
616 0 : talloc_free(mem_ctx);
617 0 : return WERR_DS_DRA_INTERNAL_ERROR;
618 : }
619 9837 : dsdb_get_extended_dn_sid(dn, &p->nc.sid, "SID");
620 :
621 9837 : talloc_free(p->uptodatevector.cursors);
622 9837 : talloc_free(p->uptodatevector_ex.cursors);
623 9837 : ZERO_STRUCT(p->uptodatevector);
624 9837 : ZERO_STRUCT(p->uptodatevector_ex);
625 :
626 9837 : ret = dsdb_load_udv_v2(s->samdb, p->dn, p, &p->uptodatevector.cursors, &p->uptodatevector.count);
627 9837 : if (ret != LDB_SUCCESS) {
628 0 : DEBUG(4,(__location__ ": no UDV available for %s\n", ldb_dn_get_linearized(p->dn)));
629 : }
630 :
631 9837 : status = WERR_OK;
632 :
633 9837 : if (r != NULL && (orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom"))) {
634 15077 : for (i=0; i < orf_el->num_values; i++) {
635 7788 : status = dreplsrv_partition_add_source_dsa(s, p, &p->sources,
636 7788 : NULL, &orf_el->values[i]);
637 7788 : W_ERROR_NOT_OK_GOTO_DONE(status);
638 : }
639 : }
640 :
641 9837 : if (r != NULL && (orf_el = ldb_msg_find_element(r->msgs[0], "repsTo"))) {
642 19699 : for (i=0; i < orf_el->num_values; i++) {
643 11765 : status = dreplsrv_partition_add_source_dsa(s, p, &p->notifies,
644 11765 : p->sources, &orf_el->values[i]);
645 11765 : W_ERROR_NOT_OK_GOTO_DONE(status);
646 : }
647 : }
648 :
649 9837 : done:
650 9837 : talloc_free(mem_ctx);
651 9837 : return status;
652 : }
653 :
654 2001 : WERROR dreplsrv_refresh_partitions(struct dreplsrv_service *s)
655 : {
656 4 : WERROR status;
657 4 : struct dreplsrv_partition *p;
658 :
659 11838 : for (p = s->partitions; p; p = p->next) {
660 9837 : status = dreplsrv_refresh_partition(s, p);
661 9837 : W_ERROR_NOT_OK_RETURN(status);
662 : }
663 :
664 2001 : return WERR_OK;
665 : }
|
