source4/rpc_server/drsuapi/updaterefs.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    implement the DRSUpdateRefs call
   5
   6    Copyright (C) Andrew Tridgell 2009
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "rpc_server/dcerpc_server.h"
  24 #include "dsdb/samdb/samdb.h"
  25 #include "libcli/security/security.h"
  26 #include "libcli/security/session.h"
  27 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
  28 #include "auth/session.h"
  29 #include "librpc/gen_ndr/ndr_drsuapi.h"
  30 #include "librpc/gen_ndr/ndr_irpc_c.h"
  31 #include "lib/messaging/irpc.h"
  32
  33 struct repsTo {
  34         uint32_t count;
  35         struct repsFromToBlob *r;
  36 };
  37
  38 /*
  39   add a replication destination for a given partition GUID
  40  */
  41 static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
  42                             struct ldb_dn *dn, struct repsFromTo1 *dest,
  43                             uint32_t options)
  44 {
  45         struct repsTo reps;
  46         WERROR werr;
  47         unsigned int i;
  48
  49         werr = dsdb_loadreps(sam_ctx, mem_ctx, dn, "repsTo", &reps.r, &reps.count);
  50         if (!W_ERROR_IS_OK(werr)) {
  51                 return werr;
  52         }
  53
  54         for (i=0; i<reps.count; i++) {
  55                 if (GUID_equal(&dest->source_dsa_obj_guid,
  56                                &reps.r[i].ctr.ctr1.source_dsa_obj_guid)) {
  57                         if (options & DRSUAPI_DRS_GETCHG_CHECK) {
  58                                 return WERR_OK;
  59                         } else {
  60                                 return WERR_DS_DRA_REF_ALREADY_EXISTS;
  61                         }
  62                 }
  63         }
  64
  65         reps.r = talloc_realloc(mem_ctx, reps.r, struct repsFromToBlob, reps.count+1);
  66         if (reps.r == NULL) {
  67                 return WERR_DS_DRA_INTERNAL_ERROR;
  68         }
  69         ZERO_STRUCT(reps.r[reps.count]);
  70         reps.r[reps.count].version = 1;
  71         reps.r[reps.count].ctr.ctr1 = *dest;
  72         /* add the GCSPN flag if the client asked for it */
  73         reps.r[reps.count].ctr.ctr1.replica_flags |= (options & DRSUAPI_DRS_REF_GCSPN);
  74         reps.count++;
  75
  76         werr = dsdb_savereps(sam_ctx, mem_ctx, dn, "repsTo", reps.r, reps.count);
  77         if (!W_ERROR_IS_OK(werr)) {
  78                 return werr;
  79         }
  80
  81         return WERR_OK;
  82 }
  83
  84 /*
  85   delete a replication destination for a given partition GUID
  86  */
  87 static WERROR uref_del_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
  88                             struct ldb_dn *dn, struct GUID *dest_guid,
  89                             uint32_t options)
  90 {
  91         struct repsTo reps;
  92         WERROR werr;
  93         unsigned int i;
  94         bool found = false;
  95
  96         werr = dsdb_loadreps(sam_ctx, mem_ctx, dn, "repsTo", &reps.r, &reps.count);
  97         if (!W_ERROR_IS_OK(werr)) {
  98                 return werr;
  99         }
 100
 101         for (i=0; i<reps.count; i++) {
 102                 if (GUID_equal(dest_guid,
 103                                &reps.r[i].ctr.ctr1.source_dsa_obj_guid)) {
 104                         if (i+1 < reps.count) {
 105                                 memmove(&reps.r[i], &reps.r[i+1], sizeof(reps.r[i])*(reps.count-(i+1)));
 106                         }
 107                         reps.count--;
 108                         found = true;
 109                 }
 110         }
 111
 112         werr = dsdb_savereps(sam_ctx, mem_ctx, dn, "repsTo", reps.r, reps.count);
 113         if (!W_ERROR_IS_OK(werr)) {
 114                 return werr;
 115         }
 116
 117         if (!found &&
 118             !(options & DRSUAPI_DRS_GETCHG_CHECK) &&
 119             !(options & DRSUAPI_DRS_ADD_REF)) {
 120                 return WERR_DS_DRA_REF_NOT_FOUND;
 121         }
 122
 123         return WERR_OK;
 124 }
 125
 126 struct drepl_refresh_state {
 127         struct dreplsrv_refresh r;
 128 };
 129
 130 /**
 131  * @brief Update the references for the given NC and the destination DSA object
 132  *
 133  * This function is callable from non RPC functions (ie. getncchanges), it
 134  * will validate the request to update reference and then will add/del a repsTo
 135  * to the specified server referenced by its DSA GUID in the request.
 136  *
 137  * @param[in]       msg_ctx          Messaging context for sending partition
 138  *                                   refresh in dreplsrv
 139  *
 140  * @param[in]       b_state          A bind_state object
 141  *
 142  * @param[in]       mem_ctx          A talloc context for memory allocation
 143  *
 144  * @param[in]       req              A drsuapi_DsReplicaUpdateRefsRequest1
 145  *                                   object which NC, which server and which
 146  *                                   action (add/delete) should be performed
 147  *
 148  * @return                           WERR_OK is success, different error
 149  *                                   otherwise.
 150  */
 151 WERROR drsuapi_UpdateRefs(struct imessaging_context *msg_ctx,
 152                           struct tevent_context *event_ctx,
 153                           struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
 154                           struct drsuapi_DsReplicaUpdateRefsRequest1 *req)
 155 {
 156         WERROR werr;
 157         int ret;
 158         struct ldb_dn *dn;
 159         struct ldb_dn *nc_root;
 160         struct ldb_context *sam_ctx = b_state->sam_ctx_system?b_state->sam_ctx_system:b_state->sam_ctx;
 161         struct dcerpc_binding_handle *irpc_handle;
 162         struct tevent_req *subreq;
 163         struct drepl_refresh_state *state;
 164
 165
 166         DEBUG(4,("DsReplicaUpdateRefs for host '%s' with GUID %s options 0x%08x nc=%s\n",
 167                  req->dest_dsa_dns_name, GUID_string(mem_ctx, &req->dest_dsa_guid),
 168                  req->options,
 169                  drs_ObjectIdentifier_to_string(mem_ctx, req->naming_context)));
 170
 171         /*
 172          * 4.1.26.2 Server Behavior of the IDL_DRSUpdateRefs Method
 173          * Implements the input validation checks
 174          */
 175         if (GUID_all_zero(&req->dest_dsa_guid)) {
 176                 return WERR_DS_DRA_INVALID_PARAMETER;
 177         }
 178
 179         /* FIXME it seems that we should check the length of the stuff too*/
 180         if (req->dest_dsa_dns_name == NULL) {
 181                 return WERR_DS_DRA_INVALID_PARAMETER;
 182         }
 183
 184         if (!(req->options & (DRSUAPI_DRS_DEL_REF|DRSUAPI_DRS_ADD_REF))) {
 185                 return WERR_DS_DRA_INVALID_PARAMETER;
 186         }
 187
 188         dn = drs_ObjectIdentifier_to_dn(mem_ctx, sam_ctx, req->naming_context);
 189         W_ERROR_HAVE_NO_MEMORY(dn);
 190         ret = dsdb_find_nc_root(sam_ctx, dn, dn, &nc_root);
 191         if (ret != LDB_SUCCESS) {
 192                 DEBUG(2, ("Didn't find a nc for %s\n", ldb_dn_get_linearized(dn)));
 193                 return WERR_DS_DRA_BAD_NC;
 194         }
 195         if (ldb_dn_compare(dn, nc_root) != 0) {
 196                 DEBUG(2, ("dn %s is not equal to %s\n", ldb_dn_get_linearized(dn), ldb_dn_get_linearized(nc_root)));
 197                 return WERR_DS_DRA_BAD_NC;
 198         }
 199
 200         if (ldb_transaction_start(sam_ctx) != LDB_SUCCESS) {
 201                 DEBUG(0,(__location__ ": Failed to start transaction on samdb: %s\n",
 202                          ldb_errstring(sam_ctx)));
 203                 return WERR_DS_DRA_INTERNAL_ERROR;
 204         }
 205
 206         if (req->options & DRSUAPI_DRS_DEL_REF) {
 207                 werr = uref_del_dest(sam_ctx, mem_ctx, dn, &req->dest_dsa_guid, req->options);
 208                 if (!W_ERROR_IS_OK(werr)) {
 209                         DEBUG(0,("Failed to delete repsTo for %s: %s\n",
 210                                  GUID_string(mem_ctx, &req->dest_dsa_guid),
 211                                  win_errstr(werr)));
 212                         goto failed;
 213                 }
 214         }
 215
 216         if (req->options & DRSUAPI_DRS_ADD_REF) {
 217                 struct repsFromTo1 dest;
 218                 struct repsFromTo1OtherInfo oi;
 219
 220                 ZERO_STRUCT(dest);
 221                 ZERO_STRUCT(oi);
 222
 223                 oi.dns_name = req->dest_dsa_dns_name;
 224                 dest.other_info          = &oi;
 225                 dest.source_dsa_obj_guid = req->dest_dsa_guid;
 226                 dest.replica_flags       = req->options;
 227
 228                 werr = uref_add_dest(sam_ctx, mem_ctx, dn, &dest, req->options);
 229                 if (!W_ERROR_IS_OK(werr)) {
 230                         DEBUG(0,("Failed to add repsTo for %s: %s\n",
 231                                  GUID_string(mem_ctx, &dest.source_dsa_obj_guid),
 232                                  win_errstr(werr)));
 233                         goto failed;
 234                 }
 235         }
 236
 237         if (ldb_transaction_commit(sam_ctx) != LDB_SUCCESS) {
 238                 DEBUG(0,(__location__ ": Failed to commit transaction on samdb: %s\n",
 239                          ldb_errstring(sam_ctx)));
 240                 return WERR_DS_DRA_INTERNAL_ERROR;
 241         }
 242
 243         state = talloc_zero(mem_ctx, struct drepl_refresh_state);
 244         if (state == NULL) {
 245                 return WERR_OK;
 246         }
 247
 248         irpc_handle = irpc_binding_handle_by_name(mem_ctx, msg_ctx,
 249                                                   "dreplsrv", &ndr_table_irpc);
 250         if (irpc_handle == NULL) {
 251                 /* dreplsrv is not running yet */
 252                 TALLOC_FREE(state);
 253                 return WERR_OK;
 254         }
 255
 256         /*
 257          * [Taken from auth_sam_trigger_repl_secret in auth_sam.c]
 258          *
 259          * This seem to rely on the current IRPC implementation,
 260          * which delivers the message in the _send function.
 261          *
 262          * TODO: we need a ONE_WAY IRPC handle and register
 263          * a callback and wait for it to be triggered!
 264          */
 265         subreq = dcerpc_dreplsrv_refresh_r_send(state, event_ctx,
 266                                                 irpc_handle, &state->r);
 267         TALLOC_FREE(subreq);
 268         TALLOC_FREE(state);
 269
 270         return WERR_OK;
 271
 272 failed:
 273         ldb_transaction_cancel(sam_ctx);
 274         return werr;
 275 }
 276
 277 /*
 278   drsuapi_DsReplicaUpdateRefs
 279 */
 280 WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 281                                           struct drsuapi_DsReplicaUpdateRefs *r)
 282 {
 283         struct dcesrv_handle *h;
 284         struct drsuapi_bind_state *b_state;
 285         struct drsuapi_DsReplicaUpdateRefsRequest1 *req;
 286         WERROR werr;
 287         int ret;
 288         enum security_user_level security_level;
 289
 290         DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
 291         b_state = h->data;
 292
 293         if (r->in.level != 1) {
 294                 DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level));
 295                 return WERR_DS_DRA_INVALID_PARAMETER;
 296         }
 297         req = &r->in.req.req1;
 298         werr = drs_security_access_check(b_state->sam_ctx,
 299                                          mem_ctx,
 300                                          dce_call->conn->auth_state.session_info->security_token,
 301                                          req->naming_context,
 302                                          GUID_DRS_MANAGE_TOPOLOGY);
 303
 304         if (!W_ERROR_IS_OK(werr)) {
 305                 return werr;
 306         }
 307
 308         security_level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
 309         if (security_level < SECURITY_ADMINISTRATOR) {
 310                 /* check that they are using an DSA objectGUID that they own */
 311                 ret = dsdb_validate_dsa_guid(b_state->sam_ctx,
 312                                              &req->dest_dsa_guid,
 313                                              &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
 314                 if (ret != LDB_SUCCESS) {
 315                         DEBUG(0,(__location__ ": Refusing DsReplicaUpdateRefs for sid %s with GUID %s\n",
 316                                  dom_sid_string(mem_ctx,
 317                                                 &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
 318                                  GUID_string(mem_ctx, &req->dest_dsa_guid)));
 319                         return WERR_DS_DRA_ACCESS_DENIED;
 320                 }
 321         }
 322
 323         werr = drsuapi_UpdateRefs(dce_call->msg_ctx, dce_call->event_ctx,
 324                                   b_state, mem_ctx, req);
 325
 326 #if 0
 327         NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaUpdateRefs, NDR_BOTH, r);
 328 #endif
 329
 330         return werr;
 331 }