search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
First attempt to implement dcesrv_drsuapi_DsGetNCChanges
[Samba/aatanasov.git] / source4 / rpc_server / drsuapi / dcesrv_drsuapi.c
blob3fef3eba70d1a5000c3ceaa2a7a62cfbac5272bc
1 /*
2 Unix SMB/CIFS implementation.
3
4 endpoint server for the drsuapi pipe
5
6 Copyright (C) Stefan Metzmacher 2004
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_drsuapi.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "rpc_server/common/common.h"
27 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
28 #include "dsdb/samdb/samdb.h"
29 #include "lib/ldb/include/ldb_errors.h"
30 #include "param/param.h"
31
32 /*
33 drsuapi_DsBind
34 */
35 static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
36 struct drsuapi_DsBind *r)
37 {
38 struct drsuapi_bind_state *b_state;
39 struct dcesrv_handle *handle;
40 struct drsuapi_DsBindInfoCtr *bind_info;
41 struct GUID site_guid;
42 struct ldb_result *site_res;
43 struct ldb_dn *server_site_dn;
44 static const char *site_attrs[] = { "objectGUID", NULL };
45 struct ldb_result *ntds_res;
46 struct ldb_dn *ntds_dn;
47 static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL };
48 uint32_t pid;
49 uint32_t repl_epoch;
50 int ret;
51
52 r->out.bind_info = NULL;
53 ZERO_STRUCTP(r->out.bind_handle);
54
55 b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
56 W_ERROR_HAVE_NO_MEMORY(b_state);
57
58 /*
59 * connect to the samdb
60 */
61 b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
62 if (!b_state->sam_ctx) {
63 return WERR_FOOBAR;
64 }
65
66 /*
67 * find out the guid of our own site
68 */
69 server_site_dn = samdb_server_site_dn(b_state->sam_ctx, mem_ctx);
70 W_ERROR_HAVE_NO_MEMORY(server_site_dn);
71
72 ret = ldb_search(b_state->sam_ctx, mem_ctx, &site_res,
73 server_site_dn, LDB_SCOPE_BASE, site_attrs,
74 "(objectClass=*)");
75 if (ret != LDB_SUCCESS) {
76 return WERR_DS_DRA_INTERNAL_ERROR;
77 }
78 if (site_res->count != 1) {
79 return WERR_DS_DRA_INTERNAL_ERROR;
80 }
81 site_guid = samdb_result_guid(site_res->msgs[0], "objectGUID");
82
83 /*
84 * lookup the local servers Replication Epoch
85 */
86 ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx);
87 W_ERROR_HAVE_NO_MEMORY(ntds_dn);
88
89 ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
90 ntds_dn, LDB_SCOPE_BASE, ntds_attrs,
91 "(objectClass=*)");
92 if (ret != LDB_SUCCESS) {
93 return WERR_DS_DRA_INTERNAL_ERROR;
94 }
95 if (ntds_res->count != 1) {
96 return WERR_DS_DRA_INTERNAL_ERROR;
97 }
98 repl_epoch = samdb_result_uint(ntds_res->msgs[0], "ms-DS-ReplicationEpoch", 0);
99
100 /*
101 * The "process identifier" of the client.
102 * According to the WSPP docs, sectin 5.35, this is
103 * for informational and debugging purposes only.
104 * The assignment is implementation specific.
105 */
106 pid = 0;
107
108 /*
109 * store the clients bind_guid
110 */
111 if (r->in.bind_guid) {
112 b_state->remote_bind_guid = *r->in.bind_guid;
113 }
114
115 /*
116 * store the clients bind_info
117 */
118 if (r->in.bind_info) {
119 switch (r->in.bind_info->length) {
120 case 24: {
121 struct drsuapi_DsBindInfo24 *info24;
122 info24 = &r->in.bind_info->info.info24;
123 b_state->remote_info28.supported_extensions = info24->supported_extensions;
124 b_state->remote_info28.site_guid = info24->site_guid;
125 b_state->remote_info28.pid = info24->pid;
126 b_state->remote_info28.repl_epoch = 0;
127 break;
128 }
129 case 28:
130 b_state->remote_info28 = r->in.bind_info->info.info28;
131 break;
132 }
133 }
134
135 /*
136 * fill in our local bind info 28
137 */
138 b_state->local_info28.supported_extensions = 0;
139 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
140 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
141 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
142 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
143 #if 0 /* we don't support MSZIP compression (only decompression) */
144 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
145 #endif
146 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
147 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
148 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
149 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
150 if (0 /*domain.behavior_version == 2*/) {
151 /* TODO: find out how this is really triggered! */
152 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
153 }
154 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
155 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
156 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
157 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
158 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
159 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
160 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
161 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
162 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
163 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_00100000;
164 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
165 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
166 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
167 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
168 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
169 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
170 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
171 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
172 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
173 #if 0 /* we don't support XPRESS compression yet */
174 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
175 #endif
176 b_state->local_info28.site_guid = site_guid;
177 b_state->local_info28.pid = pid;
178 b_state->local_info28.repl_epoch = repl_epoch;
179
180 /*
181 * allocate the return bind_info
182 */
183 bind_info = talloc(mem_ctx, struct drsuapi_DsBindInfoCtr);
184 W_ERROR_HAVE_NO_MEMORY(bind_info);
185
186 bind_info->length = 28;
187 bind_info->info.info28 = b_state->local_info28;
188
189 /*
190 * allocate a bind handle
191 */
192 handle = dcesrv_handle_new(dce_call->context, DRSUAPI_BIND_HANDLE);
193 W_ERROR_HAVE_NO_MEMORY(handle);
194 handle->data = talloc_steal(handle, b_state);
195
196 /*
197 * prepare reply
198 */
199 r->out.bind_info = bind_info;
200 *r->out.bind_handle = handle->wire_handle;
201
202 return WERR_OK;
203 }
204
205
206 /*
207 drsuapi_DsUnbind
208 */
209 static WERROR dcesrv_drsuapi_DsUnbind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
210 struct drsuapi_DsUnbind *r)
211 {
212 struct dcesrv_handle *h;
213
214 *r->out.bind_handle = *r->in.bind_handle;
215
216 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
217
218 talloc_free(h);
219
220 ZERO_STRUCTP(r->out.bind_handle);
221
222 return WERR_OK;
223 }
224
225
226 /*
227 drsuapi_DsReplicaSync
228 */
229 static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
230 struct drsuapi_DsReplicaSync *r)
231 {
232 /* TODO: implement this call correct!
233 * for now we just say yes,
234 * because we have no output parameter
235 */
236 return WERR_OK;
237 }
238
239 int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
240 TALLOC_CTX *mem_ctx,
241 struct ldb_result **_res,
242 struct ldb_dn *basedn,
243 enum ldb_scope scope,
244 const char * const *attrs,
245 const char *format, ...)
246 {
247 va_list ap;
248 int ret;
249 struct ldb_request *req;
250 char *filter;
251 TALLOC_CTX *tmp_ctx;
252 struct ldb_result *res;
253
254 tmp_ctx = talloc_new(mem_ctx);
255
256 res = talloc_zero(tmp_ctx, struct ldb_result);
257 if (!res) {
258 return LDB_ERR_OPERATIONS_ERROR;
259 }
260
261 va_start(ap, format);
262 filter = talloc_vasprintf(tmp_ctx, format, ap);
263 va_end(ap);
264
265 if (filter == NULL) {
266 talloc_free(tmp_ctx);
267 return LDB_ERR_OPERATIONS_ERROR;
268 }
269
270 ret = ldb_build_search_req(&req, ldb, tmp_ctx,
271 basedn,
272 scope,
273 filter,
274 attrs,
275 NULL,
276 res,
277 ldb_search_default_callback,
278 NULL);
279 if (ret != LDB_SUCCESS) {
280 talloc_free(tmp_ctx);
281 return ret;
282 }
283
284 ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, true, NULL);
285 if (ret != LDB_SUCCESS) {
286 return ret;
287 }
288
289 ret = ldb_request(ldb, req);
290 if (ret == LDB_SUCCESS) {
291 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
292 }
293
294 talloc_free(req);
295 *_res = res;
296 return ret;
297 }
298
299
300 /*
301 drsuapi_DsGetNCChanges
302 */
303 static WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
304 struct drsuapi_DsGetNCChanges *r)
305 {
306 struct ldb_result *site_res;
307 struct drsuapi_DsReplicaObjectIdentifier *ncRoot;
308 struct drsuapi_bind_state *b_state;
309 struct ldb_dn *ncRoot_dn;
310 int ret;
311 int i;
312 int j;
313 int uSN;
314 struct dsdb_schema *schema;
315 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
316 time_t t = time(NULL);
317 NTTIME now;
318 struct drsuapi_DsReplicaObjectListItemEx *currentObject;
319 struct dom_sid *zero_sid;
320 struct ldb_dn *obj_dn;
321
322 b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
323 W_ERROR_HAVE_NO_MEMORY(b_state);
324 zero_sid = talloc_zero(mem_ctx, struct dom_sid);
325 /*
326 * connect to the samdb
327 */
328 b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
329 if (!b_state->sam_ctx) {
330 return WERR_FOOBAR;
331 }
332
333 /* Check request revision. */
334 if (r->in.level != 8) {
335 return WERR_REVISION_MISMATCH;
336 }
337
338 /* Perform access checks. */
339 if (r->in.req->req8.naming_context == NULL) {
340 return WERR_DS_DRA_INVALID_PARAMETER;
341 }
342
343 ncRoot = r->in.req->req8.naming_context;
344 if (ncRoot == NULL) {
345 return WERR_DS_DRA_BAD_NC;
346 }
347
348 /* Construct response. */
349 ncRoot_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, ncRoot->dn);
350 ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, mem_ctx, &site_res,
351 ncRoot_dn, LDB_SCOPE_SUBTREE, NULL,
352 "(&(uSNChanged>=%lld)(objectClass=*))", r->in.req->req8.highwatermark.highest_usn);
353 if (ret != LDB_SUCCESS) {
354 return WERR_DS_DRA_INTERNAL_ERROR;
355 }
356
357 *r->out.level_out = 6;
358 r->out.ctr->ctr6.naming_context = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
359 *r->out.ctr->ctr6.naming_context = *ncRoot;
360 /* TODO: linked attributes*/
361 r->out.ctr->ctr6.linked_attributes_count = 0;
362 r->out.ctr->ctr6.linked_attributes = NULL;
363
364 r->out.ctr->ctr6.object_count = 0;
365 r->out.ctr->ctr6.more_data = false;
366 r->out.ctr->ctr6.uptodateness_vector = NULL;
367
368 /* Prefix mapping */
369 schema = dsdb_get_schema(b_state->sam_ctx);
370 if (!schema) {
371 DEBUG(0,("No schema in b_state->sam_ctx"));
372 }
373
374 dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr);
375 r->out.ctr->ctr6.mapping_ctr = *ctr;
376
377 r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(b_state->sam_ctx));
378 r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(b_state->sam_ctx));
379
380 r->out.ctr->ctr6.old_highwatermark = r->in.req->req8.highwatermark;
381 r->out.ctr->ctr6.new_highwatermark = r->in.req->req8.highwatermark;
382
383 r->out.ctr->ctr6.first_object = talloc(mem_ctx, struct drsuapi_DsReplicaObjectListItemEx);
384 currentObject = r->out.ctr->ctr6.first_object;
385
386 for(i=0; i<site_res->count; i++) {
387 uSN = ldb_msg_find_attr_as_int(site_res->msgs[i],"uSNChanged", -1);
388 r->out.ctr->ctr6.object_count++;
389 if (uSN > r->out.ctr->ctr6.new_highwatermark.highest_usn) {
390 r->out.ctr->ctr6.new_highwatermark.highest_usn = uSN;
391 }
392
393 if (ldb_dn_compare(ncRoot_dn, site_res->msgs[i]->dn) == 0) {
394 currentObject->is_nc_prefix = true;
395 currentObject->parent_object_guid = NULL;
396 } else {
397 currentObject->is_nc_prefix = false;
398 currentObject->parent_object_guid = talloc(mem_ctx, struct GUID);
399 *currentObject->parent_object_guid = samdb_result_guid(site_res->msgs[i], "parentGUID");
400 }
401 currentObject->next_object = NULL;
402 /* TODO: MetaData vector*/
403 currentObject->meta_data_ctr = talloc(mem_ctx, struct drsuapi_DsReplicaMetaDataCtr);
404 currentObject->meta_data_ctr->meta_data = talloc(mem_ctx, struct drsuapi_DsReplicaMetaData);
405 currentObject->meta_data_ctr->count = 0;
406 currentObject->object.identifier = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
407 obj_dn = ldb_msg_find_attr_as_dn(b_state->sam_ctx, mem_ctx, site_res->msgs[i], "distinguishedName");
408 currentObject->object.identifier->dn = ldb_dn_get_linearized(obj_dn);
409 currentObject->object.identifier->guid = GUID_zero();
410 currentObject->object.identifier->sid = *zero_sid;
411
412 currentObject->object.attribute_ctr.num_attributes = site_res->msgs[i]->num_elements;
413 /* Exclude non-replicate attributes from the responce.*/
414 for (j=0; j<site_res->msgs[i]->num_elements; j++) {
415 const struct dsdb_attribute *sa;
416 sa = dsdb_attribute_by_lDAPDisplayName(schema, site_res->msgs[i]->elements[j].name);
417 if (sa && sa->systemFlags & 0x00000001) {
418 ldb_msg_remove_attr(site_res->msgs[i], site_res->msgs[i]->elements[j].name);
419 currentObject->object.attribute_ctr.num_attributes--;
420 }
421 }
422 currentObject->object.attribute_ctr.attributes = talloc_array(mem_ctx, struct drsuapi_DsReplicaAttribute,
423 currentObject->object.attribute_ctr.num_attributes);
424 for (j=0; j<currentObject->object.attribute_ctr.num_attributes; j++) {
425 dsdb_attribute_ldb_to_drsuapi(b_state->sam_ctx, schema,&site_res->msgs[i]->elements[j], mem_ctx,
426 &currentObject->object.attribute_ctr.attributes[j]);
427 }
428
429 if (i == (site_res->count-1)) {
430 break;
431 }
432 currentObject->next_object = talloc(mem_ctx, struct drsuapi_DsReplicaObjectListItemEx);
433 currentObject = currentObject->next_object;
434 }
435
436 r->out.ctr->ctr6.uptodateness_vector = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2CtrEx);
437
438 r->out.ctr->ctr6.uptodateness_vector->version = 2;
439 r->out.ctr->ctr6.uptodateness_vector->count = 1;
440 r->out.ctr->ctr6.uptodateness_vector->reserved1 = 0;
441 r->out.ctr->ctr6.uptodateness_vector->reserved2 = 0;
442 r->out.ctr->ctr6.uptodateness_vector->cursors = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2);
443
444 r->out.ctr->ctr6.uptodateness_vector->cursors[0].source_dsa_invocation_id = *(samdb_ntds_invocation_id(b_state->sam_ctx));
445 r->out.ctr->ctr6.uptodateness_vector->cursors[0].highest_usn = r->out.ctr->ctr6.new_highwatermark.highest_usn;
446 unix_to_nt_time(&now, t);
447 r->out.ctr->ctr6.uptodateness_vector->cursors[0].last_sync_success = now;
448
449 return WERR_OK;
450 }
451
452
453 /*
454 drsuapi_DsReplicaUpdateRefs
455 */
456 static WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
457 struct drsuapi_DsReplicaUpdateRefs *r)
458 {
459 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
460 }
461
462
463 /*
464 DRSUAPI_REPLICA_ADD
465 */
466 static WERROR dcesrv_DRSUAPI_REPLICA_ADD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
467 struct DRSUAPI_REPLICA_ADD *r)
468 {
469 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
470 }
471
472
473 /*
474 DRSUAPI_REPLICA_DEL
475 */
476 static WERROR dcesrv_DRSUAPI_REPLICA_DEL(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
477 struct DRSUAPI_REPLICA_DEL *r)
478 {
479 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
480 }
481
482
483 /*
484 DRSUAPI_REPLICA_MODIFY
485 */
486 static WERROR dcesrv_DRSUAPI_REPLICA_MODIFY(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
487 struct DRSUAPI_REPLICA_MODIFY *r)
488 {
489 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
490 }
491
492
493 /*
494 DRSUAPI_VERIFY_NAMES
495 */
496 static WERROR dcesrv_DRSUAPI_VERIFY_NAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
497 struct DRSUAPI_VERIFY_NAMES *r)
498 {
499 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
500 }
501
502
503 /*
504 drsuapi_DsGetMemberships
505 */
506 static WERROR dcesrv_drsuapi_DsGetMemberships(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
507 struct drsuapi_DsGetMemberships *r)
508 {
509 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
510 }
511
512
513 /*
514 DRSUAPI_INTER_DOMAIN_MOVE
515 */
516 static WERROR dcesrv_DRSUAPI_INTER_DOMAIN_MOVE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
517 struct DRSUAPI_INTER_DOMAIN_MOVE *r)
518 {
519 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
520 }
521
522
523 /*
524 drsuapi_DsGetNT4ChangeLog
525 */
526 static WERROR dcesrv_drsuapi_DsGetNT4ChangeLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
527 struct drsuapi_DsGetNT4ChangeLog *r)
528 {
529 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
530 }
531
532
533 /*
534 drsuapi_DsCrackNames
535 */
536 static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
537 struct drsuapi_DsCrackNames *r)
538 {
539 WERROR status;
540 struct drsuapi_bind_state *b_state;
541 struct dcesrv_handle *h;
542
543 *r->out.level_out = r->in.level;
544
545 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
546 b_state = h->data;
547
548 r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsNameCtr);
549 W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
550
551 switch (r->in.level) {
552 case 1: {
553 struct drsuapi_DsNameCtr1 *ctr1;
554 struct drsuapi_DsNameInfo1 *names;
555 int count;
556 int i;
557
558 ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
559 W_ERROR_HAVE_NO_MEMORY(ctr1);
560
561 count = r->in.req->req1.count;
562 names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count);
563 W_ERROR_HAVE_NO_MEMORY(names);
564
565 for (i=0; i < count; i++) {
566 status = DsCrackNameOneName(b_state->sam_ctx, mem_ctx,
567 r->in.req->req1.format_flags,
568 r->in.req->req1.format_offered,
569 r->in.req->req1.format_desired,
570 r->in.req->req1.names[i].str,
571 &names[i]);
572 if (!W_ERROR_IS_OK(status)) {
573 return status;
574 }
575 }
576
577 ctr1->count = count;
578 ctr1->array = names;
579 r->out.ctr->ctr1 = ctr1;
580
581 return WERR_OK;
582 }
583 }
584
585 return WERR_UNKNOWN_LEVEL;
586 }
587
588 /*
589 drsuapi_DsWriteAccountSpn
590 */
591 static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
592 struct drsuapi_DsWriteAccountSpn *r)
593 {
594 struct drsuapi_bind_state *b_state;
595 struct dcesrv_handle *h;
596
597 *r->out.level_out = r->in.level;
598
599 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
600 b_state = h->data;
601
602 r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
603 W_ERROR_HAVE_NO_MEMORY(r->out.res);
604
605 switch (r->in.level) {
606 case 1: {
607 struct drsuapi_DsWriteAccountSpnRequest1 *req;
608 struct ldb_message *msg;
609 int count, i, ret;
610 req = &r->in.req->req1;
611 count = req->count;
612
613 msg = ldb_msg_new(mem_ctx);
614 if (msg == NULL) {
615 return WERR_NOMEM;
616 }
617
618 msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn);
619 if ( ! ldb_dn_validate(msg->dn)) {
620 r->out.res->res1.status = WERR_OK;
621 return WERR_OK;
622 }
623
624 /* construct mods */
625 for (i = 0; i < count; i++) {
626 samdb_msg_add_string(b_state->sam_ctx,
627 msg, msg, "servicePrincipalName",
628 req->spn_names[i].str);
629 }
630 for (i=0;i<msg->num_elements;i++) {
631 switch (req->operation) {
632 case DRSUAPI_DS_SPN_OPERATION_ADD:
633 msg->elements[i].flags = LDB_FLAG_MOD_ADD;
634 break;
635 case DRSUAPI_DS_SPN_OPERATION_REPLACE:
636 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
637 break;
638 case DRSUAPI_DS_SPN_OPERATION_DELETE:
639 msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
640 break;
641 }
642 }
643
644 /* Apply to database */
645
646 ret = ldb_modify(b_state->sam_ctx, msg);
647 if (ret != 0) {
648 DEBUG(0,("Failed to modify SPNs on %s: %s\n",
649 ldb_dn_get_linearized(msg->dn),
650 ldb_errstring(b_state->sam_ctx)));
651 r->out.res->res1.status = WERR_ACCESS_DENIED;
652 } else {
653 r->out.res->res1.status = WERR_OK;
654 }
655
656 return WERR_OK;
657 }
658 }
659
660 return WERR_UNKNOWN_LEVEL;
661 }
662
663
664 /*
665 drsuapi_DsRemoveDSServer
666 */
667 static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
668 struct drsuapi_DsRemoveDSServer *r)
669 {
670 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
671 }
672
673
674 /*
675 DRSUAPI_REMOVE_DS_DOMAIN
676 */
677 static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
678 struct DRSUAPI_REMOVE_DS_DOMAIN *r)
679 {
680 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
681 }
682
683 /* Obtain the site name from a server DN */
684 static const char *result_site_name(struct ldb_dn *site_dn)
685 {
686 /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
687 const struct ldb_val *val = ldb_dn_get_component_val(site_dn, 2);
688 const char *name = ldb_dn_get_component_name(site_dn, 2);
689
690 if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
691 /* Ensure this matches the format. This gives us a
692 * bit more confidence that a 'cn' value will be a
693 * ascii string */
694 return NULL;
695 }
696 if (val) {
697 return (char *)val->data;
698 }
699 return NULL;
700 }
701
702 /*
703 drsuapi_DsGetDomainControllerInfo
704 */
705 static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_state *b_state,
706 TALLOC_CTX *mem_ctx,
707 struct drsuapi_DsGetDomainControllerInfo *r)
708 {
709 struct ldb_dn *sites_dn;
710 struct ldb_result *res;
711
712 const char *attrs_account_1[] = { "cn", "dnsHostName", NULL };
713 const char *attrs_account_2[] = { "cn", "dnsHostName", "objectGUID", NULL };
714
715 const char *attrs_none[] = { NULL };
716
717 const char *attrs_site[] = { "objectGUID", NULL };
718
719 const char *attrs_ntds[] = { "options", "objectGUID", NULL };
720
721 const char *attrs_1[] = { "serverReference", "cn", "dnsHostName", NULL };
722 const char *attrs_2[] = { "serverReference", "cn", "dnsHostName", "objectGUID", NULL };
723 const char **attrs;
724
725 struct drsuapi_DsGetDCInfoCtr1 *ctr1;
726 struct drsuapi_DsGetDCInfoCtr2 *ctr2;
727
728 int ret, i;
729
730 *r->out.level_out = r->in.req->req1.level;
731 r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr);
732 W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
733
734 sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
735 if (!sites_dn) {
736 return WERR_DS_OBJ_NOT_FOUND;
737 }
738
739 switch (*r->out.level_out) {
740 case -1:
741 /* this level is not like the others */
742 return WERR_UNKNOWN_LEVEL;
743 case 1:
744 attrs = attrs_1;
745 break;
746 case 2:
747 attrs = attrs_2;
748 break;
749 default:
750 return WERR_UNKNOWN_LEVEL;
751 }
752
753 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
754 "objectClass=server");
755
756 if (ret) {
757 DEBUG(1, ("searching for servers in sites DN %s failed: %s\n",
758 ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx)));
759 return WERR_GENERAL_FAILURE;
760 }
761
762 switch (*r->out.level_out) {
763 case 1:
764 ctr1 = &r->out.ctr->ctr1;
765 ctr1->count = res->count;
766 ctr1->array = talloc_zero_array(mem_ctx,
767 struct drsuapi_DsGetDCInfo1,
768 res->count);
769 for (i=0; i < res->count; i++) {
770 struct ldb_dn *domain_dn;
771 struct ldb_result *res_domain;
772 struct ldb_result *res_account;
773 struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
774
775 struct ldb_dn *ref_dn
776 = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
777 mem_ctx, res->msgs[i],
778 "serverReference");
779
780 if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
781 return WERR_NOMEM;
782 }
783
784 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
785 LDB_SCOPE_BASE, attrs_account_1, "objectClass=computer");
786 if (ret == LDB_SUCCESS && res_account->count == 1) {
787 const char *errstr;
788 ctr1->array[i].dns_name
789 = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
790 ctr1->array[i].netbios_name
791 = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
792 ctr1->array[i].computer_dn
793 = ldb_dn_get_linearized(res_account->msgs[0]->dn);
794
795 /* Determine if this is the PDC */
796 ret = samdb_search_for_parent_domain(b_state->sam_ctx,
797 mem_ctx, res_account->msgs[0]->dn,
798 &domain_dn, &errstr);
799
800 if (ret == LDB_SUCCESS) {
801 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
802 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
803 ldb_dn_get_linearized(ntds_dn));
804 if (ret) {
805 return WERR_GENERAL_FAILURE;
806 }
807 if (res_domain->count == 1) {
808 ctr1->array[i].is_pdc = true;
809 }
810 }
811 }
812 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
813 DEBUG(5, ("warning: searching for computer DN %s failed: %s\n",
814 ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
815 }
816
817 /* Look at server DN and extract site component */
818 ctr1->array[i].site_name = result_site_name(res->msgs[i]->dn);
819 ctr1->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
820
821
822 ctr1->array[i].is_enabled = true;
823
824 }
825 break;
826 case 2:
827 ctr2 = &r->out.ctr->ctr2;
828 ctr2->count = res->count;
829 ctr2->array = talloc_zero_array(mem_ctx,
830 struct drsuapi_DsGetDCInfo2,
831 res->count);
832 for (i=0; i < res->count; i++) {
833 struct ldb_dn *domain_dn;
834 struct ldb_result *res_domain;
835 struct ldb_result *res_account;
836 struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
837 struct ldb_result *res_ntds;
838 struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
839 struct ldb_result *res_site;
840 struct ldb_dn *ref_dn
841 = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
842 mem_ctx, res->msgs[i],
843 "serverReference");
844
845 if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
846 return WERR_NOMEM;
847 }
848
849 /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
850 if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
851 return WERR_NOMEM;
852 }
853
854 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
855 LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
856 if (ret == LDB_SUCCESS && res_ntds->count == 1) {
857 ctr2->array[i].is_gc
858 = (ldb_msg_find_attr_as_int(res_ntds->msgs[0], "options", 0) == 1);
859 ctr2->array[i].ntds_guid
860 = samdb_result_guid(res_ntds->msgs[0], "objectGUID");
861 ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
862 }
863 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
864 DEBUG(5, ("warning: searching for NTDS DN %s failed: %s\n",
865 ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx)));
866 }
867
868 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
869 LDB_SCOPE_BASE, attrs_site, "objectClass=site");
870 if (ret == LDB_SUCCESS && res_site->count == 1) {
871 ctr2->array[i].site_guid
872 = samdb_result_guid(res_site->msgs[0], "objectGUID");
873 ctr2->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
874 }
875 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
876 DEBUG(5, ("warning: searching for site DN %s failed: %s\n",
877 ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx)));
878 }
879
880 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
881 LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
882 if (ret == LDB_SUCCESS && res_account->count == 1) {
883 const char *errstr;
884 ctr2->array[i].dns_name
885 = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
886 ctr2->array[i].netbios_name
887 = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
888 ctr2->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
889 ctr2->array[i].computer_guid
890 = samdb_result_guid(res_account->msgs[0], "objectGUID");
891
892 /* Determine if this is the PDC */
893 ret = samdb_search_for_parent_domain(b_state->sam_ctx,
894 mem_ctx, res_account->msgs[0]->dn,
895 &domain_dn, &errstr);
896
897 if (ret == LDB_SUCCESS) {
898 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
899 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
900 ldb_dn_get_linearized(ntds_dn));
901 if (ret == LDB_SUCCESS && res_domain->count == 1) {
902 ctr2->array[i].is_pdc = true;
903 }
904 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
905 DEBUG(5, ("warning: searching for domain DN %s failed: %s\n",
906 ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx)));
907 }
908 }
909 }
910 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
911 DEBUG(5, ("warning: searching for computer account DN %s failed: %s\n",
912 ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
913 }
914
915 /* Look at server DN and extract site component */
916 ctr2->array[i].site_name = result_site_name(res->msgs[i]->dn);
917 ctr2->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
918 ctr2->array[i].server_guid
919 = samdb_result_guid(res->msgs[i], "objectGUID");
920
921 ctr2->array[i].is_enabled = true;
922
923 }
924 break;
925 }
926 return WERR_OK;
927 }
928
929 /*
930 drsuapi_DsGetDomainControllerInfo
931 */
932 static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
933 struct drsuapi_DsGetDomainControllerInfo *r)
934 {
935 struct dcesrv_handle *h;
936 struct drsuapi_bind_state *b_state;
937 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
938 b_state = h->data;
939
940 switch (r->in.level) {
941 case 1:
942 return dcesrv_drsuapi_DsGetDomainControllerInfo_1(b_state, mem_ctx, r);
943 }
944
945 return WERR_UNKNOWN_LEVEL;
946 }
947
948
949 /*
950 drsuapi_DsAddEntry
951 */
952 static WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
953 struct drsuapi_DsAddEntry *r)
954 {
955 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
956 }
957
958
959 /*
960 DRSUAPI_EXECUTE_KCC
961 */
962 static WERROR dcesrv_DRSUAPI_EXECUTE_KCC(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
963 struct DRSUAPI_EXECUTE_KCC *r)
964 {
965 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
966 }
967
968
969 /*
970 drsuapi_DsReplicaGetInfo
971 */
972 static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
973 struct drsuapi_DsReplicaGetInfo *r)
974 {
975 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
976 }
977
978
979 /*
980 DRSUAPI_ADD_SID_HISTORY
981 */
982 static WERROR dcesrv_DRSUAPI_ADD_SID_HISTORY(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
983 struct DRSUAPI_ADD_SID_HISTORY *r)
984 {
985 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
986 }
987
988 /*
989 drsuapi_DsGetMemberships2
990 */
991 static WERROR dcesrv_drsuapi_DsGetMemberships2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
992 struct drsuapi_DsGetMemberships2 *r)
993 {
994 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
995 }
996
997 /*
998 DRSUAPI_REPLICA_VERIFY_OBJECTS
999 */
1000 static WERROR dcesrv_DRSUAPI_REPLICA_VERIFY_OBJECTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1001 struct DRSUAPI_REPLICA_VERIFY_OBJECTS *r)
1002 {
1003 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1004 }
1005
1006
1007 /*
1008 DRSUAPI_GET_OBJECT_EXISTENCE
1009 */
1010 static WERROR dcesrv_DRSUAPI_GET_OBJECT_EXISTENCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1011 struct DRSUAPI_GET_OBJECT_EXISTENCE *r)
1012 {
1013 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1014 }
1015
1016
1017 /*
1018 drsuapi_QuerySitesByCost
1019 */
1020 static WERROR dcesrv_drsuapi_QuerySitesByCost(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1021 struct drsuapi_QuerySitesByCost *r)
1022 {
1023 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1024 }
1025
1026
1027 /* include the generated boilerplate */
1028 #include "librpc/gen_ndr/ndr_drsuapi_s.c"
aatanasov's samba4 branch