search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/docs: Remove superfluous bracket.
[Samba/gbeck.git] / source4 / dsdb / repl / replicated_objects.c
blob58243349b905e35b461b50505fb7e5c993fd03df
1 /*
2 Unix SMB/CIFS mplementation.
3 Helper functions for applying replicated objects
4
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 */
21
22 #include "includes.h"
23 #include "dsdb/samdb/samdb.h"
24 #include "lib/ldb/include/ldb_errors.h"
25 #include "../lib/util/dlinklist.h"
26 #include "librpc/gen_ndr/ndr_misc.h"
27 #include "librpc/gen_ndr/ndr_drsuapi.h"
28 #include "librpc/gen_ndr/ndr_drsblobs.h"
29 #include "../lib/crypto/crypto.h"
30 #include "../libcli/drsuapi/drsuapi.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "param/param.h"
33
34 WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
35 const struct dsdb_schema *schema,
36 const struct dsdb_schema_prefixmap *pfm_remote,
37 const struct drsuapi_DsReplicaObjectListItemEx *in,
38 const DATA_BLOB *gensec_skey,
39 TALLOC_CTX *mem_ctx,
40 struct dsdb_extended_replicated_object *out)
41 {
42 NTSTATUS nt_status;
43 WERROR status;
44 uint32_t i;
45 struct ldb_message *msg;
46 struct replPropertyMetaDataBlob *md;
47 struct ldb_val guid_value;
48 NTTIME whenChanged = 0;
49 time_t whenChanged_t;
50 const char *whenChanged_s;
51 const char *rdn_name = NULL;
52 const struct ldb_val *rdn_value = NULL;
53 const struct dsdb_attribute *rdn_attr = NULL;
54 uint32_t rdn_attid;
55 struct drsuapi_DsReplicaAttribute *name_a = NULL;
56 struct drsuapi_DsReplicaMetaData *name_d = NULL;
57 struct replPropertyMetaData1 *rdn_m = NULL;
58 struct dom_sid *sid = NULL;
59 uint32_t rid = 0;
60 int ret;
61
62 if (!in->object.identifier) {
63 return WERR_FOOBAR;
64 }
65
66 if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
67 return WERR_FOOBAR;
68 }
69
70 if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
71 return WERR_FOOBAR;
72 }
73
74 if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
75 return WERR_FOOBAR;
76 }
77
78 sid = &in->object.identifier->sid;
79 if (sid->num_auths > 0) {
80 rid = sid->sub_auths[sid->num_auths - 1];
81 }
82
83 msg = ldb_msg_new(mem_ctx);
84 W_ERROR_HAVE_NO_MEMORY(msg);
85
86 msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
87 W_ERROR_HAVE_NO_MEMORY(msg->dn);
88
89 rdn_name = ldb_dn_get_rdn_name(msg->dn);
90 rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
91 if (!rdn_attr) {
92 return WERR_FOOBAR;
93 }
94 rdn_attid = rdn_attr->attributeID_id;
95 rdn_value = ldb_dn_get_rdn_val(msg->dn);
96
97 msg->num_elements = in->object.attribute_ctr.num_attributes;
98 msg->elements = talloc_array(msg, struct ldb_message_element,
99 msg->num_elements);
100 W_ERROR_HAVE_NO_MEMORY(msg->elements);
101
102 md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
103 W_ERROR_HAVE_NO_MEMORY(md);
104
105 md->version = 1;
106 md->reserved = 0;
107 md->ctr.ctr1.count = in->meta_data_ctr->count;
108 md->ctr.ctr1.reserved = 0;
109 md->ctr.ctr1.array = talloc_array(mem_ctx,
110 struct replPropertyMetaData1,
111 md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */
112 W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
113
114 for (i=0; i < in->meta_data_ctr->count; i++) {
115 struct drsuapi_DsReplicaAttribute *a;
116 struct drsuapi_DsReplicaMetaData *d;
117 struct replPropertyMetaData1 *m;
118 struct ldb_message_element *e;
119 uint32_t j;
120
121 a = &in->object.attribute_ctr.attributes[i];
122 d = &in->meta_data_ctr->meta_data[i];
123 m = &md->ctr.ctr1.array[i];
124 e = &msg->elements[i];
125
126 for (j=0; j<a->value_ctr.num_values; j++) {
127 status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a);
128 W_ERROR_NOT_OK_RETURN(status);
129 }
130
131 status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
132 a, msg->elements, e);
133 W_ERROR_NOT_OK_RETURN(status);
134
135 m->attid = a->attid;
136 m->version = d->version;
137 m->originating_change_time = d->originating_change_time;
138 m->originating_invocation_id = d->originating_invocation_id;
139 m->originating_usn = d->originating_usn;
140 m->local_usn = 0;
141
142 if (d->originating_change_time > whenChanged) {
143 whenChanged = d->originating_change_time;
144 }
145
146 if (a->attid == DRSUAPI_ATTID_name) {
147 name_a = a;
148 name_d = d;
149 rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count];
150 }
151 }
152
153 if (rdn_m) {
154 struct ldb_message_element *el;
155 el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
156 if (!el) {
157 ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL);
158 if (ret != LDB_SUCCESS) {
159 return WERR_FOOBAR;
160 }
161 } else {
162 if (el->num_values != 1) {
163 DEBUG(0,(__location__ ": Unexpected num_values=%u\n",
164 el->num_values));
165 return WERR_FOOBAR;
166 }
167 if (!ldb_val_equal_exact(&el->values[0], rdn_value)) {
168 DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n",
169 (int)el->values[0].length, (int)el->values[0].length, el->values[0].data,
170 (int)rdn_value->length, (int)rdn_value->length, rdn_value->data));
171 return WERR_FOOBAR;
172 }
173 }
174
175 rdn_m->attid = rdn_attid;
176 rdn_m->version = name_d->version;
177 rdn_m->originating_change_time = name_d->originating_change_time;
178 rdn_m->originating_invocation_id = name_d->originating_invocation_id;
179 rdn_m->originating_usn = name_d->originating_usn;
180 rdn_m->local_usn = 0;
181 md->ctr.ctr1.count++;
182
183 }
184
185 whenChanged_t = nt_time_to_unix(whenChanged);
186 whenChanged_s = ldb_timestring(msg, whenChanged_t);
187 W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
188
189 nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value);
190 if (!NT_STATUS_IS_OK(nt_status)) {
191 return ntstatus_to_werror(nt_status);
192 }
193
194 out->msg = msg;
195 out->guid_value = guid_value;
196 out->when_changed = whenChanged_s;
197 out->meta_data = md;
198 return WERR_OK;
199 }
200
201 WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb,
202 const char *partition_dn_str,
203 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
204 uint32_t object_count,
205 const struct drsuapi_DsReplicaObjectListItemEx *first_object,
206 uint32_t linked_attributes_count,
207 const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes,
208 const struct repsFromTo1 *source_dsa,
209 const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector,
210 const DATA_BLOB *gensec_skey,
211 TALLOC_CTX *mem_ctx,
212 struct dsdb_extended_replicated_objects **objects)
213 {
214 WERROR status;
215 struct ldb_dn *partition_dn;
216 const struct dsdb_schema *schema;
217 struct dsdb_schema_prefixmap *pfm_remote;
218 struct dsdb_extended_replicated_objects *out;
219 const struct drsuapi_DsReplicaObjectListItemEx *cur;
220 uint32_t i;
221
222 out = talloc_zero(mem_ctx, struct dsdb_extended_replicated_objects);
223 W_ERROR_HAVE_NO_MEMORY(out);
224 out->version = DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION;
225
226 /* Get the schema, and ensure it's kept valid for as long as 'out' which may contain pointers to it */
227 schema = dsdb_get_schema(ldb, out);
228 if (!schema) {
229 talloc_free(out);
230 return WERR_DS_SCHEMA_NOT_LOADED;
231 }
232
233 partition_dn = ldb_dn_new(out, ldb, partition_dn_str);
234 W_ERROR_HAVE_NO_MEMORY_AND_FREE(partition_dn, out);
235
236 status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
237 out, &pfm_remote, NULL);
238 if (!W_ERROR_IS_OK(status)) {
239 DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s",
240 win_errstr(status)));
241 talloc_free(out);
242 return status;
243 }
244
245 if (ldb_dn_compare(partition_dn, ldb_get_schema_basedn(ldb)) != 0) {
246 /*
247 * check for schema changes in case
248 * we are not replicating Schema NC
249 */
250 status = dsdb_schema_info_cmp(schema, mapping_ctr);
251 if (!W_ERROR_IS_OK(status)) {
252 DEBUG(1,("Remote schema has changed while replicating %s\n",
253 partition_dn_str));
254 talloc_free(out);
255 return status;
256 }
257 }
258
259 out->partition_dn = partition_dn;
260
261 out->source_dsa = source_dsa;
262 out->uptodateness_vector= uptodateness_vector;
263
264 out->num_objects = object_count;
265 out->objects = talloc_array(out,
266 struct dsdb_extended_replicated_object,
267 out->num_objects);
268 W_ERROR_HAVE_NO_MEMORY_AND_FREE(out->objects, out);
269
270 /* pass the linked attributes down to the repl_meta_data
271 module */
272 out->linked_attributes_count = linked_attributes_count;
273 out->linked_attributes = linked_attributes;
274
275 for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
276 if (i == out->num_objects) {
277 talloc_free(out);
278 return WERR_FOOBAR;
279 }
280
281 status = dsdb_convert_object_ex(ldb, schema, pfm_remote,
282 cur, gensec_skey,
283 out->objects, &out->objects[i]);
284 if (!W_ERROR_IS_OK(status)) {
285 talloc_free(out);
286 DEBUG(0,("Failed to convert object %s: %s\n",
287 cur->object.identifier->dn,
288 win_errstr(status)));
289 return status;
290 }
291 }
292 if (i != out->num_objects) {
293 talloc_free(out);
294 return WERR_FOOBAR;
295 }
296
297 /* free pfm_remote, we won't need it anymore */
298 talloc_free(pfm_remote);
299
300 *objects = out;
301 return WERR_OK;
302 }
303
304 WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb,
305 struct dsdb_extended_replicated_objects *objects,
306 uint64_t *notify_uSN)
307 {
308 struct ldb_result *ext_res;
309 int ret;
310 uint64_t seq_num1, seq_num2;
311
312 /* TODO: handle linked attributes */
313
314 /* wrap the extended operation in a transaction
315 See [MS-DRSR] 3.3.2 Transactions
316 */
317 ret = ldb_transaction_start(ldb);
318 if (ret != LDB_SUCCESS) {
319 DEBUG(0,(__location__ " Failed to start transaction\n"));
320 return WERR_FOOBAR;
321 }
322
323 ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num1, NULL);
324 if (ret != LDB_SUCCESS) {
325 DEBUG(0,(__location__ " Failed to load partition uSN\n"));
326 ldb_transaction_cancel(ldb);
327 return WERR_FOOBAR;
328 }
329
330 ret = ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, objects, &ext_res);
331 if (ret != LDB_SUCCESS) {
332 DEBUG(0,("Failed to apply records: %s: %s\n",
333 ldb_errstring(ldb), ldb_strerror(ret)));
334 ldb_transaction_cancel(ldb);
335 return WERR_FOOBAR;
336 }
337 talloc_free(ext_res);
338
339 ret = ldb_transaction_prepare_commit(ldb);
340 if (ret != LDB_SUCCESS) {
341 DEBUG(0,(__location__ " Failed to prepare commit of transaction: %s\n",
342 ldb_errstring(ldb)));
343 return WERR_FOOBAR;
344 }
345
346 ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num2, NULL);
347 if (ret != LDB_SUCCESS) {
348 DEBUG(0,(__location__ " Failed to load partition uSN\n"));
349 ldb_transaction_cancel(ldb);
350 return WERR_FOOBAR;
351 }
352
353 /* if this replication partner didn't need to be notified
354 before this transaction then it still doesn't need to be
355 notified, as the changes came from this server */
356 if (seq_num2 > seq_num1 && seq_num1 <= *notify_uSN) {
357 *notify_uSN = seq_num2;
358 }
359
360 ret = ldb_transaction_commit(ldb);
361 if (ret != LDB_SUCCESS) {
362 DEBUG(0,(__location__ " Failed to commit transaction\n"));
363 return WERR_FOOBAR;
364 }
365
366
367 DEBUG(2,("Replicated %u objects (%u linked attributes) for %s\n",
368 objects->num_objects, objects->linked_attributes_count,
369 ldb_dn_get_linearized(objects->partition_dn)));
370
371 return WERR_OK;
372 }
373
374 static WERROR dsdb_origin_object_convert(struct ldb_context *ldb,
375 const struct dsdb_schema *schema,
376 const struct drsuapi_DsReplicaObjectListItem *in,
377 TALLOC_CTX *mem_ctx,
378 struct ldb_message **_msg)
379 {
380 WERROR status;
381 unsigned int i;
382 struct ldb_message *msg;
383
384 if (!in->object.identifier) {
385 return WERR_FOOBAR;
386 }
387
388 if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
389 return WERR_FOOBAR;
390 }
391
392 msg = ldb_msg_new(mem_ctx);
393 W_ERROR_HAVE_NO_MEMORY(msg);
394
395 msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
396 W_ERROR_HAVE_NO_MEMORY(msg->dn);
397
398 msg->num_elements = in->object.attribute_ctr.num_attributes;
399 msg->elements = talloc_array(msg, struct ldb_message_element,
400 msg->num_elements);
401 W_ERROR_HAVE_NO_MEMORY(msg->elements);
402
403 for (i=0; i < msg->num_elements; i++) {
404 struct drsuapi_DsReplicaAttribute *a;
405 struct ldb_message_element *e;
406
407 a = &in->object.attribute_ctr.attributes[i];
408 e = &msg->elements[i];
409
410 status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap,
411 a, msg->elements, e);
412 W_ERROR_NOT_OK_RETURN(status);
413 }
414
415
416 *_msg = msg;
417
418 return WERR_OK;
419 }
420
421 WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
422 TALLOC_CTX *mem_ctx,
423 const struct drsuapi_DsReplicaObjectListItem *first_object,
424 uint32_t *_num,
425 struct drsuapi_DsReplicaObjectIdentifier2 **_ids)
426 {
427 WERROR status;
428 const struct dsdb_schema *schema;
429 const struct drsuapi_DsReplicaObjectListItem *cur;
430 struct ldb_message **objects;
431 struct drsuapi_DsReplicaObjectIdentifier2 *ids;
432 uint32_t i;
433 uint32_t num_objects = 0;
434 const char * const attrs[] = {
435 "objectGUID",
436 "objectSid",
437 NULL
438 };
439 struct ldb_result *res;
440 int ret;
441
442 for (cur = first_object; cur; cur = cur->next_object) {
443 num_objects++;
444 }
445
446 if (num_objects == 0) {
447 return WERR_OK;
448 }
449
450 ret = ldb_transaction_start(ldb);
451 if (ret != LDB_SUCCESS) {
452 return WERR_DS_INTERNAL_FAILURE;
453 }
454
455 objects = talloc_array(mem_ctx, struct ldb_message *,
456 num_objects);
457 if (objects == NULL) {
458 status = WERR_NOMEM;
459 goto cancel;
460 }
461
462 schema = dsdb_get_schema(ldb, objects);
463 if (!schema) {
464 return WERR_DS_SCHEMA_NOT_LOADED;
465 }
466
467 for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
468 status = dsdb_origin_object_convert(ldb, schema, cur,
469 objects, &objects[i]);
470 if (!W_ERROR_IS_OK(status)) {
471 goto cancel;
472 }
473 }
474
475 ids = talloc_array(mem_ctx,
476 struct drsuapi_DsReplicaObjectIdentifier2,
477 num_objects);
478 if (ids == NULL) {
479 status = WERR_NOMEM;
480 goto cancel;
481 }
482
483 for (i=0; i < num_objects; i++) {
484 struct dom_sid *sid = NULL;
485 struct ldb_request *add_req;
486
487 DEBUG(6,(__location__ ": adding %s\n",
488 ldb_dn_get_linearized(objects[i]->dn)));
489
490 ret = ldb_build_add_req(&add_req,
491 ldb,
492 objects,
493 objects[i],
494 NULL,
495 NULL,
496 ldb_op_default_callback,
497 NULL);
498 if (ret != LDB_SUCCESS) {
499 status = WERR_DS_INTERNAL_FAILURE;
500 goto cancel;
501 }
502
503 ret = ldb_request_add_control(add_req, LDB_CONTROL_RELAX_OID, true, NULL);
504 if (ret != LDB_SUCCESS) {
505 status = WERR_DS_INTERNAL_FAILURE;
506 goto cancel;
507 }
508
509 ret = ldb_request(ldb, add_req);
510 if (ret == LDB_SUCCESS) {
511 ret = ldb_wait(add_req->handle, LDB_WAIT_ALL);
512 }
513 if (ret != LDB_SUCCESS) {
514 DEBUG(0,(__location__ ": Failed add of %s - %s\n",
515 ldb_dn_get_linearized(objects[i]->dn), ldb_errstring(ldb)));
516 status = WERR_DS_INTERNAL_FAILURE;
517 goto cancel;
518 }
519
520 talloc_free(add_req);
521
522 ret = ldb_search(ldb, objects, &res, objects[i]->dn,
523 LDB_SCOPE_BASE, attrs,
524 "(objectClass=*)");
525 if (ret != LDB_SUCCESS) {
526 status = WERR_DS_INTERNAL_FAILURE;
527 goto cancel;
528 }
529 ids[i].guid = samdb_result_guid(res->msgs[0], "objectGUID");
530 sid = samdb_result_dom_sid(objects, res->msgs[0], "objectSid");
531 if (sid) {
532 ids[i].sid = *sid;
533 } else {
534 ZERO_STRUCT(ids[i].sid);
535 }
536 }
537
538 ret = ldb_transaction_commit(ldb);
539 if (ret != LDB_SUCCESS) {
540 return WERR_DS_INTERNAL_FAILURE;
541 }
542
543 talloc_free(objects);
544
545 *_num = num_objects;
546 *_ids = ids;
547 return WERR_OK;
548
549 cancel:
550 talloc_free(objects);
551 ldb_transaction_cancel(ldb);
552 return status;
553 }
WIP