search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dsdb-drs: when replicating schema object checks ask for removal of previous version...
[Samba/gebeck_regimport.git] / source4 / dsdb / repl / replicated_objects.c
blob6c96b4111e18843df1d7c903e2533a1e34625ef3
1 /*
2 Unix SMB/CIFS mplementation.
3 Helper functions for applying replicated objects
4
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 */
21
22 #include "includes.h"
23 #include "dsdb/samdb/samdb.h"
24 #include <ldb_errors.h>
25 #include "../lib/util/dlinklist.h"
26 #include "librpc/gen_ndr/ndr_misc.h"
27 #include "librpc/gen_ndr/ndr_drsuapi.h"
28 #include "librpc/gen_ndr/ndr_drsblobs.h"
29 #include "../lib/crypto/crypto.h"
30 #include "../libcli/drsuapi/drsuapi.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "param/param.h"
33
34 /**
35 * Multi-pass working schema creation
36 * Function will:
37 * - shallow copy initial schema supplied
38 * - create a working schema in multiple passes
39 * until all objects are resolved
40 * Working schema is a schema with Attributes, Classes
41 * and indexes, but w/o subClassOf, possibleSupperiors etc.
42 * It is to be used just us cache for converting attribute values.
43 */
44 WERROR dsdb_repl_make_working_schema(struct ldb_context *ldb,
45 const struct dsdb_schema *initial_schema,
46 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
47 uint32_t object_count,
48 const struct drsuapi_DsReplicaObjectListItemEx *first_object,
49 const DATA_BLOB *gensec_skey,
50 TALLOC_CTX *mem_ctx,
51 struct dsdb_schema **_schema_out)
52 {
53 struct schema_list {
54 struct schema_list *next, *prev;
55 const struct drsuapi_DsReplicaObjectListItemEx *obj;
56 };
57
58 WERROR werr;
59 struct dsdb_schema_prefixmap *pfm_remote;
60 struct schema_list *schema_list = NULL, *schema_list_item, *schema_list_next_item;
61 struct dsdb_schema *working_schema;
62 const struct drsuapi_DsReplicaObjectListItemEx *cur;
63 int ret, pass_no;
64 uint32_t ignore_attids[] = {
65 DRSUAPI_ATTID_auxiliaryClass,
66 DRSUAPI_ATTID_mayContain,
67 DRSUAPI_ATTID_mustContain,
68 DRSUAPI_ATTID_possSuperiors,
69 DRSUAPI_ATTID_systemPossSuperiors,
70 DRSUAPI_ATTID_INVALID
71 };
72
73 /* make a copy of the iniatial_scheam so we don't mess with it */
74 working_schema = dsdb_schema_copy_shallow(mem_ctx, ldb, initial_schema);
75 if (!working_schema) {
76 DEBUG(0,(__location__ ": schema copy failed!\n"));
77 return WERR_NOMEM;
78 }
79
80 /* we are going to need remote prefixMap for decoding */
81 werr = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
82 mem_ctx, &pfm_remote, NULL);
83 if (!W_ERROR_IS_OK(werr)) {
84 DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s",
85 win_errstr(werr)));
86 return werr;
87 }
88
89 /* create a list of objects yet to be converted */
90 for (cur = first_object; cur; cur = cur->next_object) {
91 schema_list_item = talloc(mem_ctx, struct schema_list);
92 schema_list_item->obj = cur;
93 DLIST_ADD_END(schema_list, schema_list_item, struct schema_list);
94 }
95
96 /* resolve objects until all are resolved and in local schema */
97 pass_no = 1;
98
99 while (schema_list) {
100 uint32_t converted_obj_count = 0;
101 uint32_t failed_obj_count = 0;
102 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
103 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
104
105 for (schema_list_item = schema_list; schema_list_item; schema_list_item=schema_list_next_item) {
106 struct dsdb_extended_replicated_object object;
107
108 cur = schema_list_item->obj;
109
110 /* Save the next item, now we have saved out
111 * the current one, so we can DLIST_REMOVE it
112 * safely */
113 schema_list_next_item = schema_list_item->next;
114
115 /*
116 * Convert the objects into LDB messages using the
117 * schema we have so far. It's ok if we fail to convert
118 * an object. We should convert more objects on next pass.
119 */
120 werr = dsdb_convert_object_ex(ldb, working_schema, pfm_remote,
121 cur, gensec_skey,
122 ignore_attids,
123 0,
124 tmp_ctx, &object);
125 if (!W_ERROR_IS_OK(werr)) {
126 DEBUG(4,("debug: Failed to convert schema object %s into ldb msg, will try during next loop\n",
127 cur->object.identifier->dn));
128
129 failed_obj_count++;
130 } else {
131 /*
132 * Convert the schema from ldb_message format
133 * (OIDs as OID strings) into schema, using
134 * the remote prefixMap
135 */
136 werr = dsdb_schema_set_el_from_ldb_msg_dups(ldb,
137 working_schema,
138 object.msg,
139 true);
140 if (!W_ERROR_IS_OK(werr)) {
141 DEBUG(4,("debug: failed to convert object %s into a schema element, will try during next loop: %s\n",
142 ldb_dn_get_linearized(object.msg->dn),
143 win_errstr(werr)));
144 failed_obj_count++;
145 } else {
146 DLIST_REMOVE(schema_list, schema_list_item);
147 talloc_free(schema_list_item);
148 converted_obj_count++;
149 }
150 }
151 }
152 talloc_free(tmp_ctx);
153
154 DEBUG(4,("Schema load pass %d: converted %d, %d of %d objects left to be converted.\n",
155 pass_no, converted_obj_count, failed_obj_count, object_count));
156 pass_no++;
157
158 /* check if we converted any objects in this pass */
159 if (converted_obj_count == 0) {
160 DEBUG(0,("Can't continue Schema load: didn't manage to convert any objects: all %d remaining of %d objects failed to convert\n", failed_obj_count, object_count));
161 return WERR_INTERNAL_ERROR;
162 }
163
164 /* rebuild indexes */
165 ret = dsdb_setup_sorted_accessors(ldb, working_schema);
166 if (LDB_SUCCESS != ret) {
167 DEBUG(0,("Failed to create schema-cache indexes!\n"));
168 return WERR_INTERNAL_ERROR;
169 }
170 };
171
172 *_schema_out = working_schema;
173
174 return WERR_OK;
175 }
176
177 static bool dsdb_attid_in_list(const uint32_t attid_list[], uint32_t attid)
178 {
179 const uint32_t *cur;
180 if (!attid_list) {
181 return false;
182 }
183 for (cur = attid_list; *cur != DRSUAPI_ATTID_INVALID; cur++) {
184 if (*cur == attid) {
185 return true;
186 }
187 }
188 return false;
189 }
190
191 WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
192 const struct dsdb_schema *schema,
193 const struct dsdb_schema_prefixmap *pfm_remote,
194 const struct drsuapi_DsReplicaObjectListItemEx *in,
195 const DATA_BLOB *gensec_skey,
196 const uint32_t *ignore_attids,
197 uint32_t dsdb_repl_flags,
198 TALLOC_CTX *mem_ctx,
199 struct dsdb_extended_replicated_object *out)
200 {
201 NTSTATUS nt_status;
202 WERROR status;
203 uint32_t i;
204 struct ldb_message *msg;
205 struct replPropertyMetaDataBlob *md;
206 int instanceType;
207 struct ldb_message_element *instanceType_e = NULL;
208 struct ldb_val guid_value;
209 struct ldb_val parent_guid_value;
210 NTTIME whenChanged = 0;
211 time_t whenChanged_t;
212 const char *whenChanged_s;
213 struct drsuapi_DsReplicaAttribute *name_a = NULL;
214 struct drsuapi_DsReplicaMetaData *name_d = NULL;
215 struct replPropertyMetaData1 *rdn_m = NULL;
216 struct dom_sid *sid = NULL;
217 uint32_t rid = 0;
218 uint32_t attr_count;
219 int ret;
220
221 if (!in->object.identifier) {
222 return WERR_FOOBAR;
223 }
224
225 if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
226 return WERR_FOOBAR;
227 }
228
229 if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
230 return WERR_FOOBAR;
231 }
232
233 if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
234 return WERR_FOOBAR;
235 }
236
237 sid = &in->object.identifier->sid;
238 if (sid->num_auths > 0) {
239 rid = sid->sub_auths[sid->num_auths - 1];
240 }
241
242 msg = ldb_msg_new(mem_ctx);
243 W_ERROR_HAVE_NO_MEMORY(msg);
244
245 msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
246 W_ERROR_HAVE_NO_MEMORY(msg->dn);
247
248 msg->num_elements = in->object.attribute_ctr.num_attributes;
249 msg->elements = talloc_array(msg, struct ldb_message_element,
250 msg->num_elements + 1); /* +1 because of the RDN attribute */
251 W_ERROR_HAVE_NO_MEMORY(msg->elements);
252
253 md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
254 W_ERROR_HAVE_NO_MEMORY(md);
255
256 md->version = 1;
257 md->reserved = 0;
258 md->ctr.ctr1.count = in->meta_data_ctr->count;
259 md->ctr.ctr1.reserved = 0;
260 md->ctr.ctr1.array = talloc_array(mem_ctx,
261 struct replPropertyMetaData1,
262 md->ctr.ctr1.count + 1); /* +1 because of the RDN attribute */
263 W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
264
265 for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) {
266 struct drsuapi_DsReplicaAttribute *a;
267 struct drsuapi_DsReplicaMetaData *d;
268 struct replPropertyMetaData1 *m;
269 struct ldb_message_element *e;
270 uint32_t j;
271
272 a = &in->object.attribute_ctr.attributes[i];
273 d = &in->meta_data_ctr->meta_data[i];
274 m = &md->ctr.ctr1.array[attr_count];
275 e = &msg->elements[attr_count];
276
277 if (dsdb_attid_in_list(ignore_attids, a->attid)) {
278 attr_count--;
279 continue;
280 }
281
282 if (a->attid == DRSUAPI_ATTID_instanceType) {
283 if (instanceType_e != NULL) {
284 return WERR_FOOBAR;
285 }
286 instanceType_e = e;
287 }
288
289 for (j=0; j<a->value_ctr.num_values; j++) {
290 status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a);
291 W_ERROR_NOT_OK_RETURN(status);
292 }
293
294 status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
295 a, msg->elements, e);
296 W_ERROR_NOT_OK_RETURN(status);
297
298 m->attid = a->attid;
299 m->version = d->version;
300 m->originating_change_time = d->originating_change_time;
301 m->originating_invocation_id = d->originating_invocation_id;
302 m->originating_usn = d->originating_usn;
303 m->local_usn = 0;
304
305 if (d->originating_change_time > whenChanged) {
306 whenChanged = d->originating_change_time;
307 }
308
309 if (a->attid == DRSUAPI_ATTID_name) {
310 name_a = a;
311 name_d = d;
312 }
313 }
314
315 msg->num_elements = attr_count;
316 md->ctr.ctr1.count = attr_count;
317 if (name_a) {
318 rdn_m = &md->ctr.ctr1.array[md->ctr.ctr1.count];
319 }
320
321 if (rdn_m) {
322 struct ldb_message_element *el;
323 const char *rdn_name = NULL;
324 const struct ldb_val *rdn_value = NULL;
325 const struct dsdb_attribute *rdn_attr = NULL;
326 uint32_t rdn_attid;
327
328 /*
329 * We only need the schema calls for the RDN in this
330 * codepath, and by doing this we avoid needing to
331 * have the dsdb_attribute_by_lDAPDisplayName accessor
332 * working during the schema load.
333 */
334 rdn_name = ldb_dn_get_rdn_name(msg->dn);
335 rdn_attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
336 if (!rdn_attr) {
337 return WERR_FOOBAR;
338 }
339 rdn_attid = rdn_attr->attributeID_id;
340 rdn_value = ldb_dn_get_rdn_val(msg->dn);
341
342 el = ldb_msg_find_element(msg, rdn_attr->lDAPDisplayName);
343 if (!el) {
344 ret = ldb_msg_add_value(msg, rdn_attr->lDAPDisplayName, rdn_value, NULL);
345 if (ret != LDB_SUCCESS) {
346 return WERR_FOOBAR;
347 }
348 } else {
349 if (el->num_values != 1) {
350 DEBUG(0,(__location__ ": Unexpected num_values=%u\n",
351 el->num_values));
352 return WERR_FOOBAR;
353 }
354 if (!ldb_val_equal_exact(&el->values[0], rdn_value)) {
355 DEBUG(0,(__location__ ": RDN value changed? '%*.*s' '%*.*s'\n",
356 (int)el->values[0].length, (int)el->values[0].length, el->values[0].data,
357 (int)rdn_value->length, (int)rdn_value->length, rdn_value->data));
358 return WERR_FOOBAR;
359 }
360 }
361
362 rdn_m->attid = rdn_attid;
363 rdn_m->version = name_d->version;
364 rdn_m->originating_change_time = name_d->originating_change_time;
365 rdn_m->originating_invocation_id = name_d->originating_invocation_id;
366 rdn_m->originating_usn = name_d->originating_usn;
367 rdn_m->local_usn = 0;
368 md->ctr.ctr1.count++;
369
370 }
371
372 if (instanceType_e == NULL) {
373 return WERR_FOOBAR;
374 }
375
376 instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
377 if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
378 /* the instanceType type for partial_replica
379 replication is sent via DRS with TYPE_WRITE set, but
380 must be used on the client with TYPE_WRITE removed
381 */
382 if (instanceType & INSTANCE_TYPE_WRITE) {
383 /*
384 * Make sure we do not change the order
385 * of msg->elements!
386 *
387 * That's why we use
388 * instanceType_e->num_values = 0
389 * instead of
390 * ldb_msg_remove_attr(msg, "instanceType");
391 */
392 struct ldb_message_element *e;
393
394 e = ldb_msg_find_element(msg, "instanceType");
395 if (e != instanceType_e) {
396 DEBUG(0,("instanceType_e[%p] changed to e[%p]\n",
397 instanceType_e, e));
398 return WERR_FOOBAR;
399 }
400
401 instanceType_e->num_values = 0;
402
403 instanceType &= ~INSTANCE_TYPE_WRITE;
404 if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) {
405 return WERR_INTERNAL_ERROR;
406 }
407 }
408 } else {
409 if (!(instanceType & INSTANCE_TYPE_WRITE)) {
410 DEBUG(0, ("Refusing to replicate %s from a read-only repilca into a read-write replica!\n",
411 ldb_dn_get_linearized(msg->dn)));
412 return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
413 }
414 }
415
416 whenChanged_t = nt_time_to_unix(whenChanged);
417 whenChanged_s = ldb_timestring(msg, whenChanged_t);
418 W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
419
420 nt_status = GUID_to_ndr_blob(&in->object.identifier->guid, msg, &guid_value);
421 if (!NT_STATUS_IS_OK(nt_status)) {
422 return ntstatus_to_werror(nt_status);
423 }
424
425 if (in->parent_object_guid) {
426 nt_status = GUID_to_ndr_blob(in->parent_object_guid, msg, &parent_guid_value);
427 if (!NT_STATUS_IS_OK(nt_status)) {
428 return ntstatus_to_werror(nt_status);
429 }
430 } else {
431 parent_guid_value = data_blob_null;
432 }
433
434 out->msg = msg;
435 out->guid_value = guid_value;
436 out->parent_guid_value = parent_guid_value;
437 out->when_changed = whenChanged_s;
438 out->meta_data = md;
439 return WERR_OK;
440 }
441
442 WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb,
443 const struct dsdb_schema *schema,
444 const char *partition_dn_str,
445 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
446 uint32_t object_count,
447 const struct drsuapi_DsReplicaObjectListItemEx *first_object,
448 uint32_t linked_attributes_count,
449 const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes,
450 const struct repsFromTo1 *source_dsa,
451 const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector,
452 const DATA_BLOB *gensec_skey,
453 uint32_t dsdb_repl_flags,
454 TALLOC_CTX *mem_ctx,
455 struct dsdb_extended_replicated_objects **objects)
456 {
457 WERROR status;
458 struct ldb_dn *partition_dn;
459 struct dsdb_schema_prefixmap *pfm_remote;
460 struct dsdb_extended_replicated_objects *out;
461 const struct drsuapi_DsReplicaObjectListItemEx *cur;
462 uint32_t i;
463
464 out = talloc_zero(mem_ctx, struct dsdb_extended_replicated_objects);
465 W_ERROR_HAVE_NO_MEMORY(out);
466 out->version = DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION;
467 out->dsdb_repl_flags = dsdb_repl_flags;
468
469 /*
470 * Ensure schema is kept valid for as long as 'out'
471 * which may contain pointers to it
472 */
473 schema = talloc_reference(out, schema);
474 W_ERROR_HAVE_NO_MEMORY(schema);
475
476 partition_dn = ldb_dn_new(out, ldb, partition_dn_str);
477 W_ERROR_HAVE_NO_MEMORY_AND_FREE(partition_dn, out);
478
479 status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
480 out, &pfm_remote, NULL);
481 if (!W_ERROR_IS_OK(status)) {
482 DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s",
483 win_errstr(status)));
484 talloc_free(out);
485 return status;
486 }
487
488 if (ldb_dn_compare(partition_dn, ldb_get_schema_basedn(ldb)) != 0) {
489 /*
490 * check for schema changes in case
491 * we are not replicating Schema NC
492 */
493 status = dsdb_schema_info_cmp(schema, mapping_ctr);
494 if (!W_ERROR_IS_OK(status)) {
495 DEBUG(1,("Remote schema has changed while replicating %s\n",
496 partition_dn_str));
497 talloc_free(out);
498 return status;
499 }
500 }
501
502 out->partition_dn = partition_dn;
503
504 out->source_dsa = source_dsa;
505 out->uptodateness_vector= uptodateness_vector;
506
507 out->num_objects = object_count;
508 out->objects = talloc_array(out,
509 struct dsdb_extended_replicated_object,
510 out->num_objects);
511 W_ERROR_HAVE_NO_MEMORY_AND_FREE(out->objects, out);
512
513 /* pass the linked attributes down to the repl_meta_data
514 module */
515 out->linked_attributes_count = linked_attributes_count;
516 out->linked_attributes = linked_attributes;
517
518 for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
519 if (i == out->num_objects) {
520 talloc_free(out);
521 return WERR_FOOBAR;
522 }
523
524 status = dsdb_convert_object_ex(ldb, schema, pfm_remote,
525 cur, gensec_skey,
526 NULL,
527 dsdb_repl_flags,
528 out->objects, &out->objects[i]);
529 if (!W_ERROR_IS_OK(status)) {
530 talloc_free(out);
531 DEBUG(0,("Failed to convert object %s: %s\n",
532 cur->object.identifier->dn,
533 win_errstr(status)));
534 return status;
535 }
536 }
537 if (i != out->num_objects) {
538 talloc_free(out);
539 return WERR_FOOBAR;
540 }
541
542 /* free pfm_remote, we won't need it anymore */
543 talloc_free(pfm_remote);
544
545 *objects = out;
546 return WERR_OK;
547 }
548
549 /**
550 * Commits a list of replicated objects.
551 *
552 * @param working_schema dsdb_schema to be used for resolving
553 * Classes/Attributes during Schema replication. If not NULL,
554 * it will be set on ldb and used while committing replicated objects
555 */
556 WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb,
557 struct dsdb_schema *working_schema,
558 struct dsdb_extended_replicated_objects *objects,
559 uint64_t *notify_uSN)
560 {
561 WERROR werr;
562 struct ldb_result *ext_res;
563 struct dsdb_schema *cur_schema = NULL;
564 struct dsdb_schema *new_schema = NULL;
565 int ret;
566 uint64_t seq_num1, seq_num2;
567 bool used_global_schema = false;
568
569 TALLOC_CTX *tmp_ctx = talloc_new(objects);
570 if (!tmp_ctx) {
571 DEBUG(0,("Failed to start talloc\n"));
572 return WERR_NOMEM;
573 }
574
575 /* TODO: handle linked attributes */
576
577 /* wrap the extended operation in a transaction
578 See [MS-DRSR] 3.3.2 Transactions
579 */
580 ret = ldb_transaction_start(ldb);
581 if (ret != LDB_SUCCESS) {
582 DEBUG(0,(__location__ " Failed to start transaction\n"));
583 return WERR_FOOBAR;
584 }
585
586 ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num1, NULL);
587 if (ret != LDB_SUCCESS) {
588 DEBUG(0,(__location__ " Failed to load partition uSN\n"));
589 ldb_transaction_cancel(ldb);
590 TALLOC_FREE(tmp_ctx);
591 return WERR_FOOBAR;
592 }
593
594 /*
595 * Set working_schema for ldb in case we are replicating from Schema NC.
596 * Schema won't be reloaded during Replicated Objects commit, as it is
597 * done in a transaction. So we need some way to search for newly
598 * added Classes and Attributes
599 */
600 if (working_schema) {
601 /* store current schema so we can fall back in case of failure */
602 cur_schema = dsdb_get_schema(ldb, tmp_ctx);
603 used_global_schema = dsdb_uses_global_schema(ldb);
604
605 ret = dsdb_reference_schema(ldb, working_schema, false);
606 if (ret != LDB_SUCCESS) {
607 DEBUG(0,(__location__ "Failed to reference working schema - %s\n",
608 ldb_strerror(ret)));
609 /* TODO: Map LDB Error to NTSTATUS? */
610 ldb_transaction_cancel(ldb);
611 TALLOC_FREE(tmp_ctx);
612 return WERR_INTERNAL_ERROR;
613 }
614 }
615
616 ret = ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, objects, &ext_res);
617 if (ret != LDB_SUCCESS) {
618 /* restore previous schema */
619 if (used_global_schema) {
620 dsdb_set_global_schema(ldb);
621 } else if (cur_schema) {
622 dsdb_reference_schema(ldb, cur_schema, false);
623 }
624
625 DEBUG(0,("Failed to apply records: %s: %s\n",
626 ldb_errstring(ldb), ldb_strerror(ret)));
627 ldb_transaction_cancel(ldb);
628 TALLOC_FREE(tmp_ctx);
629 return WERR_FOOBAR;
630 }
631 talloc_free(ext_res);
632
633 /* Save our updated prefixMap */
634 if (working_schema) {
635 werr = dsdb_write_prefixes_from_schema_to_ldb(working_schema,
636 ldb,
637 working_schema);
638 if (!W_ERROR_IS_OK(werr)) {
639 /* restore previous schema */
640 if (used_global_schema) {
641 dsdb_set_global_schema(ldb);
642 } else if (cur_schema ) {
643 dsdb_reference_schema(ldb, cur_schema, false);
644 }
645 DEBUG(0,("Failed to save updated prefixMap: %s\n",
646 win_errstr(werr)));
647 TALLOC_FREE(tmp_ctx);
648 return werr;
649 }
650 }
651
652 ret = ldb_transaction_prepare_commit(ldb);
653 if (ret != LDB_SUCCESS) {
654 /* restore previous schema */
655 if (used_global_schema) {
656 dsdb_set_global_schema(ldb);
657 } else if (cur_schema ) {
658 dsdb_reference_schema(ldb, cur_schema, false);
659 }
660 DEBUG(0,(__location__ " Failed to prepare commit of transaction: %s\n",
661 ldb_errstring(ldb)));
662 TALLOC_FREE(tmp_ctx);
663 return WERR_FOOBAR;
664 }
665
666 ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num2, NULL);
667 if (ret != LDB_SUCCESS) {
668 /* restore previous schema */
669 if (used_global_schema) {
670 dsdb_set_global_schema(ldb);
671 } else if (cur_schema ) {
672 dsdb_reference_schema(ldb, cur_schema, false);
673 }
674 DEBUG(0,(__location__ " Failed to load partition uSN\n"));
675 ldb_transaction_cancel(ldb);
676 TALLOC_FREE(tmp_ctx);
677 return WERR_FOOBAR;
678 }
679
680 /* if this replication partner didn't need to be notified
681 before this transaction then it still doesn't need to be
682 notified, as the changes came from this server */
683 if (seq_num2 > seq_num1 && seq_num1 <= *notify_uSN) {
684 *notify_uSN = seq_num2;
685 }
686
687 ret = ldb_transaction_commit(ldb);
688 if (ret != LDB_SUCCESS) {
689 /* restore previous schema */
690 if (used_global_schema) {
691 dsdb_set_global_schema(ldb);
692 } else if (cur_schema ) {
693 dsdb_reference_schema(ldb, cur_schema, false);
694 }
695 DEBUG(0,(__location__ " Failed to commit transaction\n"));
696 TALLOC_FREE(tmp_ctx);
697 return WERR_FOOBAR;
698 }
699
700 /*
701 * Reset the Schema used by ldb. This will lead to
702 * a schema cache being refreshed from database.
703 */
704 if (working_schema) {
705 struct ldb_message *msg;
706 struct ldb_request *req;
707
708 /* Force a reload */
709 working_schema->last_refresh = 0;
710 new_schema = dsdb_get_schema(ldb, tmp_ctx);
711 /* TODO:
712 * If dsdb_get_schema() fails, we just fall back
713 * to what we had. However, the database is probably
714 * unable to operate for other users from this
715 * point... */
716 if (new_schema && used_global_schema) {
717 dsdb_make_schema_global(ldb, new_schema);
718 } else if (used_global_schema) {
719 DEBUG(0,("Failed to re-load schema after commit of transaction\n"));
720 dsdb_set_global_schema(ldb);
721 TALLOC_FREE(tmp_ctx);
722 return WERR_INTERNAL_ERROR;
723 } else {
724 DEBUG(0,("Failed to re-load schema after commit of transaction\n"));
725 dsdb_reference_schema(ldb, cur_schema, false);
726 TALLOC_FREE(tmp_ctx);
727 return WERR_INTERNAL_ERROR;
728 }
729 msg = ldb_msg_new(tmp_ctx);
730 if (msg == NULL) {
731 TALLOC_FREE(tmp_ctx);
732 return WERR_NOMEM;
733 }
734 msg->dn = ldb_dn_new(msg, ldb, "");
735 if (msg->dn == NULL) {
736 TALLOC_FREE(tmp_ctx);
737 return WERR_NOMEM;
738 }
739
740 ret = ldb_msg_add_string(msg, "schemaUpdateNow", "1");
741 if (ret != LDB_SUCCESS) {
742 TALLOC_FREE(tmp_ctx);
743 return WERR_INTERNAL_ERROR;
744 }
745
746 ret = ldb_build_mod_req(&req, ldb, objects,
747 msg,
748 LDB_SCOPE_BASE,
749 NULL,
750 ldb_op_default_callback,
751 NULL);
752
753 if (ret != LDB_SUCCESS) {
754 TALLOC_FREE(tmp_ctx);
755 return WERR_DS_DRA_INTERNAL_ERROR;
756 }
757
758 ret = ldb_transaction_start(ldb);
759 if (ret != LDB_SUCCESS) {
760 TALLOC_FREE(tmp_ctx);
761 DEBUG(0, ("Autotransaction start failed\n"));
762 return WERR_DS_DRA_INTERNAL_ERROR;
763 }
764
765 ret = ldb_request(ldb, req);
766 if (ret == LDB_SUCCESS) {
767 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
768 }
769
770 if (ret == LDB_SUCCESS) {
771 ret = ldb_transaction_commit(ldb);
772 } else {
773 DEBUG(0, ("Schema update now failed: %s\n",
774 ldb_errstring(ldb)));
775 ldb_transaction_cancel(ldb);
776 }
777
778 if (ret != LDB_SUCCESS) {
779 DEBUG(0, ("Commit failed: %s\n", ldb_errstring(ldb)));
780 TALLOC_FREE(tmp_ctx);
781 return WERR_DS_INTERNAL_FAILURE;
782 }
783 }
784
785 DEBUG(2,("Replicated %u objects (%u linked attributes) for %s\n",
786 objects->num_objects, objects->linked_attributes_count,
787 ldb_dn_get_linearized(objects->partition_dn)));
788
789 TALLOC_FREE(tmp_ctx);
790 return WERR_OK;
791 }
792
793 static WERROR dsdb_origin_object_convert(struct ldb_context *ldb,
794 const struct dsdb_schema *schema,
795 const struct drsuapi_DsReplicaObjectListItem *in,
796 TALLOC_CTX *mem_ctx,
797 struct ldb_message **_msg)
798 {
799 WERROR status;
800 unsigned int i;
801 struct ldb_message *msg;
802
803 if (!in->object.identifier) {
804 return WERR_FOOBAR;
805 }
806
807 if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
808 return WERR_FOOBAR;
809 }
810
811 msg = ldb_msg_new(mem_ctx);
812 W_ERROR_HAVE_NO_MEMORY(msg);
813
814 msg->dn = ldb_dn_new(msg, ldb, in->object.identifier->dn);
815 W_ERROR_HAVE_NO_MEMORY(msg->dn);
816
817 msg->num_elements = in->object.attribute_ctr.num_attributes;
818 msg->elements = talloc_array(msg, struct ldb_message_element,
819 msg->num_elements);
820 W_ERROR_HAVE_NO_MEMORY(msg->elements);
821
822 for (i=0; i < msg->num_elements; i++) {
823 struct drsuapi_DsReplicaAttribute *a;
824 struct ldb_message_element *e;
825
826 a = &in->object.attribute_ctr.attributes[i];
827 e = &msg->elements[i];
828
829 status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap,
830 a, msg->elements, e);
831 W_ERROR_NOT_OK_RETURN(status);
832 }
833
834
835 *_msg = msg;
836
837 return WERR_OK;
838 }
839
840 WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
841 TALLOC_CTX *mem_ctx,
842 const struct drsuapi_DsReplicaObjectListItem *first_object,
843 uint32_t *_num,
844 uint32_t dsdb_repl_flags,
845 struct drsuapi_DsReplicaObjectIdentifier2 **_ids)
846 {
847 WERROR status;
848 const struct dsdb_schema *schema;
849 const struct drsuapi_DsReplicaObjectListItem *cur;
850 struct ldb_message **objects;
851 struct drsuapi_DsReplicaObjectIdentifier2 *ids;
852 uint32_t i;
853 uint32_t num_objects = 0;
854 const char * const attrs[] = {
855 "objectGUID",
856 "objectSid",
857 NULL
858 };
859 struct ldb_result *res;
860 int ret;
861
862 for (cur = first_object; cur; cur = cur->next_object) {
863 num_objects++;
864 }
865
866 if (num_objects == 0) {
867 return WERR_OK;
868 }
869
870 ret = ldb_transaction_start(ldb);
871 if (ret != LDB_SUCCESS) {
872 return WERR_DS_INTERNAL_FAILURE;
873 }
874
875 objects = talloc_array(mem_ctx, struct ldb_message *,
876 num_objects);
877 if (objects == NULL) {
878 status = WERR_NOMEM;
879 goto cancel;
880 }
881
882 schema = dsdb_get_schema(ldb, objects);
883 if (!schema) {
884 return WERR_DS_SCHEMA_NOT_LOADED;
885 }
886
887 for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
888 status = dsdb_origin_object_convert(ldb, schema, cur,
889 objects, &objects[i]);
890 if (!W_ERROR_IS_OK(status)) {
891 goto cancel;
892 }
893 }
894
895 ids = talloc_array(mem_ctx,
896 struct drsuapi_DsReplicaObjectIdentifier2,
897 num_objects);
898 if (ids == NULL) {
899 status = WERR_NOMEM;
900 goto cancel;
901 }
902
903 if (dsdb_repl_flags & DSDB_REPL_FLAG_ADD_NCNAME) {
904 /* check for possible NC creation */
905 for (i=0; i < num_objects; i++) {
906 struct ldb_message *msg = objects[i];
907 struct ldb_message_element *el;
908 struct ldb_dn *nc_dn;
909
910 if (ldb_msg_check_string_attribute(msg, "objectClass", "crossRef") == 0) {
911 continue;
912 }
913 el = ldb_msg_find_element(msg, "nCName");
914 if (el == NULL || el->num_values != 1) {
915 continue;
916 }
917 nc_dn = ldb_dn_from_ldb_val(objects, ldb, &el->values[0]);
918 if (!ldb_dn_validate(nc_dn)) {
919 continue;
920 }
921 ret = dsdb_create_partial_replica_NC(ldb, nc_dn);
922 if (ret != LDB_SUCCESS) {
923 status = WERR_DS_INTERNAL_FAILURE;
924 goto cancel;
925 }
926 }
927 }
928
929 for (i=0; i < num_objects; i++) {
930 struct dom_sid *sid = NULL;
931 struct ldb_request *add_req;
932
933 DEBUG(6,(__location__ ": adding %s\n",
934 ldb_dn_get_linearized(objects[i]->dn)));
935
936 ret = ldb_build_add_req(&add_req,
937 ldb,
938 objects,
939 objects[i],
940 NULL,
941 NULL,
942 ldb_op_default_callback,
943 NULL);
944 if (ret != LDB_SUCCESS) {
945 status = WERR_DS_INTERNAL_FAILURE;
946 goto cancel;
947 }
948
949 ret = ldb_request_add_control(add_req, LDB_CONTROL_RELAX_OID, true, NULL);
950 if (ret != LDB_SUCCESS) {
951 status = WERR_DS_INTERNAL_FAILURE;
952 goto cancel;
953 }
954
955 ret = ldb_request(ldb, add_req);
956 if (ret == LDB_SUCCESS) {
957 ret = ldb_wait(add_req->handle, LDB_WAIT_ALL);
958 }
959 if (ret != LDB_SUCCESS) {
960 DEBUG(0,(__location__ ": Failed add of %s - %s\n",
961 ldb_dn_get_linearized(objects[i]->dn), ldb_errstring(ldb)));
962 status = WERR_DS_INTERNAL_FAILURE;
963 goto cancel;
964 }
965
966 talloc_free(add_req);
967
968 ret = ldb_search(ldb, objects, &res, objects[i]->dn,
969 LDB_SCOPE_BASE, attrs,
970 "(objectClass=*)");
971 if (ret != LDB_SUCCESS) {
972 status = WERR_DS_INTERNAL_FAILURE;
973 goto cancel;
974 }
975 ids[i].guid = samdb_result_guid(res->msgs[0], "objectGUID");
976 sid = samdb_result_dom_sid(objects, res->msgs[0], "objectSid");
977 if (sid) {
978 ids[i].sid = *sid;
979 } else {
980 ZERO_STRUCT(ids[i].sid);
981 }
982 }
983
984 ret = ldb_transaction_commit(ldb);
985 if (ret != LDB_SUCCESS) {
986 return WERR_DS_INTERNAL_FAILURE;
987 }
988
989 talloc_free(objects);
990
991 *_num = num_objects;
992 *_ids = ids;
993 return WERR_OK;
994
995 cancel:
996 talloc_free(objects);
997 ldb_transaction_cancel(ldb);
998 return status;
999 }
reg import