state->drsuapi->drsuapi_handle = state->drsuapi->pipe->binding_handle;
status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state,
+ state->drsuapi,
&state->drsuapi->gensec_skey);
if (tevent_req_nterror(req, status)) {
return;
static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq);
/*
- get a partial attribute set for a replication call
+ get a RODC partial attribute set for a replication call
*/
static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service *service,
TALLOC_CTX *mem_ctx,
pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, for_schema);
pas->num_attids++;
}
+
+ pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(pas->attids, pas);
+
+ *_pas = pas;
+ return NT_STATUS_OK;
+}
+
+
+/*
+ get a GC partial attribute set for a replication call
+ */
+static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *service,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsPartialAttributeSet **_pas)
+{
+ struct drsuapi_DsPartialAttributeSet *pas;
+ struct dsdb_schema *schema;
+ uint32_t i;
+
+ pas = talloc_zero(mem_ctx, struct drsuapi_DsPartialAttributeSet);
+ NT_STATUS_HAVE_NO_MEMORY(pas);
+
+ schema = dsdb_get_schema(service->samdb, NULL);
+
+ pas->version = 1;
+ pas->attids = talloc_array(pas, enum drsuapi_DsAttributeId, schema->num_attributes);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(pas->attids, pas);
+
+ for (i=0; i<schema->num_attributes; i++) {
+ struct dsdb_attribute *a;
+ a = schema->attributes_by_attributeID_id[i];
+ if (a->isMemberOfPartialAttributeSet) {
+ pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, false);
+ pas->num_attids++;
+ }
+ }
+
+ pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(pas->attids, pas);
+
*_pas = pas;
return NT_STATUS_OK;
}
struct drsuapi_DsPartialAttributeSet *pas = NULL;
NTSTATUS status;
uint32_t replica_flags;
+ struct drsuapi_DsReplicaHighWaterMark highwatermark;
r = talloc(state, struct drsuapi_DsGetNCChanges);
if (tevent_req_nomem(r, req)) {
}
replica_flags = rf1->replica_flags;
+ highwatermark = rf1->highwatermark;
- if (service->am_rodc) {
+ if (partition->partial_replica) {
+ status = dreplsrv_get_gc_partial_attribute_set(service, r, &pas);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,(__location__ ": Failed to construct GC partial attribute set : %s\n", nt_errstr(status)));
+ return;
+ }
+ replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+ } else if (partition->rodc_replica) {
bool for_schema = false;
if (ldb_dn_compare_base(ldb_get_schema_basedn(service->samdb), partition->dn) == 0) {
for_schema = true;
status = dreplsrv_get_rodc_partial_attribute_set(service, r, &pas, for_schema);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,(__location__ ": Failed to construct partial attribute set : %s\n", nt_errstr(status)));
+ DEBUG(0,(__location__ ": Failed to construct RODC partial attribute set : %s\n", nt_errstr(status)));
return;
}
if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
}
}
+ /* is this a full resync of all objects? */
+ if (state->op->options & DRSUAPI_DRS_FULL_SYNC_NOW) {
+ ZERO_STRUCT(highwatermark);
+ /* clear the FULL_SYNC_NOW option for subsequent
+ stages of the replication cycle */
+ state->op->options &= ~DRSUAPI_DRS_FULL_SYNC_NOW;
+ state->op->options |= DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS;
+ replica_flags |= DRSUAPI_DRS_NEVER_SYNCED;
+ }
+ if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
+ uptodateness_vector = NULL;
+ }
+
r->in.bind_handle = &drsuapi->bind_handle;
if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
r->in.level = 8;
r->in.req->req8.destination_dsa_guid = service->ntds_guid;
r->in.req->req8.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
r->in.req->req8.naming_context = &partition->nc;
- r->in.req->req8.highwatermark = rf1->highwatermark;
+ r->in.req->req8.highwatermark = highwatermark;
r->in.req->req8.uptodateness_vector = uptodateness_vector;
r->in.req->req8.replica_flags = replica_flags;
r->in.req->req8.max_object_count = 133;
r->in.req->req5.destination_dsa_guid = service->ntds_guid;
r->in.req->req5.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
r->in.req->req5.naming_context = &partition->nc;
- r->in.req->req5.highwatermark = rf1->highwatermark;
+ r->in.req->req5.highwatermark = highwatermark;
r->in.req->req5.uptodateness_vector = uptodateness_vector;
r->in.req->req5.replica_flags = replica_flags;
r->in.req->req5.max_object_count = 133;
bool more_data = false;
WERROR status;
NTSTATUS nt_status;
+ uint32_t dsdb_repl_flags = 0;
switch (ctr_level) {
case 1:
}
}
+ if (partition->partial_replica || partition->rodc_replica) {
+ dsdb_repl_flags |= DSDB_REPL_FLAG_PARTIAL_REPLICA;
+ }
+ if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
+ dsdb_repl_flags |= DSDB_REPL_FLAG_PRIORITISE_INCOMING;
+ }
+
status = dsdb_replicated_objects_convert(service->samdb,
working_schema ? working_schema : schema,
partition->nc.dn,
&rf1,
uptodateness_vector,
&drsuapi->gensec_skey,
+ dsdb_repl_flags,
state, &objects);
if (!W_ERROR_IS_OK(status)) {
nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
/* if it applied fine, we need to update the highwatermark */
*state->op->source_dsa->repsFrom1 = rf1;
}
- /*
- * TODO: update our uptodatevector!
- */
/* we don't need this maybe very large structure anymore */
TALLOC_FREE(r);
struct dreplsrv_partition *partition = state->op->source_dsa->partition;
struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
struct drsuapi_DsReplicaUpdateRefs *r;
- char *ntds_guid_str;
char *ntds_dns_name;
struct tevent_req *subreq;
return;
}
- ntds_guid_str = GUID_string(r, &service->ntds_guid);
- if (tevent_req_nomem(ntds_guid_str, req)) {
- return;
- }
-
- ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
- ntds_guid_str,
- lpcfg_dnsdomain(service->task->lp_ctx));
+ ntds_dns_name = samdb_ntds_msdcs_dns_name(service->samdb, r, &service->ntds_guid);
if (tevent_req_nomem(ntds_dns_name, req)) {
+ talloc_free(r);
return;
}
drsuapi->drsuapi_handle,
r);
if (tevent_req_nomem(subreq, req)) {
+ talloc_free(r);
return;
}
tevent_req_set_callback(subreq, dreplsrv_update_refs_done, req);
nt_errstr(status),
r->in.req.req1.dest_dsa_dns_name,
r->in.req.req1.naming_context->dn));
- tevent_req_nterror(req, status);
- return;
+ /*
+ * TODO we are currently not sending the
+ * DsReplicaUpdateRefs at the correct moment,
+ * we do it just after a GetNcChanges which is
+ * not always correct.
+ * Especially when another DC is trying to demote
+ * it will sends us a DsReplicaSync that will trigger a getNcChanges
+ * this call will succeed but the DsRecplicaUpdateRefs that we send
+ * just after will not because the DC is in a demote state and
+ * will reply us a WERR_DS_DRA_BUSY, this error will cause us to
+ * answer to the DsReplicaSync with a non OK status, the other DC
+ * will stop the demote due to this error.
+ * In order to cope with this we will for the moment concider
+ * a DS_DRA_BUSY not as an error.
+ * It's not ideal but it should not have a too huge impact for
+ * running production as this error otherwise never happen and
+ * due to the fact the send a DsReplicaUpdateRefs after each getNcChanges
+ */
+ if (!W_ERROR_EQUAL(r->out.result, WERR_DS_DRA_BUSY)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
}
DEBUG(4,("UpdateRefs OK for %s %s\n",
git.samba.org / abartlet / samba-debian.git / blobdiff