2 Unix SMB/CIFS Implementation.
4 DSDB replication service - repl secret handling
6 Copyright (C) Andrew Tridgell 2010
7 Copyright (C) Andrew Bartlett 2010
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "ldb_module.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "smbd/service.h"
28 #include "dsdb/repl/drepl_service.h"
29 #include "param/param.h"
32 #define DBGC_CLASS DBGC_DRS_REPL
34 struct repl_secret_state {
39 called when a repl secret has completed
41 static void drepl_repl_secret_callback(struct dreplsrv_service *service,
43 enum drsuapi_DsExtendedError ext_err,
46 struct repl_secret_state *state = talloc_get_type_abort(cb_data, struct repl_secret_state);
47 if (!W_ERROR_IS_OK(werr)) {
48 if (W_ERROR_EQUAL(werr, WERR_DS_DRA_SECRETS_DENIED)) {
49 DEBUG(3,(__location__ ": repl secret disallowed for user "
50 "%s - not in allowed replication group\n",
53 DEBUG(3,(__location__ ": repl secret failed for user %s - %s: extended_ret[0x%X]\n",
54 state->user_dn, win_errstr(werr), ext_err));
57 DEBUG(3,(__location__ ": repl secret completed OK for '%s'\n", state->user_dn));
64 * Called when the auth code wants us to try and replicate
67 void drepl_repl_secret(struct dreplsrv_service *service,
71 struct ldb_dn *nc_dn, *nc_root, *source_dsa_dn;
72 struct dreplsrv_partition *p;
73 struct GUID *source_dsa_guid;
74 struct repl_secret_state *state;
77 state = talloc_zero(service, struct repl_secret_state);
79 /* nothing to do, no return value */
83 /* keep a copy for logging in the callback */
84 state->user_dn = talloc_strdup(state, user_dn);
86 nc_dn = ldb_dn_new(state, service->samdb, user_dn);
87 if (!ldb_dn_validate(nc_dn)) {
88 DEBUG(0,(__location__ ": Failed to parse user_dn '%s'\n", user_dn));
93 /* work out which partition this is in */
94 ret = dsdb_find_nc_root(service->samdb, state, nc_dn, &nc_root);
95 if (ret != LDB_SUCCESS) {
96 DEBUG(0,(__location__ ": Failed to find nc_root for user_dn '%s'\n", user_dn));
101 /* find the partition in our list */
102 for (p=service->partitions; p; p=p->next) {
103 if (ldb_dn_compare(p->dn, nc_root) == 0) {
108 DEBUG(0,(__location__ ": Failed to find partition for nc_root '%s'\n", ldb_dn_get_linearized(nc_root)));
113 if (p->sources == NULL) {
114 DEBUG(0,(__location__ ": No sources for nc_root '%s' for user_dn '%s'\n",
115 ldb_dn_get_linearized(nc_root), user_dn));
120 /* use the first source, for no particularly good reason */
121 source_dsa_guid = &p->sources->repsFrom1->source_dsa_obj_guid;
123 source_dsa_dn = ldb_dn_new(state, service->samdb,
124 talloc_asprintf(state, "<GUID=%s>",
125 GUID_string(state, source_dsa_guid)));
126 if (!ldb_dn_validate(source_dsa_dn)) {
127 DEBUG(0,(__location__ ": Invalid source DSA GUID '%s' for user_dn '%s'\n",
128 GUID_string(state, source_dsa_guid), user_dn));
133 werr = drepl_request_extended_op(service,
136 DRSUAPI_EXOP_REPL_SECRET,
138 p->sources->repsFrom1->highwatermark.highest_usn,
139 drepl_repl_secret_callback, state);
140 if (!W_ERROR_IS_OK(werr)) {
141 DEBUG(2,(__location__ ": Failed to setup secret replication for user_dn '%s'\n", user_dn));
145 DEBUG(3,(__location__ ": started secret replication for %s\n", user_dn));
git.samba.org / samba.git / blob