4 Copyright (C) Simo Sorce 2004-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
8 Copyright (C) Matthieu Patou <mat@samba.org> 2010
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb repl_meta_data module
29 * Description: - add a unique objectGUID onto every new record,
30 * - handle whenCreated, whenChanged timestamps
31 * - handle uSNCreated, uSNChanged numbers
32 * - handle replPropertyMetaData attribute
35 * Author: Stefan Metzmacher
39 #include "ldb_module.h"
40 #include "dsdb/samdb/samdb.h"
41 #include "dsdb/common/proto.h"
42 #include "../libds/common/flags.h"
43 #include "librpc/gen_ndr/ndr_misc.h"
44 #include "librpc/gen_ndr/ndr_drsuapi.h"
45 #include "librpc/gen_ndr/ndr_drsblobs.h"
46 #include "param/param.h"
47 #include "libcli/security/security.h"
48 #include "lib/util/dlinklist.h"
49 #include "dsdb/samdb/ldb_modules/util.h"
50 #include "lib/util/binsearch.h"
51 #include "lib/util/tsort.h"
53 struct replmd_private {
55 struct la_entry *la_list;
57 struct la_backlink *la_backlinks;
59 struct nc_entry *prev, *next;
62 uint64_t mod_usn_urgent;
67 struct la_entry *next, *prev;
68 struct drsuapi_DsReplicaLinkedAttribute *la;
71 struct replmd_replicated_request {
72 struct ldb_module *module;
73 struct ldb_request *req;
75 const struct dsdb_schema *schema;
77 /* the controls we pass down */
78 struct ldb_control **controls;
80 /* details for the mode where we apply a bunch of inbound replication meessages */
82 uint32_t index_current;
83 struct dsdb_extended_replicated_objects *objs;
85 struct ldb_message *search_msg;
91 enum urgent_situation {
92 REPL_URGENT_ON_CREATE = 1,
93 REPL_URGENT_ON_UPDATE = 2,
94 REPL_URGENT_ON_DELETE = 4
99 const char *update_name;
100 enum urgent_situation repl_situation;
101 } urgent_objects[] = {
102 {"nTDSDSA", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
103 {"crossRef", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
104 {"attributeSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
105 {"classSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
106 {"secret", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
107 {"rIDManager", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
111 /* Attributes looked for when updating or deleting, to check for a urgent replication needed */
112 static const char *urgent_attrs[] = {
115 "userAccountControl",
120 static bool replmd_check_urgent_objectclass(const struct ldb_message_element *objectclass_el,
121 enum urgent_situation situation)
124 for (i=0; urgent_objects[i].update_name; i++) {
126 if ((situation & urgent_objects[i].repl_situation) == 0) {
130 for (j=0; j<objectclass_el->num_values; j++) {
131 const struct ldb_val *v = &objectclass_el->values[j];
132 if (ldb_attr_cmp((const char *)v->data, urgent_objects[i].update_name) == 0) {
140 static bool replmd_check_urgent_attribute(const struct ldb_message_element *el)
142 if (ldb_attr_in_list(urgent_attrs, el->name)) {
149 static int replmd_replicated_apply_next(struct replmd_replicated_request *ar);
152 initialise the module
153 allocate the private structure and build the list
154 of partition DNs for use by replmd_notify()
156 static int replmd_init(struct ldb_module *module)
158 struct replmd_private *replmd_private;
159 struct ldb_context *ldb = ldb_module_get_ctx(module);
161 replmd_private = talloc_zero(module, struct replmd_private);
162 if (replmd_private == NULL) {
164 return LDB_ERR_OPERATIONS_ERROR;
166 ldb_module_set_private(module, replmd_private);
168 return ldb_next_init(module);
172 cleanup our per-transaction contexts
174 static void replmd_txn_cleanup(struct replmd_private *replmd_private)
176 talloc_free(replmd_private->la_ctx);
177 replmd_private->la_list = NULL;
178 replmd_private->la_ctx = NULL;
180 talloc_free(replmd_private->bl_ctx);
181 replmd_private->la_backlinks = NULL;
182 replmd_private->bl_ctx = NULL;
187 struct la_backlink *next, *prev;
188 const char *attr_name;
189 struct GUID forward_guid, target_guid;
194 process a backlinks we accumulated during a transaction, adding and
195 deleting the backlinks from the target objects
197 static int replmd_process_backlink(struct ldb_module *module, struct la_backlink *bl, struct ldb_request *parent)
199 struct ldb_dn *target_dn, *source_dn;
201 struct ldb_context *ldb = ldb_module_get_ctx(module);
202 struct ldb_message *msg;
203 TALLOC_CTX *tmp_ctx = talloc_new(bl);
209 - construct ldb_message
210 - either an add or a delete
212 ret = dsdb_module_dn_by_guid(module, tmp_ctx, &bl->target_guid, &target_dn, parent);
213 if (ret != LDB_SUCCESS) {
214 DEBUG(2,(__location__ ": WARNING: Failed to find target DN for linked attribute with GUID %s\n",
215 GUID_string(bl, &bl->target_guid)));
219 ret = dsdb_module_dn_by_guid(module, tmp_ctx, &bl->forward_guid, &source_dn, parent);
220 if (ret != LDB_SUCCESS) {
221 ldb_asprintf_errstring(ldb, "Failed to find source DN for linked attribute with GUID %s\n",
222 GUID_string(bl, &bl->forward_guid));
223 talloc_free(tmp_ctx);
227 msg = ldb_msg_new(tmp_ctx);
229 ldb_module_oom(module);
230 talloc_free(tmp_ctx);
231 return LDB_ERR_OPERATIONS_ERROR;
234 /* construct a ldb_message for adding/deleting the backlink */
236 dn_string = ldb_dn_get_extended_linearized(tmp_ctx, source_dn, 1);
238 ldb_module_oom(module);
239 talloc_free(tmp_ctx);
240 return LDB_ERR_OPERATIONS_ERROR;
242 ret = ldb_msg_add_steal_string(msg, bl->attr_name, dn_string);
243 if (ret != LDB_SUCCESS) {
244 talloc_free(tmp_ctx);
247 msg->elements[0].flags = bl->active?LDB_FLAG_MOD_ADD:LDB_FLAG_MOD_DELETE;
249 /* a backlink should never be single valued. Unfortunately the
250 exchange schema has a attribute
251 msExchBridgeheadedLocalConnectorsDNBL which is single
252 valued and a backlink. We need to cope with that by
253 ignoring the single value flag */
254 msg->elements[0].flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
256 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
257 if (ret != LDB_SUCCESS) {
258 ldb_asprintf_errstring(ldb, "Failed to %s backlink from %s to %s - %s",
259 bl->active?"add":"remove",
260 ldb_dn_get_linearized(source_dn),
261 ldb_dn_get_linearized(target_dn),
263 talloc_free(tmp_ctx);
266 talloc_free(tmp_ctx);
271 add a backlink to the list of backlinks to add/delete in the prepare
274 static int replmd_add_backlink(struct ldb_module *module, const struct dsdb_schema *schema,
275 struct GUID *forward_guid, struct GUID *target_guid,
276 bool active, const struct dsdb_attribute *schema_attr, bool immediate)
278 const struct dsdb_attribute *target_attr;
279 struct la_backlink *bl;
280 struct replmd_private *replmd_private =
281 talloc_get_type_abort(ldb_module_get_private(module), struct replmd_private);
283 target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID ^ 1);
286 * windows 2003 has a broken schema where the
287 * definition of msDS-IsDomainFor is missing (which is
288 * supposed to be the backlink of the
289 * msDS-HasDomainNCs attribute
294 /* see if its already in the list */
295 for (bl=replmd_private->la_backlinks; bl; bl=bl->next) {
296 if (GUID_equal(forward_guid, &bl->forward_guid) &&
297 GUID_equal(target_guid, &bl->target_guid) &&
298 (target_attr->lDAPDisplayName == bl->attr_name ||
299 strcmp(target_attr->lDAPDisplayName, bl->attr_name) == 0)) {
305 /* we found an existing one */
306 if (bl->active == active) {
309 DLIST_REMOVE(replmd_private->la_backlinks, bl);
314 if (replmd_private->bl_ctx == NULL) {
315 replmd_private->bl_ctx = talloc_new(replmd_private);
316 if (replmd_private->bl_ctx == NULL) {
317 ldb_module_oom(module);
318 return LDB_ERR_OPERATIONS_ERROR;
323 bl = talloc(replmd_private->bl_ctx, struct la_backlink);
325 ldb_module_oom(module);
326 return LDB_ERR_OPERATIONS_ERROR;
329 /* Ensure the schema does not go away before the bl->attr_name is used */
330 if (!talloc_reference(bl, schema)) {
332 ldb_module_oom(module);
333 return LDB_ERR_OPERATIONS_ERROR;
336 bl->attr_name = target_attr->lDAPDisplayName;
337 bl->forward_guid = *forward_guid;
338 bl->target_guid = *target_guid;
341 /* the caller may ask for this backlink to be processed
344 int ret = replmd_process_backlink(module, bl, NULL);
349 DLIST_ADD(replmd_private->la_backlinks, bl);
356 * Callback for most write operations in this module:
358 * notify the repl task that a object has changed. The notifies are
359 * gathered up in the replmd_private structure then written to the
360 * @REPLCHANGED object in each partition during the prepare_commit
362 static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
365 struct replmd_replicated_request *ac =
366 talloc_get_type_abort(req->context, struct replmd_replicated_request);
367 struct replmd_private *replmd_private =
368 talloc_get_type_abort(ldb_module_get_private(ac->module), struct replmd_private);
369 struct nc_entry *modified_partition;
370 struct ldb_control *partition_ctrl;
371 const struct dsdb_control_current_partition *partition;
373 struct ldb_control **controls;
375 partition_ctrl = ldb_reply_get_control(ares, DSDB_CONTROL_CURRENT_PARTITION_OID);
377 controls = ares->controls;
378 if (ldb_request_get_control(ac->req,
379 DSDB_CONTROL_CURRENT_PARTITION_OID) == NULL) {
381 * Remove the current partition control from what we pass up
382 * the chain if it hasn't been requested manually.
384 controls = ldb_controls_except_specified(ares->controls, ares,
388 if (ares->error != LDB_SUCCESS) {
389 DEBUG(0,("%s failure. Error is: %s\n", __FUNCTION__, ldb_strerror(ares->error)));
390 return ldb_module_done(ac->req, controls,
391 ares->response, ares->error);
394 if (ares->type != LDB_REPLY_DONE) {
395 ldb_set_errstring(ldb_module_get_ctx(ac->module), "Invalid reply type for notify\n!");
396 return ldb_module_done(ac->req, NULL,
397 NULL, LDB_ERR_OPERATIONS_ERROR);
400 if (!partition_ctrl) {
401 ldb_set_errstring(ldb_module_get_ctx(ac->module),"No partition control on reply");
402 return ldb_module_done(ac->req, NULL,
403 NULL, LDB_ERR_OPERATIONS_ERROR);
406 partition = talloc_get_type_abort(partition_ctrl->data,
407 struct dsdb_control_current_partition);
409 if (ac->seq_num > 0) {
410 for (modified_partition = replmd_private->ncs; modified_partition;
411 modified_partition = modified_partition->next) {
412 if (ldb_dn_compare(modified_partition->dn, partition->dn) == 0) {
417 if (modified_partition == NULL) {
418 modified_partition = talloc_zero(replmd_private, struct nc_entry);
419 if (!modified_partition) {
420 ldb_oom(ldb_module_get_ctx(ac->module));
421 return ldb_module_done(ac->req, NULL,
422 NULL, LDB_ERR_OPERATIONS_ERROR);
424 modified_partition->dn = ldb_dn_copy(modified_partition, partition->dn);
425 if (!modified_partition->dn) {
426 ldb_oom(ldb_module_get_ctx(ac->module));
427 return ldb_module_done(ac->req, NULL,
428 NULL, LDB_ERR_OPERATIONS_ERROR);
430 DLIST_ADD(replmd_private->ncs, modified_partition);
433 if (ac->seq_num > modified_partition->mod_usn) {
434 modified_partition->mod_usn = ac->seq_num;
436 modified_partition->mod_usn_urgent = ac->seq_num;
441 if (ac->apply_mode) {
445 ret = replmd_replicated_apply_next(ac);
446 if (ret != LDB_SUCCESS) {
447 return ldb_module_done(ac->req, NULL, NULL, ret);
451 /* free the partition control container here, for the
452 * common path. Other cases will have it cleaned up
453 * eventually with the ares */
454 talloc_free(partition_ctrl);
455 return ldb_module_done(ac->req,
456 ldb_controls_except_specified(controls, ares, partition_ctrl),
457 ares->response, LDB_SUCCESS);
463 * update a @REPLCHANGED record in each partition if there have been
464 * any writes of replicated data in the partition
466 static int replmd_notify_store(struct ldb_module *module, struct ldb_request *parent)
468 struct replmd_private *replmd_private =
469 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
471 while (replmd_private->ncs) {
473 struct nc_entry *modified_partition = replmd_private->ncs;
475 ret = dsdb_module_save_partition_usn(module, modified_partition->dn,
476 modified_partition->mod_usn,
477 modified_partition->mod_usn_urgent, parent);
478 if (ret != LDB_SUCCESS) {
479 DEBUG(0,(__location__ ": Failed to save partition uSN for %s\n",
480 ldb_dn_get_linearized(modified_partition->dn)));
483 DLIST_REMOVE(replmd_private->ncs, modified_partition);
484 talloc_free(modified_partition);
492 created a replmd_replicated_request context
494 static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module,
495 struct ldb_request *req)
497 struct ldb_context *ldb;
498 struct replmd_replicated_request *ac;
500 ldb = ldb_module_get_ctx(module);
502 ac = talloc_zero(req, struct replmd_replicated_request);
511 ac->schema = dsdb_get_schema(ldb, ac);
513 ldb_debug_set(ldb, LDB_DEBUG_FATAL,
514 "replmd_modify: no dsdb_schema loaded");
515 DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
523 add a time element to a record
525 static int add_time_element(struct ldb_message *msg, const char *attr, time_t t)
527 struct ldb_message_element *el;
531 if (ldb_msg_find_element(msg, attr) != NULL) {
535 s = ldb_timestring(msg, t);
537 return LDB_ERR_OPERATIONS_ERROR;
540 ret = ldb_msg_add_string(msg, attr, s);
541 if (ret != LDB_SUCCESS) {
545 el = ldb_msg_find_element(msg, attr);
546 /* always set as replace. This works because on add ops, the flag
548 el->flags = LDB_FLAG_MOD_REPLACE;
554 add a uint64_t element to a record
556 static int add_uint64_element(struct ldb_context *ldb, struct ldb_message *msg,
557 const char *attr, uint64_t v)
559 struct ldb_message_element *el;
562 if (ldb_msg_find_element(msg, attr) != NULL) {
566 ret = samdb_msg_add_uint64(ldb, msg, msg, attr, v);
567 if (ret != LDB_SUCCESS) {
571 el = ldb_msg_find_element(msg, attr);
572 /* always set as replace. This works because on add ops, the flag
574 el->flags = LDB_FLAG_MOD_REPLACE;
579 static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1,
580 const struct replPropertyMetaData1 *m2,
581 const uint32_t *rdn_attid)
583 if (m1->attid == m2->attid) {
588 * the rdn attribute should be at the end!
589 * so we need to return a value greater than zero
590 * which means m1 is greater than m2
592 if (m1->attid == *rdn_attid) {
597 * the rdn attribute should be at the end!
598 * so we need to return a value less than zero
599 * which means m2 is greater than m1
601 if (m2->attid == *rdn_attid) {
605 return m1->attid > m2->attid ? 1 : -1;
608 static int replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1,
609 const struct dsdb_schema *schema,
612 const char *rdn_name;
613 const struct dsdb_attribute *rdn_sa;
615 rdn_name = ldb_dn_get_rdn_name(dn);
617 DEBUG(0,(__location__ ": No rDN for %s?\n", ldb_dn_get_linearized(dn)));
618 return LDB_ERR_OPERATIONS_ERROR;
621 rdn_sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
622 if (rdn_sa == NULL) {
623 DEBUG(0,(__location__ ": No sa found for rDN %s for %s\n", rdn_name, ldb_dn_get_linearized(dn)));
624 return LDB_ERR_OPERATIONS_ERROR;
627 DEBUG(6,("Sorting rpmd with attid exception %u rDN=%s DN=%s\n",
628 rdn_sa->attributeID_id, rdn_name, ldb_dn_get_linearized(dn)));
630 LDB_TYPESAFE_QSORT(ctr1->array, ctr1->count, &rdn_sa->attributeID_id, replmd_replPropertyMetaData1_attid_sort);
635 static int replmd_ldb_message_element_attid_sort(const struct ldb_message_element *e1,
636 const struct ldb_message_element *e2,
637 const struct dsdb_schema *schema)
639 const struct dsdb_attribute *a1;
640 const struct dsdb_attribute *a2;
643 * TODO: make this faster by caching the dsdb_attribute pointer
644 * on the ldb_messag_element
647 a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1->name);
648 a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2->name);
651 * TODO: remove this check, we should rely on e1 and e2 having valid attribute names
655 return strcasecmp(e1->name, e2->name);
657 if (a1->attributeID_id == a2->attributeID_id) {
660 return a1->attributeID_id > a2->attributeID_id ? 1 : -1;
663 static void replmd_ldb_message_sort(struct ldb_message *msg,
664 const struct dsdb_schema *schema)
666 LDB_TYPESAFE_QSORT(msg->elements, msg->num_elements, schema, replmd_ldb_message_element_attid_sort);
669 static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
670 const struct GUID *invocation_id, uint64_t seq_num,
671 uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted);
675 fix up linked attributes in replmd_add.
676 This involves setting up the right meta-data in extended DN
677 components, and creating backlinks to the object
679 static int replmd_add_fix_la(struct ldb_module *module, struct ldb_message_element *el,
680 uint64_t seq_num, const struct GUID *invocationId, time_t t,
681 struct GUID *guid, const struct dsdb_attribute *sa, struct ldb_request *parent)
684 TALLOC_CTX *tmp_ctx = talloc_new(el->values);
685 struct ldb_context *ldb = ldb_module_get_ctx(module);
687 /* We will take a reference to the schema in replmd_add_backlink */
688 const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
691 unix_to_nt_time(&now, t);
693 for (i=0; i<el->num_values; i++) {
694 struct ldb_val *v = &el->values[i];
695 struct dsdb_dn *dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, v, sa->syntax->ldap_oid);
696 struct GUID target_guid;
700 /* note that the DN already has the extended
701 components from the extended_dn_store module */
702 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
703 if (!NT_STATUS_IS_OK(status) || GUID_all_zero(&target_guid)) {
704 ret = dsdb_module_guid_by_dn(module, dsdb_dn->dn, &target_guid, parent);
705 if (ret != LDB_SUCCESS) {
706 talloc_free(tmp_ctx);
709 ret = dsdb_set_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
710 if (ret != LDB_SUCCESS) {
711 talloc_free(tmp_ctx);
716 ret = replmd_build_la_val(el->values, v, dsdb_dn, invocationId,
717 seq_num, seq_num, now, 0, false);
718 if (ret != LDB_SUCCESS) {
719 talloc_free(tmp_ctx);
723 ret = replmd_add_backlink(module, schema, guid, &target_guid, true, sa, false);
724 if (ret != LDB_SUCCESS) {
725 talloc_free(tmp_ctx);
730 talloc_free(tmp_ctx);
736 intercept add requests
738 static int replmd_add(struct ldb_module *module, struct ldb_request *req)
740 struct ldb_context *ldb;
741 struct ldb_control *control;
742 struct replmd_replicated_request *ac;
743 enum ndr_err_code ndr_err;
744 struct ldb_request *down_req;
745 struct ldb_message *msg;
746 const DATA_BLOB *guid_blob;
748 struct replPropertyMetaDataBlob nmd;
749 struct ldb_val nmd_value;
750 const struct GUID *our_invocation_id;
751 time_t t = time(NULL);
756 unsigned int functional_level;
758 bool allow_add_guid = false;
759 bool remove_current_guid = false;
760 bool is_urgent = false;
761 struct ldb_message_element *objectclass_el;
763 /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
764 control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
766 allow_add_guid = true;
769 /* do not manipulate our control entries */
770 if (ldb_dn_is_special(req->op.add.message->dn)) {
771 return ldb_next_request(module, req);
774 ldb = ldb_module_get_ctx(module);
776 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_add\n");
778 guid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectGUID");
779 if (guid_blob != NULL) {
780 if (!allow_add_guid) {
781 ldb_set_errstring(ldb,
782 "replmd_add: it's not allowed to add an object with objectGUID!");
783 return LDB_ERR_UNWILLING_TO_PERFORM;
785 NTSTATUS status = GUID_from_data_blob(guid_blob,&guid);
786 if (!NT_STATUS_IS_OK(status)) {
787 ldb_set_errstring(ldb,
788 "replmd_add: Unable to parse the 'objectGUID' as a GUID!");
789 return LDB_ERR_UNWILLING_TO_PERFORM;
791 /* we remove this attribute as it can be a string and
792 * will not be treated correctly and then we will re-add
793 * it later on in the good format */
794 remove_current_guid = true;
798 guid = GUID_random();
801 ac = replmd_ctx_init(module, req);
803 return ldb_module_oom(module);
806 functional_level = dsdb_functional_level(ldb);
808 /* Get a sequence number from the backend */
809 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
810 if (ret != LDB_SUCCESS) {
815 /* get our invocationId */
816 our_invocation_id = samdb_ntds_invocation_id(ldb);
817 if (!our_invocation_id) {
818 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
819 "replmd_add: unable to find invocationId\n");
821 return LDB_ERR_OPERATIONS_ERROR;
824 /* we have to copy the message as the caller might have it as a const */
825 msg = ldb_msg_copy_shallow(ac, req->op.add.message);
829 return LDB_ERR_OPERATIONS_ERROR;
832 /* generated times */
833 unix_to_nt_time(&now, t);
834 time_str = ldb_timestring(msg, t);
838 return LDB_ERR_OPERATIONS_ERROR;
840 if (remove_current_guid) {
841 ldb_msg_remove_attr(msg,"objectGUID");
845 * remove autogenerated attributes
847 ldb_msg_remove_attr(msg, "whenCreated");
848 ldb_msg_remove_attr(msg, "whenChanged");
849 ldb_msg_remove_attr(msg, "uSNCreated");
850 ldb_msg_remove_attr(msg, "uSNChanged");
851 ldb_msg_remove_attr(msg, "replPropertyMetaData");
854 * readd replicated attributes
856 ret = ldb_msg_add_string(msg, "whenCreated", time_str);
857 if (ret != LDB_SUCCESS) {
863 /* build the replication meta_data */
866 nmd.ctr.ctr1.count = msg->num_elements;
867 nmd.ctr.ctr1.array = talloc_array(msg,
868 struct replPropertyMetaData1,
870 if (!nmd.ctr.ctr1.array) {
873 return LDB_ERR_OPERATIONS_ERROR;
876 for (i=0; i < msg->num_elements; i++) {
877 struct ldb_message_element *e = &msg->elements[i];
878 struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni];
879 const struct dsdb_attribute *sa;
881 if (e->name[0] == '@') continue;
883 sa = dsdb_attribute_by_lDAPDisplayName(ac->schema, e->name);
885 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
886 "replmd_add: attribute '%s' not defined in schema\n",
889 return LDB_ERR_NO_SUCH_ATTRIBUTE;
892 if ((sa->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (sa->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
893 /* if the attribute is not replicated (0x00000001)
894 * or constructed (0x00000004) it has no metadata
899 if (sa->linkID != 0 && functional_level > DS_DOMAIN_FUNCTION_2000) {
900 ret = replmd_add_fix_la(module, e, ac->seq_num, our_invocation_id, t, &guid, sa, req);
901 if (ret != LDB_SUCCESS) {
905 /* linked attributes are not stored in
906 replPropertyMetaData in FL above w2k */
910 m->attid = sa->attributeID_id;
912 m->originating_change_time = now;
913 m->originating_invocation_id = *our_invocation_id;
914 m->originating_usn = ac->seq_num;
915 m->local_usn = ac->seq_num;
919 /* fix meta data count */
920 nmd.ctr.ctr1.count = ni;
923 * sort meta data array, and move the rdn attribute entry to the end
925 ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, ac->schema, msg->dn);
926 if (ret != LDB_SUCCESS) {
931 /* generated NDR encoded values */
932 ndr_err = ndr_push_struct_blob(&nmd_value, msg,
934 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
935 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
938 return LDB_ERR_OPERATIONS_ERROR;
942 * add the autogenerated values
944 ret = dsdb_msg_add_guid(msg, &guid, "objectGUID");
945 if (ret != LDB_SUCCESS) {
950 ret = ldb_msg_add_string(msg, "whenChanged", time_str);
951 if (ret != LDB_SUCCESS) {
956 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ac->seq_num);
957 if (ret != LDB_SUCCESS) {
962 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ac->seq_num);
963 if (ret != LDB_SUCCESS) {
968 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
969 if (ret != LDB_SUCCESS) {
976 * sort the attributes by attid before storing the object
978 replmd_ldb_message_sort(msg, ac->schema);
980 objectclass_el = ldb_msg_find_element(msg, "objectClass");
981 is_urgent = replmd_check_urgent_objectclass(objectclass_el,
982 REPL_URGENT_ON_CREATE);
984 ac->is_urgent = is_urgent;
985 ret = ldb_build_add_req(&down_req, ldb, ac,
988 ac, replmd_op_callback,
991 LDB_REQ_SET_LOCATION(down_req);
992 if (ret != LDB_SUCCESS) {
997 if (functional_level == DS_DOMAIN_FUNCTION_2000) {
998 ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
999 if (ret != LDB_SUCCESS) {
1005 /* mark the control done */
1007 control->critical = 0;
1010 /* go on with the call chain */
1011 return ldb_next_request(module, down_req);
1016 * update the replPropertyMetaData for one element
1018 static int replmd_update_rpmd_element(struct ldb_context *ldb,
1019 struct ldb_message *msg,
1020 struct ldb_message_element *el,
1021 struct ldb_message_element *old_el,
1022 struct replPropertyMetaDataBlob *omd,
1023 const struct dsdb_schema *schema,
1025 const struct GUID *our_invocation_id,
1029 const struct dsdb_attribute *a;
1030 struct replPropertyMetaData1 *md1;
1032 a = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
1034 DEBUG(0,(__location__ ": Unable to find attribute %s in schema\n",
1036 return LDB_ERR_OPERATIONS_ERROR;
1039 if ((a->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (a->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
1043 /* if the attribute's value haven't changed then return LDB_SUCCESS */
1044 if (old_el != NULL && ldb_msg_element_compare(el, old_el) == 0) {
1048 for (i=0; i<omd->ctr.ctr1.count; i++) {
1049 if (a->attributeID_id == omd->ctr.ctr1.array[i].attid) break;
1052 if (a->linkID != 0 && dsdb_functional_level(ldb) > DS_DOMAIN_FUNCTION_2000) {
1053 /* linked attributes are not stored in
1054 replPropertyMetaData in FL above w2k, but we do
1055 raise the seqnum for the object */
1056 if (*seq_num == 0 &&
1057 ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num) != LDB_SUCCESS) {
1058 return LDB_ERR_OPERATIONS_ERROR;
1063 if (i == omd->ctr.ctr1.count) {
1064 /* we need to add a new one */
1065 omd->ctr.ctr1.array = talloc_realloc(msg, omd->ctr.ctr1.array,
1066 struct replPropertyMetaData1, omd->ctr.ctr1.count+1);
1067 if (omd->ctr.ctr1.array == NULL) {
1069 return LDB_ERR_OPERATIONS_ERROR;
1071 omd->ctr.ctr1.count++;
1072 ZERO_STRUCT(omd->ctr.ctr1.array[i]);
1075 /* Get a new sequence number from the backend. We only do this
1076 * if we have a change that requires a new
1077 * replPropertyMetaData element
1079 if (*seq_num == 0) {
1080 int ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num);
1081 if (ret != LDB_SUCCESS) {
1082 return LDB_ERR_OPERATIONS_ERROR;
1086 md1 = &omd->ctr.ctr1.array[i];
1088 md1->attid = a->attributeID_id;
1089 md1->originating_change_time = now;
1090 md1->originating_invocation_id = *our_invocation_id;
1091 md1->originating_usn = *seq_num;
1092 md1->local_usn = *seq_num;
1097 static uint64_t find_max_local_usn(struct replPropertyMetaDataBlob omd)
1099 uint32_t count = omd.ctr.ctr1.count;
1102 for (i=0; i < count; i++) {
1103 struct replPropertyMetaData1 m = omd.ctr.ctr1.array[i];
1104 if (max < m.local_usn) {
1112 * update the replPropertyMetaData object each time we modify an
1113 * object. This is needed for DRS replication, as the merge on the
1114 * client is based on this object
1116 static int replmd_update_rpmd(struct ldb_module *module,
1117 const struct dsdb_schema *schema,
1118 struct ldb_request *req,
1119 struct ldb_message *msg, uint64_t *seq_num,
1123 const struct ldb_val *omd_value;
1124 enum ndr_err_code ndr_err;
1125 struct replPropertyMetaDataBlob omd;
1128 const struct GUID *our_invocation_id;
1130 const char *attrs[] = { "replPropertyMetaData", "*", NULL };
1131 const char *attrs2[] = { "uSNChanged", "objectClass", NULL };
1132 struct ldb_result *res;
1133 struct ldb_context *ldb;
1134 struct ldb_message_element *objectclass_el;
1135 enum urgent_situation situation;
1136 bool rodc, rmd_is_provided;
1138 ldb = ldb_module_get_ctx(module);
1140 our_invocation_id = samdb_ntds_invocation_id(ldb);
1141 if (!our_invocation_id) {
1142 /* this happens during an initial vampire while
1143 updating the schema */
1144 DEBUG(5,("No invocationID - skipping replPropertyMetaData update\n"));
1148 unix_to_nt_time(&now, t);
1150 if (ldb_request_get_control(req, DSDB_CONTROL_CHANGEREPLMETADATA_OID)) {
1151 rmd_is_provided = true;
1153 rmd_is_provided = false;
1156 /* if isDeleted is present and is TRUE, then we consider we are deleting,
1157 * otherwise we consider we are updating */
1158 if (ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")) {
1159 situation = REPL_URGENT_ON_DELETE;
1161 situation = REPL_URGENT_ON_UPDATE;
1164 if (rmd_is_provided) {
1165 /* In this case the change_replmetadata control was supplied */
1166 /* We check that it's the only attribute that is provided
1167 * (it's a rare case so it's better to keep the code simplier)
1168 * We also check that the highest local_usn is bigger than
1171 if( msg->num_elements != 1 ||
1172 strncmp(msg->elements[0].name,
1173 "replPropertyMetaData", 20) ) {
1174 DEBUG(0,(__location__ ": changereplmetada control called without "\
1175 "a specified replPropertyMetaData attribute or with others\n"));
1176 return LDB_ERR_OPERATIONS_ERROR;
1178 if (situation == REPL_URGENT_ON_DELETE) {
1179 DEBUG(0,(__location__ ": changereplmetada control can't be called when deleting an object\n"));
1180 return LDB_ERR_OPERATIONS_ERROR;
1182 omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
1184 DEBUG(0,(__location__ ": replPropertyMetaData was not specified for Object %s\n",
1185 ldb_dn_get_linearized(msg->dn)));
1186 return LDB_ERR_OPERATIONS_ERROR;
1188 ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
1189 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
1190 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1191 DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
1192 ldb_dn_get_linearized(msg->dn)));
1193 return LDB_ERR_OPERATIONS_ERROR;
1195 *seq_num = find_max_local_usn(omd);
1197 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs2,
1198 DSDB_FLAG_NEXT_MODULE |
1199 DSDB_SEARCH_SHOW_RECYCLED |
1200 DSDB_SEARCH_SHOW_EXTENDED_DN |
1201 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
1202 DSDB_SEARCH_REVEAL_INTERNALS, req);
1204 if (ret != LDB_SUCCESS || res->count != 1) {
1205 DEBUG(0,(__location__ ": Object %s failed to find uSNChanged\n",
1206 ldb_dn_get_linearized(msg->dn)));
1207 return LDB_ERR_OPERATIONS_ERROR;
1210 objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
1211 if (is_urgent && replmd_check_urgent_objectclass(objectclass_el,
1216 db_seq = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNChanged", 0);
1217 if (*seq_num <= db_seq) {
1218 DEBUG(0,(__location__ ": changereplmetada control provided but max(local_usn)"\
1219 " is less or equal to uSNChanged (max = %lld uSNChanged = %lld)\n",
1220 (long long)*seq_num, (long long)db_seq));
1221 return LDB_ERR_OPERATIONS_ERROR;
1225 /* search for the existing replPropertyMetaDataBlob. We need
1226 * to use REVEAL and ask for DNs in storage format to support
1227 * the check for values being the same in
1228 * replmd_update_rpmd_element()
1230 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
1231 DSDB_FLAG_NEXT_MODULE |
1232 DSDB_SEARCH_SHOW_RECYCLED |
1233 DSDB_SEARCH_SHOW_EXTENDED_DN |
1234 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
1235 DSDB_SEARCH_REVEAL_INTERNALS, req);
1236 if (ret != LDB_SUCCESS || res->count != 1) {
1237 DEBUG(0,(__location__ ": Object %s failed to find replPropertyMetaData\n",
1238 ldb_dn_get_linearized(msg->dn)));
1239 return LDB_ERR_OPERATIONS_ERROR;
1242 objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
1243 if (is_urgent && replmd_check_urgent_objectclass(objectclass_el,
1248 omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
1250 DEBUG(0,(__location__ ": Object %s does not have a replPropertyMetaData attribute\n",
1251 ldb_dn_get_linearized(msg->dn)));
1252 return LDB_ERR_OPERATIONS_ERROR;
1255 ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
1256 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
1257 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1258 DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
1259 ldb_dn_get_linearized(msg->dn)));
1260 return LDB_ERR_OPERATIONS_ERROR;
1263 if (omd.version != 1) {
1264 DEBUG(0,(__location__ ": bad version %u in replPropertyMetaData for %s\n",
1265 omd.version, ldb_dn_get_linearized(msg->dn)));
1266 return LDB_ERR_OPERATIONS_ERROR;
1269 for (i=0; i<msg->num_elements; i++) {
1270 struct ldb_message_element *old_el;
1271 old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
1272 ret = replmd_update_rpmd_element(ldb, msg, &msg->elements[i], old_el, &omd, schema, seq_num,
1273 our_invocation_id, now);
1274 if (ret != LDB_SUCCESS) {
1278 if (is_urgent && !*is_urgent && (situation == REPL_URGENT_ON_UPDATE)) {
1279 *is_urgent = replmd_check_urgent_attribute(&msg->elements[i]);
1285 * replmd_update_rpmd_element has done an update if the
1288 if (*seq_num != 0) {
1289 struct ldb_val *md_value;
1290 struct ldb_message_element *el;
1292 /*if we are RODC and this is a DRSR update then its ok*/
1293 if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
1294 ret = samdb_rodc(ldb, &rodc);
1295 if (ret != LDB_SUCCESS) {
1296 DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
1298 ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
1299 return LDB_ERR_REFERRAL;
1303 md_value = talloc(msg, struct ldb_val);
1304 if (md_value == NULL) {
1306 return LDB_ERR_OPERATIONS_ERROR;
1309 ret = replmd_replPropertyMetaDataCtr1_sort(&omd.ctr.ctr1, schema, msg->dn);
1310 if (ret != LDB_SUCCESS) {
1314 ndr_err = ndr_push_struct_blob(md_value, msg, &omd,
1315 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
1316 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1317 DEBUG(0,(__location__ ": Failed to marshall replPropertyMetaData for %s\n",
1318 ldb_dn_get_linearized(msg->dn)));
1319 return LDB_ERR_OPERATIONS_ERROR;
1322 ret = ldb_msg_add_empty(msg, "replPropertyMetaData", LDB_FLAG_MOD_REPLACE, &el);
1323 if (ret != LDB_SUCCESS) {
1324 DEBUG(0,(__location__ ": Failed to add updated replPropertyMetaData %s\n",
1325 ldb_dn_get_linearized(msg->dn)));
1330 el->values = md_value;
1337 struct dsdb_dn *dsdb_dn;
1342 static int parsed_dn_compare(struct parsed_dn *pdn1, struct parsed_dn *pdn2)
1344 return GUID_compare(pdn1->guid, pdn2->guid);
1347 static struct parsed_dn *parsed_dn_find(struct parsed_dn *pdn,
1348 unsigned int count, struct GUID *guid,
1351 struct parsed_dn *ret;
1353 if (dn && GUID_all_zero(guid)) {
1354 /* when updating a link using DRS, we sometimes get a
1355 NULL GUID. We then need to try and match by DN */
1356 for (i=0; i<count; i++) {
1357 if (ldb_dn_compare(pdn[i].dsdb_dn->dn, dn) == 0) {
1358 dsdb_get_extended_dn_guid(pdn[i].dsdb_dn->dn, guid, "GUID");
1364 BINARY_ARRAY_SEARCH(pdn, count, guid, guid, GUID_compare, ret);
1369 get a series of message element values as an array of DNs and GUIDs
1370 the result is sorted by GUID
1372 static int get_parsed_dns(struct ldb_module *module, TALLOC_CTX *mem_ctx,
1373 struct ldb_message_element *el, struct parsed_dn **pdn,
1374 const char *ldap_oid, struct ldb_request *parent)
1377 struct ldb_context *ldb = ldb_module_get_ctx(module);
1384 (*pdn) = talloc_array(mem_ctx, struct parsed_dn, el->num_values);
1386 ldb_module_oom(module);
1387 return LDB_ERR_OPERATIONS_ERROR;
1390 for (i=0; i<el->num_values; i++) {
1391 struct ldb_val *v = &el->values[i];
1394 struct parsed_dn *p;
1398 p->dsdb_dn = dsdb_dn_parse(*pdn, ldb, v, ldap_oid);
1399 if (p->dsdb_dn == NULL) {
1400 return LDB_ERR_INVALID_DN_SYNTAX;
1403 dn = p->dsdb_dn->dn;
1405 p->guid = talloc(*pdn, struct GUID);
1406 if (p->guid == NULL) {
1407 ldb_module_oom(module);
1408 return LDB_ERR_OPERATIONS_ERROR;
1411 status = dsdb_get_extended_dn_guid(dn, p->guid, "GUID");
1412 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1413 /* we got a DN without a GUID - go find the GUID */
1414 int ret = dsdb_module_guid_by_dn(module, dn, p->guid, parent);
1415 if (ret != LDB_SUCCESS) {
1416 ldb_asprintf_errstring(ldb, "Unable to find GUID for DN %s\n",
1417 ldb_dn_get_linearized(dn));
1420 ret = dsdb_set_extended_dn_guid(dn, p->guid, "GUID");
1421 if (ret != LDB_SUCCESS) {
1424 } else if (!NT_STATUS_IS_OK(status)) {
1425 return LDB_ERR_OPERATIONS_ERROR;
1428 /* keep a pointer to the original ldb_val */
1432 TYPESAFE_QSORT(*pdn, el->num_values, parsed_dn_compare);
1438 build a new extended DN, including all meta data fields
1440 RMD_FLAGS = DSDB_RMD_FLAG_* bits
1441 RMD_ADDTIME = originating_add_time
1442 RMD_INVOCID = originating_invocation_id
1443 RMD_CHANGETIME = originating_change_time
1444 RMD_ORIGINATING_USN = originating_usn
1445 RMD_LOCAL_USN = local_usn
1446 RMD_VERSION = version
1448 static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1449 const struct GUID *invocation_id, uint64_t seq_num,
1450 uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted)
1452 struct ldb_dn *dn = dsdb_dn->dn;
1453 const char *tstring, *usn_string, *flags_string;
1454 struct ldb_val tval;
1456 struct ldb_val usnv, local_usnv;
1457 struct ldb_val vers, flagsv;
1460 const char *dnstring;
1462 uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
1464 tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
1466 return LDB_ERR_OPERATIONS_ERROR;
1468 tval = data_blob_string_const(tstring);
1470 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)seq_num);
1472 return LDB_ERR_OPERATIONS_ERROR;
1474 usnv = data_blob_string_const(usn_string);
1476 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)local_usn);
1478 return LDB_ERR_OPERATIONS_ERROR;
1480 local_usnv = data_blob_string_const(usn_string);
1482 vstring = talloc_asprintf(mem_ctx, "%lu", (unsigned long)version);
1484 return LDB_ERR_OPERATIONS_ERROR;
1486 vers = data_blob_string_const(vstring);
1488 status = GUID_to_ndr_blob(invocation_id, dn, &iid);
1489 if (!NT_STATUS_IS_OK(status)) {
1490 return LDB_ERR_OPERATIONS_ERROR;
1493 flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
1494 if (!flags_string) {
1495 return LDB_ERR_OPERATIONS_ERROR;
1497 flagsv = data_blob_string_const(flags_string);
1499 ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
1500 if (ret != LDB_SUCCESS) return ret;
1501 ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", &tval);
1502 if (ret != LDB_SUCCESS) return ret;
1503 ret = ldb_dn_set_extended_component(dn, "RMD_INVOCID", &iid);
1504 if (ret != LDB_SUCCESS) return ret;
1505 ret = ldb_dn_set_extended_component(dn, "RMD_CHANGETIME", &tval);
1506 if (ret != LDB_SUCCESS) return ret;
1507 ret = ldb_dn_set_extended_component(dn, "RMD_LOCAL_USN", &local_usnv);
1508 if (ret != LDB_SUCCESS) return ret;
1509 ret = ldb_dn_set_extended_component(dn, "RMD_ORIGINATING_USN", &usnv);
1510 if (ret != LDB_SUCCESS) return ret;
1511 ret = ldb_dn_set_extended_component(dn, "RMD_VERSION", &vers);
1512 if (ret != LDB_SUCCESS) return ret;
1514 dnstring = dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1);
1515 if (dnstring == NULL) {
1516 return LDB_ERR_OPERATIONS_ERROR;
1518 *v = data_blob_string_const(dnstring);
1523 static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1524 struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
1525 uint64_t seq_num, uint64_t local_usn, NTTIME nttime,
1526 uint32_t version, bool deleted);
1529 check if any links need upgrading from w2k format
1531 The parent_ctx is the ldb_message_element which contains the values array that dns[i].v points at, and which should be used for allocating any new value.
1533 static int replmd_check_upgrade_links(struct parsed_dn *dns, uint32_t count, struct ldb_message_element *parent_ctx, const struct GUID *invocation_id)
1536 for (i=0; i<count; i++) {
1541 status = dsdb_get_extended_dn_uint32(dns[i].dsdb_dn->dn, &version, "RMD_VERSION");
1542 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1546 /* it's an old one that needs upgrading */
1547 ret = replmd_update_la_val(parent_ctx->values, dns[i].v, dns[i].dsdb_dn, dns[i].dsdb_dn, invocation_id,
1549 if (ret != LDB_SUCCESS) {
1557 update an extended DN, including all meta data fields
1559 see replmd_build_la_val for value names
1561 static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1562 struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
1563 uint64_t seq_num, uint64_t local_usn, NTTIME nttime,
1564 uint32_t version, bool deleted)
1566 struct ldb_dn *dn = dsdb_dn->dn;
1567 const char *tstring, *usn_string, *flags_string;
1568 struct ldb_val tval;
1570 struct ldb_val usnv, local_usnv;
1571 struct ldb_val vers, flagsv;
1572 const struct ldb_val *old_addtime;
1573 uint32_t old_version;
1576 const char *dnstring;
1578 uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
1580 tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
1582 return LDB_ERR_OPERATIONS_ERROR;
1584 tval = data_blob_string_const(tstring);
1586 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)seq_num);
1588 return LDB_ERR_OPERATIONS_ERROR;
1590 usnv = data_blob_string_const(usn_string);
1592 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)local_usn);
1594 return LDB_ERR_OPERATIONS_ERROR;
1596 local_usnv = data_blob_string_const(usn_string);
1598 status = GUID_to_ndr_blob(invocation_id, dn, &iid);
1599 if (!NT_STATUS_IS_OK(status)) {
1600 return LDB_ERR_OPERATIONS_ERROR;
1603 flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
1604 if (!flags_string) {
1605 return LDB_ERR_OPERATIONS_ERROR;
1607 flagsv = data_blob_string_const(flags_string);
1609 ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
1610 if (ret != LDB_SUCCESS) return ret;
1612 /* get the ADDTIME from the original */
1613 old_addtime = ldb_dn_get_extended_component(old_dsdb_dn->dn, "RMD_ADDTIME");
1614 if (old_addtime == NULL) {
1615 old_addtime = &tval;
1617 if (dsdb_dn != old_dsdb_dn) {
1618 ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", old_addtime);
1619 if (ret != LDB_SUCCESS) return ret;
1622 /* use our invocation id */
1623 ret = ldb_dn_set_extended_component(dn, "RMD_INVOCID", &iid);
1624 if (ret != LDB_SUCCESS) return ret;
1626 /* changetime is the current time */
1627 ret = ldb_dn_set_extended_component(dn, "RMD_CHANGETIME", &tval);
1628 if (ret != LDB_SUCCESS) return ret;
1630 /* update the USN */
1631 ret = ldb_dn_set_extended_component(dn, "RMD_ORIGINATING_USN", &usnv);
1632 if (ret != LDB_SUCCESS) return ret;
1634 ret = ldb_dn_set_extended_component(dn, "RMD_LOCAL_USN", &local_usnv);
1635 if (ret != LDB_SUCCESS) return ret;
1637 /* increase the version by 1 */
1638 status = dsdb_get_extended_dn_uint32(old_dsdb_dn->dn, &old_version, "RMD_VERSION");
1639 if (NT_STATUS_IS_OK(status) && old_version >= version) {
1640 version = old_version+1;
1642 vstring = talloc_asprintf(dn, "%lu", (unsigned long)version);
1643 vers = data_blob_string_const(vstring);
1644 ret = ldb_dn_set_extended_component(dn, "RMD_VERSION", &vers);
1645 if (ret != LDB_SUCCESS) return ret;
1647 dnstring = dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1);
1648 if (dnstring == NULL) {
1649 return LDB_ERR_OPERATIONS_ERROR;
1651 *v = data_blob_string_const(dnstring);
1657 handle adding a linked attribute
1659 static int replmd_modify_la_add(struct ldb_module *module,
1660 const struct dsdb_schema *schema,
1661 struct ldb_message *msg,
1662 struct ldb_message_element *el,
1663 struct ldb_message_element *old_el,
1664 const struct dsdb_attribute *schema_attr,
1667 struct GUID *msg_guid,
1668 struct ldb_request *parent)
1671 struct parsed_dn *dns, *old_dns;
1672 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1674 struct ldb_val *new_values = NULL;
1675 unsigned int num_new_values = 0;
1676 unsigned old_num_values = old_el?old_el->num_values:0;
1677 const struct GUID *invocation_id;
1678 struct ldb_context *ldb = ldb_module_get_ctx(module);
1681 unix_to_nt_time(&now, t);
1683 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid, parent);
1684 if (ret != LDB_SUCCESS) {
1685 talloc_free(tmp_ctx);
1689 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid, parent);
1690 if (ret != LDB_SUCCESS) {
1691 talloc_free(tmp_ctx);
1695 invocation_id = samdb_ntds_invocation_id(ldb);
1696 if (!invocation_id) {
1697 talloc_free(tmp_ctx);
1698 return LDB_ERR_OPERATIONS_ERROR;
1701 ret = replmd_check_upgrade_links(old_dns, old_num_values, old_el, invocation_id);
1702 if (ret != LDB_SUCCESS) {
1703 talloc_free(tmp_ctx);
1707 /* for each new value, see if it exists already with the same GUID */
1708 for (i=0; i<el->num_values; i++) {
1709 struct parsed_dn *p = parsed_dn_find(old_dns, old_num_values, dns[i].guid, NULL);
1711 /* this is a new linked attribute value */
1712 new_values = talloc_realloc(tmp_ctx, new_values, struct ldb_val, num_new_values+1);
1713 if (new_values == NULL) {
1714 ldb_module_oom(module);
1715 talloc_free(tmp_ctx);
1716 return LDB_ERR_OPERATIONS_ERROR;
1718 ret = replmd_build_la_val(new_values, &new_values[num_new_values], dns[i].dsdb_dn,
1719 invocation_id, seq_num, seq_num, now, 0, false);
1720 if (ret != LDB_SUCCESS) {
1721 talloc_free(tmp_ctx);
1726 /* this is only allowed if the GUID was
1727 previously deleted. */
1728 uint32_t rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
1730 if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
1731 ldb_asprintf_errstring(ldb, "Attribute %s already exists for target GUID %s",
1732 el->name, GUID_string(tmp_ctx, p->guid));
1733 talloc_free(tmp_ctx);
1734 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1736 ret = replmd_update_la_val(old_el->values, p->v, dns[i].dsdb_dn, p->dsdb_dn,
1737 invocation_id, seq_num, seq_num, now, 0, false);
1738 if (ret != LDB_SUCCESS) {
1739 talloc_free(tmp_ctx);
1744 ret = replmd_add_backlink(module, schema, msg_guid, dns[i].guid, true, schema_attr, true);
1745 if (ret != LDB_SUCCESS) {
1746 talloc_free(tmp_ctx);
1751 /* add the new ones on to the end of the old values, constructing a new el->values */
1752 el->values = talloc_realloc(msg->elements, old_el?old_el->values:NULL,
1754 old_num_values+num_new_values);
1755 if (el->values == NULL) {
1756 ldb_module_oom(module);
1757 return LDB_ERR_OPERATIONS_ERROR;
1760 memcpy(&el->values[old_num_values], new_values, num_new_values*sizeof(struct ldb_val));
1761 el->num_values = old_num_values + num_new_values;
1763 talloc_steal(msg->elements, el->values);
1764 talloc_steal(el->values, new_values);
1766 talloc_free(tmp_ctx);
1768 /* we now tell the backend to replace all existing values
1769 with the one we have constructed */
1770 el->flags = LDB_FLAG_MOD_REPLACE;
1777 handle deleting all active linked attributes
1779 static int replmd_modify_la_delete(struct ldb_module *module,
1780 const struct dsdb_schema *schema,
1781 struct ldb_message *msg,
1782 struct ldb_message_element *el,
1783 struct ldb_message_element *old_el,
1784 const struct dsdb_attribute *schema_attr,
1787 struct GUID *msg_guid,
1788 struct ldb_request *parent)
1791 struct parsed_dn *dns, *old_dns;
1792 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1794 const struct GUID *invocation_id;
1795 struct ldb_context *ldb = ldb_module_get_ctx(module);
1798 unix_to_nt_time(&now, t);
1800 /* check if there is nothing to delete */
1801 if ((!old_el || old_el->num_values == 0) &&
1802 el->num_values == 0) {
1806 if (!old_el || old_el->num_values == 0) {
1807 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1810 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid, parent);
1811 if (ret != LDB_SUCCESS) {
1812 talloc_free(tmp_ctx);
1816 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid, parent);
1817 if (ret != LDB_SUCCESS) {
1818 talloc_free(tmp_ctx);
1822 invocation_id = samdb_ntds_invocation_id(ldb);
1823 if (!invocation_id) {
1824 return LDB_ERR_OPERATIONS_ERROR;
1827 ret = replmd_check_upgrade_links(old_dns, old_el->num_values, old_el, invocation_id);
1828 if (ret != LDB_SUCCESS) {
1829 talloc_free(tmp_ctx);
1835 /* see if we are being asked to delete any links that
1836 don't exist or are already deleted */
1837 for (i=0; i<el->num_values; i++) {
1838 struct parsed_dn *p = &dns[i];
1839 struct parsed_dn *p2;
1842 p2 = parsed_dn_find(old_dns, old_el->num_values, p->guid, NULL);
1844 ldb_asprintf_errstring(ldb, "Attribute %s doesn't exist for target GUID %s",
1845 el->name, GUID_string(tmp_ctx, p->guid));
1846 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1848 rmd_flags = dsdb_dn_rmd_flags(p2->dsdb_dn->dn);
1849 if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
1850 ldb_asprintf_errstring(ldb, "Attribute %s already deleted for target GUID %s",
1851 el->name, GUID_string(tmp_ctx, p->guid));
1852 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1856 /* for each new value, see if it exists already with the same GUID
1857 if it is not already deleted and matches the delete list then delete it
1859 for (i=0; i<old_el->num_values; i++) {
1860 struct parsed_dn *p = &old_dns[i];
1863 if (el->num_values && parsed_dn_find(dns, el->num_values, p->guid, NULL) == NULL) {
1867 rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
1868 if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
1870 ret = replmd_update_la_val(old_el->values, p->v, p->dsdb_dn, p->dsdb_dn,
1871 invocation_id, seq_num, seq_num, now, 0, true);
1872 if (ret != LDB_SUCCESS) {
1873 talloc_free(tmp_ctx);
1877 ret = replmd_add_backlink(module, schema, msg_guid, old_dns[i].guid, false, schema_attr, true);
1878 if (ret != LDB_SUCCESS) {
1879 talloc_free(tmp_ctx);
1884 el->values = talloc_steal(msg->elements, old_el->values);
1885 el->num_values = old_el->num_values;
1887 talloc_free(tmp_ctx);
1889 /* we now tell the backend to replace all existing values
1890 with the one we have constructed */
1891 el->flags = LDB_FLAG_MOD_REPLACE;
1897 handle replacing a linked attribute
1899 static int replmd_modify_la_replace(struct ldb_module *module,
1900 const struct dsdb_schema *schema,
1901 struct ldb_message *msg,
1902 struct ldb_message_element *el,
1903 struct ldb_message_element *old_el,
1904 const struct dsdb_attribute *schema_attr,
1907 struct GUID *msg_guid,
1908 struct ldb_request *parent)
1911 struct parsed_dn *dns, *old_dns;
1912 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1914 const struct GUID *invocation_id;
1915 struct ldb_context *ldb = ldb_module_get_ctx(module);
1916 struct ldb_val *new_values = NULL;
1917 unsigned int num_new_values = 0;
1918 unsigned int old_num_values = old_el?old_el->num_values:0;
1921 unix_to_nt_time(&now, t);
1923 /* check if there is nothing to replace */
1924 if ((!old_el || old_el->num_values == 0) &&
1925 el->num_values == 0) {
1929 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid, parent);
1930 if (ret != LDB_SUCCESS) {
1931 talloc_free(tmp_ctx);
1935 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid, parent);
1936 if (ret != LDB_SUCCESS) {
1937 talloc_free(tmp_ctx);
1941 invocation_id = samdb_ntds_invocation_id(ldb);
1942 if (!invocation_id) {
1943 return LDB_ERR_OPERATIONS_ERROR;
1946 ret = replmd_check_upgrade_links(old_dns, old_num_values, old_el, invocation_id);
1947 if (ret != LDB_SUCCESS) {
1948 talloc_free(tmp_ctx);
1952 /* mark all the old ones as deleted */
1953 for (i=0; i<old_num_values; i++) {
1954 struct parsed_dn *old_p = &old_dns[i];
1955 struct parsed_dn *p;
1956 uint32_t rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);
1958 if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
1960 ret = replmd_add_backlink(module, schema, msg_guid, old_dns[i].guid, false, schema_attr, false);
1961 if (ret != LDB_SUCCESS) {
1962 talloc_free(tmp_ctx);
1966 p = parsed_dn_find(dns, el->num_values, old_p->guid, NULL);
1968 /* we don't delete it if we are re-adding it */
1972 ret = replmd_update_la_val(old_el->values, old_p->v, old_p->dsdb_dn, old_p->dsdb_dn,
1973 invocation_id, seq_num, seq_num, now, 0, true);
1974 if (ret != LDB_SUCCESS) {
1975 talloc_free(tmp_ctx);
1980 /* for each new value, either update its meta-data, or add it
1983 for (i=0; i<el->num_values; i++) {
1984 struct parsed_dn *p = &dns[i], *old_p;
1987 (old_p = parsed_dn_find(old_dns,
1988 old_num_values, p->guid, NULL)) != NULL) {
1989 /* update in place */
1990 ret = replmd_update_la_val(old_el->values, old_p->v, old_p->dsdb_dn,
1991 old_p->dsdb_dn, invocation_id,
1992 seq_num, seq_num, now, 0, false);
1993 if (ret != LDB_SUCCESS) {
1994 talloc_free(tmp_ctx);
1999 new_values = talloc_realloc(tmp_ctx, new_values, struct ldb_val,
2001 if (new_values == NULL) {
2002 ldb_module_oom(module);
2003 talloc_free(tmp_ctx);
2004 return LDB_ERR_OPERATIONS_ERROR;
2006 ret = replmd_build_la_val(new_values, &new_values[num_new_values], dns[i].dsdb_dn,
2007 invocation_id, seq_num, seq_num, now, 0, false);
2008 if (ret != LDB_SUCCESS) {
2009 talloc_free(tmp_ctx);
2015 ret = replmd_add_backlink(module, schema, msg_guid, dns[i].guid, true, schema_attr, false);
2016 if (ret != LDB_SUCCESS) {
2017 talloc_free(tmp_ctx);
2022 /* add the new values to the end of old_el */
2023 if (num_new_values != 0) {
2024 el->values = talloc_realloc(msg->elements, old_el?old_el->values:NULL,
2025 struct ldb_val, old_num_values+num_new_values);
2026 if (el->values == NULL) {
2027 ldb_module_oom(module);
2028 return LDB_ERR_OPERATIONS_ERROR;
2030 memcpy(&el->values[old_num_values], &new_values[0],
2031 sizeof(struct ldb_val)*num_new_values);
2032 el->num_values = old_num_values + num_new_values;
2033 talloc_steal(msg->elements, new_values);
2035 el->values = old_el->values;
2036 el->num_values = old_el->num_values;
2037 talloc_steal(msg->elements, el->values);
2040 talloc_free(tmp_ctx);
2042 /* we now tell the backend to replace all existing values
2043 with the one we have constructed */
2044 el->flags = LDB_FLAG_MOD_REPLACE;
2051 handle linked attributes in modify requests
2053 static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
2054 struct ldb_message *msg,
2055 uint64_t seq_num, time_t t,
2056 struct ldb_request *parent)
2058 struct ldb_result *res;
2061 struct ldb_context *ldb = ldb_module_get_ctx(module);
2062 struct ldb_message *old_msg;
2064 const struct dsdb_schema *schema;
2065 struct GUID old_guid;
2068 /* there the replmd_update_rpmd code has already
2069 * checked and saw that there are no linked
2074 if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) {
2075 /* don't do anything special for linked attributes */
2079 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
2080 DSDB_FLAG_NEXT_MODULE |
2081 DSDB_SEARCH_SHOW_RECYCLED |
2082 DSDB_SEARCH_REVEAL_INTERNALS |
2083 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
2085 if (ret != LDB_SUCCESS) {
2088 schema = dsdb_get_schema(ldb, res);
2090 return LDB_ERR_OPERATIONS_ERROR;
2093 old_msg = res->msgs[0];
2095 old_guid = samdb_result_guid(old_msg, "objectGUID");
2097 for (i=0; i<msg->num_elements; i++) {
2098 struct ldb_message_element *el = &msg->elements[i];
2099 struct ldb_message_element *old_el, *new_el;
2100 const struct dsdb_attribute *schema_attr
2101 = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
2103 ldb_asprintf_errstring(ldb,
2104 "%s: attribute %s is not a valid attribute in schema",
2105 __FUNCTION__, el->name);
2106 return LDB_ERR_OBJECT_CLASS_VIOLATION;
2108 if (schema_attr->linkID == 0) {
2111 if ((schema_attr->linkID & 1) == 1) {
2112 /* Odd is for the target. Illegal to modify */
2113 ldb_asprintf_errstring(ldb,
2114 "attribute %s must not be modified directly, it is a linked attribute", el->name);
2115 return LDB_ERR_UNWILLING_TO_PERFORM;
2117 old_el = ldb_msg_find_element(old_msg, el->name);
2118 switch (el->flags & LDB_FLAG_MOD_MASK) {
2119 case LDB_FLAG_MOD_REPLACE:
2120 ret = replmd_modify_la_replace(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid, parent);
2122 case LDB_FLAG_MOD_DELETE:
2123 ret = replmd_modify_la_delete(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid, parent);
2125 case LDB_FLAG_MOD_ADD:
2126 ret = replmd_modify_la_add(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid, parent);
2129 ldb_asprintf_errstring(ldb,
2130 "invalid flags 0x%x for %s linked attribute",
2131 el->flags, el->name);
2132 return LDB_ERR_UNWILLING_TO_PERFORM;
2134 if (ret != LDB_SUCCESS) {
2138 ldb_msg_remove_attr(old_msg, el->name);
2140 ldb_msg_add_empty(old_msg, el->name, 0, &new_el);
2141 new_el->num_values = el->num_values;
2142 new_el->values = talloc_steal(msg->elements, el->values);
2144 /* TODO: this relises a bit too heavily on the exact
2145 behaviour of ldb_msg_find_element and
2146 ldb_msg_remove_element */
2147 old_el = ldb_msg_find_element(msg, el->name);
2149 ldb_msg_remove_element(msg, old_el);
2160 static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
2162 struct ldb_context *ldb;
2163 struct replmd_replicated_request *ac;
2164 struct ldb_request *down_req;
2165 struct ldb_message *msg;
2166 time_t t = time(NULL);
2168 bool is_urgent = false;
2169 struct loadparm_context *lp_ctx;
2171 unsigned int functional_level;
2172 const DATA_BLOB *guid_blob;
2174 /* do not manipulate our control entries */
2175 if (ldb_dn_is_special(req->op.mod.message->dn)) {
2176 return ldb_next_request(module, req);
2179 ldb = ldb_module_get_ctx(module);
2181 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
2183 guid_blob = ldb_msg_find_ldb_val(req->op.mod.message, "objectGUID");
2184 if ( guid_blob != NULL ) {
2185 ldb_set_errstring(ldb,
2186 "replmd_modify: it's not allowed to change the objectGUID!");
2187 return LDB_ERR_CONSTRAINT_VIOLATION;
2190 ac = replmd_ctx_init(module, req);
2192 return ldb_module_oom(module);
2195 functional_level = dsdb_functional_level(ldb);
2197 lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
2198 struct loadparm_context);
2200 /* we have to copy the message as the caller might have it as a const */
2201 msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
2205 return LDB_ERR_OPERATIONS_ERROR;
2208 ldb_msg_remove_attr(msg, "whenChanged");
2209 ldb_msg_remove_attr(msg, "uSNChanged");
2211 ret = replmd_update_rpmd(module, ac->schema, req, msg, &ac->seq_num, t, &is_urgent);
2212 if (ret == LDB_ERR_REFERRAL) {
2213 referral = talloc_asprintf(req,
2215 lpcfg_dnsdomain(lp_ctx),
2216 ldb_dn_get_linearized(msg->dn));
2217 ret = ldb_module_send_referral(req, referral);
2219 return ldb_module_done(req, NULL, NULL, ret);
2222 if (ret != LDB_SUCCESS) {
2227 ret = replmd_modify_handle_linked_attribs(module, msg, ac->seq_num, t, req);
2228 if (ret != LDB_SUCCESS) {
2234 * - replace the old object with the newly constructed one
2237 ac->is_urgent = is_urgent;
2239 ret = ldb_build_mod_req(&down_req, ldb, ac,
2242 ac, replmd_op_callback,
2244 LDB_REQ_SET_LOCATION(down_req);
2245 if (ret != LDB_SUCCESS) {
2250 /* If we are in functional level 2000, then
2251 * replmd_modify_handle_linked_attribs will have done
2253 if (functional_level == DS_DOMAIN_FUNCTION_2000) {
2254 ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
2255 if (ret != LDB_SUCCESS) {
2261 talloc_steal(down_req, msg);
2263 /* we only change whenChanged and uSNChanged if the seq_num
2265 if (ac->seq_num != 0) {
2266 ret = add_time_element(msg, "whenChanged", t);
2267 if (ret != LDB_SUCCESS) {
2272 ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
2273 if (ret != LDB_SUCCESS) {
2279 /* go on with the call chain */
2280 return ldb_next_request(module, down_req);
2283 static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares);
2286 handle a rename request
2288 On a rename we need to do an extra ldb_modify which sets the
2289 whenChanged and uSNChanged attributes. We do this in a callback after the success.
2291 static int replmd_rename(struct ldb_module *module, struct ldb_request *req)
2293 struct ldb_context *ldb;
2294 struct replmd_replicated_request *ac;
2296 struct ldb_request *down_req;
2298 /* do not manipulate our control entries */
2299 if (ldb_dn_is_special(req->op.mod.message->dn)) {
2300 return ldb_next_request(module, req);
2303 ldb = ldb_module_get_ctx(module);
2305 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_rename\n");
2307 ac = replmd_ctx_init(module, req);
2309 return ldb_module_oom(module);
2312 ret = ldb_build_rename_req(&down_req, ldb, ac,
2313 ac->req->op.rename.olddn,
2314 ac->req->op.rename.newdn,
2316 ac, replmd_rename_callback,
2318 LDB_REQ_SET_LOCATION(down_req);
2319 if (ret != LDB_SUCCESS) {
2324 /* go on with the call chain */
2325 return ldb_next_request(module, down_req);
2328 /* After the rename is compleated, update the whenchanged etc */
2329 static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
2331 struct ldb_context *ldb;
2332 struct replmd_replicated_request *ac;
2333 struct ldb_request *down_req;
2334 struct ldb_message *msg;
2335 time_t t = time(NULL);
2338 ac = talloc_get_type(req->context, struct replmd_replicated_request);
2339 ldb = ldb_module_get_ctx(ac->module);
2341 if (ares->error != LDB_SUCCESS) {
2342 return ldb_module_done(ac->req, ares->controls,
2343 ares->response, ares->error);
2346 if (ares->type != LDB_REPLY_DONE) {
2347 ldb_set_errstring(ldb,
2348 "invalid ldb_reply_type in callback");
2350 return ldb_module_done(ac->req, NULL, NULL,
2351 LDB_ERR_OPERATIONS_ERROR);
2354 /* Get a sequence number from the backend */
2355 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
2356 if (ret != LDB_SUCCESS) {
2361 * - replace the old object with the newly constructed one
2364 msg = ldb_msg_new(ac);
2367 return LDB_ERR_OPERATIONS_ERROR;
2370 msg->dn = ac->req->op.rename.newdn;
2372 ret = ldb_build_mod_req(&down_req, ldb, ac,
2375 ac, replmd_op_callback,
2377 LDB_REQ_SET_LOCATION(down_req);
2378 if (ret != LDB_SUCCESS) {
2382 talloc_steal(down_req, msg);
2384 ret = add_time_element(msg, "whenChanged", t);
2385 if (ret != LDB_SUCCESS) {
2390 ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
2391 if (ret != LDB_SUCCESS) {
2396 /* go on with the call chain - do the modify after the rename */
2397 return ldb_next_request(ac->module, down_req);
2401 remove links from objects that point at this object when an object
2404 static int replmd_delete_remove_link(struct ldb_module *module,
2405 const struct dsdb_schema *schema,
2407 struct ldb_message_element *el,
2408 const struct dsdb_attribute *sa,
2409 struct ldb_request *parent)
2412 TALLOC_CTX *tmp_ctx = talloc_new(module);
2413 struct ldb_context *ldb = ldb_module_get_ctx(module);
2415 for (i=0; i<el->num_values; i++) {
2416 struct dsdb_dn *dsdb_dn;
2420 struct ldb_message *msg;
2421 const struct dsdb_attribute *target_attr;
2422 struct ldb_message_element *el2;
2423 struct ldb_val dn_val;
2425 if (dsdb_dn_is_deleted_val(&el->values[i])) {
2429 dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], sa->syntax->ldap_oid);
2431 talloc_free(tmp_ctx);
2432 return LDB_ERR_OPERATIONS_ERROR;
2435 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &guid2, "GUID");
2436 if (!NT_STATUS_IS_OK(status)) {
2437 talloc_free(tmp_ctx);
2438 return LDB_ERR_OPERATIONS_ERROR;
2441 /* remove the link */
2442 msg = ldb_msg_new(tmp_ctx);
2444 ldb_module_oom(module);
2445 talloc_free(tmp_ctx);
2446 return LDB_ERR_OPERATIONS_ERROR;
2450 msg->dn = dsdb_dn->dn;
2452 target_attr = dsdb_attribute_by_linkID(schema, sa->linkID ^ 1);
2453 if (target_attr == NULL) {
2457 ret = ldb_msg_add_empty(msg, target_attr->lDAPDisplayName, LDB_FLAG_MOD_DELETE, &el2);
2458 if (ret != LDB_SUCCESS) {
2459 ldb_module_oom(module);
2460 talloc_free(tmp_ctx);
2461 return LDB_ERR_OPERATIONS_ERROR;
2463 dn_val = data_blob_string_const(ldb_dn_get_linearized(dn));
2464 el2->values = &dn_val;
2465 el2->num_values = 1;
2467 ret = dsdb_module_modify(module, msg, DSDB_FLAG_OWN_MODULE, parent);
2468 if (ret != LDB_SUCCESS) {
2469 talloc_free(tmp_ctx);
2473 talloc_free(tmp_ctx);
2479 handle update of replication meta data for deletion of objects
2481 This also handles the mapping of delete to a rename operation
2482 to allow deletes to be replicated.
2484 static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
2486 int ret = LDB_ERR_OTHER;
2487 bool retb, disallow_move_on_delete;
2488 struct ldb_dn *old_dn, *new_dn;
2489 const char *rdn_name;
2490 const struct ldb_val *rdn_value, *new_rdn_value;
2492 struct ldb_context *ldb = ldb_module_get_ctx(module);
2493 const struct dsdb_schema *schema;
2494 struct ldb_message *msg, *old_msg;
2495 struct ldb_message_element *el;
2496 TALLOC_CTX *tmp_ctx;
2497 struct ldb_result *res, *parent_res;
2498 const char *preserved_attrs[] = {
2499 /* yes, this really is a hard coded list. See MS-ADTS
2500 section 3.1.1.5.5.1.1 */
2501 "nTSecurityDescriptor", "attributeID", "attributeSyntax", "dNReferenceUpdate", "dNSHostName",
2502 "flatName", "governsID", "groupType", "instanceType", "lDAPDisplayName", "legacyExchangeDN",
2503 "isDeleted", "isRecycled", "lastKnownParent", "msDS-LastKnownRDN", "mS-DS-CreatorSID",
2504 "mSMQOwnerID", "nCName", "objectClass", "distinguishedName", "objectGUID", "objectSid",
2505 "oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
2506 "securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
2507 "trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated",
2508 "whenChanged", NULL};
2509 unsigned int i, el_count = 0;
2510 enum deletion_state { OBJECT_NOT_DELETED=1, OBJECT_DELETED=2, OBJECT_RECYCLED=3,
2511 OBJECT_TOMBSTONE=4, OBJECT_REMOVED=5 };
2512 enum deletion_state deletion_state, next_deletion_state;
2515 if (ldb_dn_is_special(req->op.del.dn)) {
2516 return ldb_next_request(module, req);
2519 tmp_ctx = talloc_new(ldb);
2522 return LDB_ERR_OPERATIONS_ERROR;
2525 schema = dsdb_get_schema(ldb, tmp_ctx);
2527 return LDB_ERR_OPERATIONS_ERROR;
2530 old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
2532 /* we need the complete msg off disk, so we can work out which
2533 attributes need to be removed */
2534 ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, NULL,
2535 DSDB_FLAG_NEXT_MODULE |
2536 DSDB_SEARCH_SHOW_RECYCLED |
2537 DSDB_SEARCH_REVEAL_INTERNALS |
2538 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, req);
2539 if (ret != LDB_SUCCESS) {
2540 talloc_free(tmp_ctx);
2543 old_msg = res->msgs[0];
2546 ret = dsdb_recyclebin_enabled(module, &enabled);
2547 if (ret != LDB_SUCCESS) {
2548 talloc_free(tmp_ctx);
2552 if (ldb_msg_check_string_attribute(old_msg, "isDeleted", "TRUE")) {
2554 deletion_state = OBJECT_TOMBSTONE;
2555 next_deletion_state = OBJECT_REMOVED;
2556 } else if (ldb_msg_check_string_attribute(old_msg, "isRecycled", "TRUE")) {
2557 deletion_state = OBJECT_RECYCLED;
2558 next_deletion_state = OBJECT_REMOVED;
2560 deletion_state = OBJECT_DELETED;
2561 next_deletion_state = OBJECT_RECYCLED;
2564 deletion_state = OBJECT_NOT_DELETED;
2566 next_deletion_state = OBJECT_DELETED;
2568 next_deletion_state = OBJECT_TOMBSTONE;
2572 if (next_deletion_state == OBJECT_REMOVED) {
2573 struct auth_session_info *session_info =
2574 (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
2575 if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
2576 ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
2577 ldb_dn_get_linearized(old_msg->dn));
2578 return LDB_ERR_UNWILLING_TO_PERFORM;
2581 /* it is already deleted - really remove it this time */
2582 talloc_free(tmp_ctx);
2583 return ldb_next_request(module, req);
2586 rdn_name = ldb_dn_get_rdn_name(old_dn);
2587 rdn_value = ldb_dn_get_rdn_val(old_dn);
2588 if ((rdn_name == NULL) || (rdn_value == NULL)) {
2589 talloc_free(tmp_ctx);
2590 return ldb_operr(ldb);
2593 msg = ldb_msg_new(tmp_ctx);
2595 ldb_module_oom(module);
2596 talloc_free(tmp_ctx);
2597 return LDB_ERR_OPERATIONS_ERROR;
2602 if (deletion_state == OBJECT_NOT_DELETED){
2603 /* consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag */
2604 disallow_move_on_delete =
2605 (ldb_msg_find_attr_as_int(old_msg, "systemFlags", 0)
2606 & SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
2608 /* work out where we will be renaming this object to */
2609 if (!disallow_move_on_delete) {
2610 ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn,
2612 if (ret != LDB_SUCCESS) {
2613 /* this is probably an attempted delete on a partition
2614 * that doesn't allow delete operations, such as the
2615 * schema partition */
2616 ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
2617 ldb_dn_get_linearized(old_dn));
2618 talloc_free(tmp_ctx);
2619 return LDB_ERR_UNWILLING_TO_PERFORM;
2622 new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
2623 if (new_dn == NULL) {
2624 ldb_module_oom(module);
2625 talloc_free(tmp_ctx);
2626 return LDB_ERR_OPERATIONS_ERROR;
2630 /* get the objects GUID from the search we just did */
2631 guid = samdb_result_guid(old_msg, "objectGUID");
2633 /* Add a formatted child */
2634 retb = ldb_dn_add_child_fmt(new_dn, "%s=%s\\0ADEL:%s",
2636 ldb_dn_escape_value(tmp_ctx, *rdn_value),
2637 GUID_string(tmp_ctx, &guid));
2639 DEBUG(0,(__location__ ": Unable to add a formatted child to dn: %s",
2640 ldb_dn_get_linearized(new_dn)));
2641 talloc_free(tmp_ctx);
2642 return LDB_ERR_OPERATIONS_ERROR;
2645 ret = ldb_msg_add_string(msg, "isDeleted", "TRUE");
2646 if (ret != LDB_SUCCESS) {
2647 DEBUG(0,(__location__ ": Failed to add isDeleted string to the msg\n"));
2648 ldb_module_oom(module);
2649 talloc_free(tmp_ctx);
2652 msg->elements[el_count++].flags = LDB_FLAG_MOD_REPLACE;
2656 now we need to modify the object in the following ways:
2658 - add isDeleted=TRUE
2659 - update rDN and name, with new rDN
2660 - remove linked attributes
2661 - remove objectCategory and sAMAccountType
2662 - remove attribs not on the preserved list
2663 - preserved if in above list, or is rDN
2664 - remove all linked attribs from this object
2665 - remove all links from other objects to this object
2666 - add lastKnownParent
2667 - update replPropertyMetaData?
2669 see MS-ADTS "Tombstone Requirements" section 3.1.1.5.5.1.1
2672 /* we need the storage form of the parent GUID */
2673 ret = dsdb_module_search_dn(module, tmp_ctx, &parent_res,
2674 ldb_dn_get_parent(tmp_ctx, old_dn), NULL,
2675 DSDB_FLAG_NEXT_MODULE |
2676 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
2677 DSDB_SEARCH_REVEAL_INTERNALS|
2678 DSDB_SEARCH_SHOW_RECYCLED, req);
2679 if (ret != LDB_SUCCESS) {
2680 talloc_free(tmp_ctx);
2684 if (deletion_state == OBJECT_NOT_DELETED){
2685 ret = ldb_msg_add_steal_string(msg, "lastKnownParent",
2686 ldb_dn_get_extended_linearized(tmp_ctx, parent_res->msgs[0]->dn, 1));
2687 if (ret != LDB_SUCCESS) {
2688 DEBUG(0,(__location__ ": Failed to add lastKnownParent string to the msg\n"));
2689 ldb_module_oom(module);
2690 talloc_free(tmp_ctx);
2693 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2696 switch (next_deletion_state){
2698 case OBJECT_DELETED:
2700 ret = ldb_msg_add_value(msg, "msDS-LastKnownRDN", rdn_value, NULL);
2701 if (ret != LDB_SUCCESS) {
2702 DEBUG(0,(__location__ ": Failed to add msDS-LastKnownRDN string to the msg\n"));
2703 ldb_module_oom(module);
2704 talloc_free(tmp_ctx);
2707 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2709 ret = ldb_msg_add_empty(msg, "objectCategory", LDB_FLAG_MOD_DELETE, NULL);
2710 if (ret != LDB_SUCCESS) {
2711 talloc_free(tmp_ctx);
2712 ldb_module_oom(module);
2716 ret = ldb_msg_add_empty(msg, "sAMAccountType", LDB_FLAG_MOD_DELETE, NULL);
2717 if (ret != LDB_SUCCESS) {
2718 talloc_free(tmp_ctx);
2719 ldb_module_oom(module);
2725 case OBJECT_RECYCLED:
2726 case OBJECT_TOMBSTONE:
2728 /* we also mark it as recycled, meaning this object can't be
2729 recovered (we are stripping its attributes) */
2730 if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008_R2) {
2731 ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
2732 if (ret != LDB_SUCCESS) {
2733 DEBUG(0,(__location__ ": Failed to add isRecycled string to the msg\n"));
2734 ldb_module_oom(module);
2735 talloc_free(tmp_ctx);
2738 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2741 /* work out which of the old attributes we will be removing */
2742 for (i=0; i<old_msg->num_elements; i++) {
2743 const struct dsdb_attribute *sa;
2744 el = &old_msg->elements[i];
2745 sa = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
2747 talloc_free(tmp_ctx);
2748 return LDB_ERR_OPERATIONS_ERROR;
2750 if (ldb_attr_cmp(el->name, rdn_name) == 0) {
2751 /* don't remove the rDN */
2754 if (sa->linkID && sa->linkID & 1) {
2755 ret = replmd_delete_remove_link(module, schema, old_dn, el, sa, req);
2756 if (ret != LDB_SUCCESS) {
2757 talloc_free(tmp_ctx);
2758 return LDB_ERR_OPERATIONS_ERROR;
2762 if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
2765 ret = ldb_msg_add_empty(msg, el->name, LDB_FLAG_MOD_DELETE, &el);
2766 if (ret != LDB_SUCCESS) {
2767 talloc_free(tmp_ctx);
2768 ldb_module_oom(module);
2778 if (deletion_state == OBJECT_NOT_DELETED) {
2779 const struct dsdb_attribute *sa;
2781 /* work out what the new rdn value is, for updating the
2782 rDN and name fields */
2783 new_rdn_value = ldb_dn_get_rdn_val(new_dn);
2784 if (new_rdn_value == NULL) {
2785 talloc_free(tmp_ctx);
2786 return ldb_operr(ldb);
2789 sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
2791 talloc_free(tmp_ctx);
2792 return LDB_ERR_OPERATIONS_ERROR;
2795 ret = ldb_msg_add_value(msg, sa->lDAPDisplayName, new_rdn_value,
2797 if (ret != LDB_SUCCESS) {
2798 talloc_free(tmp_ctx);
2801 el->flags = LDB_FLAG_MOD_REPLACE;
2803 el = ldb_msg_find_element(old_msg, "name");
2805 ret = ldb_msg_add_value(msg, "name", new_rdn_value, &el);
2806 if (ret != LDB_SUCCESS) {
2807 talloc_free(tmp_ctx);
2810 el->flags = LDB_FLAG_MOD_REPLACE;
2814 ret = dsdb_module_modify(module, msg, DSDB_FLAG_OWN_MODULE, req);
2815 if (ret != LDB_SUCCESS) {
2816 ldb_asprintf_errstring(ldb, "replmd_delete: Failed to modify object %s in delete - %s",
2817 ldb_dn_get_linearized(old_dn), ldb_errstring(ldb));
2818 talloc_free(tmp_ctx);
2822 if (deletion_state == OBJECT_NOT_DELETED) {
2823 /* now rename onto the new DN */
2824 ret = dsdb_module_rename(module, old_dn, new_dn, DSDB_FLAG_NEXT_MODULE, req);
2825 if (ret != LDB_SUCCESS){
2826 DEBUG(0,(__location__ ": Failed to rename object from '%s' to '%s' - %s\n",
2827 ldb_dn_get_linearized(old_dn),
2828 ldb_dn_get_linearized(new_dn),
2829 ldb_errstring(ldb)));
2830 talloc_free(tmp_ctx);
2835 talloc_free(tmp_ctx);
2837 return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
2842 static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret)
2847 static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status)
2849 int ret = LDB_ERR_OTHER;
2850 /* TODO: do some error mapping */
2854 static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
2856 struct ldb_context *ldb;
2857 struct ldb_request *change_req;
2858 enum ndr_err_code ndr_err;
2859 struct ldb_message *msg;
2860 struct replPropertyMetaDataBlob *md;
2861 struct ldb_val md_value;
2866 * TODO: check if the parent object exist
2870 * TODO: handle the conflict case where an object with the
2874 ldb = ldb_module_get_ctx(ar->module);
2875 msg = ar->objs->objects[ar->index_current].msg;
2876 md = ar->objs->objects[ar->index_current].meta_data;
2878 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
2879 if (ret != LDB_SUCCESS) {
2880 return replmd_replicated_request_error(ar, ret);
2883 ret = ldb_msg_add_value(msg, "objectGUID", &ar->objs->objects[ar->index_current].guid_value, NULL);
2884 if (ret != LDB_SUCCESS) {
2885 return replmd_replicated_request_error(ar, ret);
2888 ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
2889 if (ret != LDB_SUCCESS) {
2890 return replmd_replicated_request_error(ar, ret);
2893 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ar->seq_num);
2894 if (ret != LDB_SUCCESS) {
2895 return replmd_replicated_request_error(ar, ret);
2898 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
2899 if (ret != LDB_SUCCESS) {
2900 return replmd_replicated_request_error(ar, ret);
2903 /* remove any message elements that have zero values */
2904 for (i=0; i<msg->num_elements; i++) {
2905 struct ldb_message_element *el = &msg->elements[i];
2907 if (el->num_values == 0) {
2908 DEBUG(4,(__location__ ": Removing attribute %s with num_values==0\n",
2910 memmove(el, el+1, sizeof(*el)*(msg->num_elements - (i+1)));
2911 msg->num_elements--;
2918 * the meta data array is already sorted by the caller
2920 for (i=0; i < md->ctr.ctr1.count; i++) {
2921 md->ctr.ctr1.array[i].local_usn = ar->seq_num;
2923 ndr_err = ndr_push_struct_blob(&md_value, msg, md,
2924 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
2925 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2926 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
2927 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
2929 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &md_value, NULL);
2930 if (ret != LDB_SUCCESS) {
2931 return replmd_replicated_request_error(ar, ret);
2934 replmd_ldb_message_sort(msg, ar->schema);
2937 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_ADD, msg);
2938 DEBUG(4, ("DRS replication add message:\n%s\n", s));
2942 ret = ldb_build_add_req(&change_req,
2950 LDB_REQ_SET_LOCATION(change_req);
2951 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
2953 return ldb_next_request(ar->module, change_req);
2957 return true if an update is newer than an existing entry
2958 see section 5.11 of MS-ADTS
2960 static bool replmd_update_is_newer(const struct GUID *current_invocation_id,
2961 const struct GUID *update_invocation_id,
2962 uint32_t current_version,
2963 uint32_t update_version,
2964 NTTIME current_change_time,
2965 NTTIME update_change_time)
2967 if (update_version != current_version) {
2968 return update_version > current_version;
2970 if (update_change_time != current_change_time) {
2971 return update_change_time > current_change_time;
2973 return GUID_compare(update_invocation_id, current_invocation_id) > 0;
2976 static bool replmd_replPropertyMetaData1_is_newer(struct replPropertyMetaData1 *cur_m,
2977 struct replPropertyMetaData1 *new_m)
2979 return replmd_update_is_newer(&cur_m->originating_invocation_id,
2980 &new_m->originating_invocation_id,
2983 cur_m->originating_change_time,
2984 new_m->originating_change_time);
2987 static struct replPropertyMetaData1 *
2988 replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob *md_blob,
2989 enum drsuapi_DsAttributeId attid)
2992 struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
2994 for (i = 0; i < rpmd_ctr->count; i++) {
2995 if (rpmd_ctr->array[i].attid == attid) {
2996 return &rpmd_ctr->array[i];
3004 handle renames that come in over DRS replication
3006 static int replmd_replicated_handle_rename(struct replmd_replicated_request *ar,
3007 struct ldb_message *msg,
3008 struct replPropertyMetaDataBlob *rmd,
3009 struct replPropertyMetaDataBlob *omd,
3010 struct ldb_request *parent)
3012 struct replPropertyMetaData1 *md_remote;
3013 struct replPropertyMetaData1 *md_local;
3015 if (ldb_dn_compare(msg->dn, ar->search_msg->dn) == 0) {
3020 /* now we need to check for double renames. We could have a
3021 * local rename pending which our replication partner hasn't
3022 * received yet. We choose which one wins by looking at the
3023 * attribute stamps on the two objects, the newer one wins
3025 md_remote = replmd_replPropertyMetaData1_find_attid(rmd, DRSUAPI_ATTID_name);
3026 md_local = replmd_replPropertyMetaData1_find_attid(omd, DRSUAPI_ATTID_name);
3027 /* if there is no name attribute then we have to assume the
3028 object we've received is in fact newer */
3029 if (!md_remote || !md_local ||
3030 replmd_replPropertyMetaData1_is_newer(md_local, md_remote)) {
3031 DEBUG(4,("replmd_replicated_request rename %s => %s\n",
3032 ldb_dn_get_linearized(ar->search_msg->dn),
3033 ldb_dn_get_linearized(msg->dn)));
3034 /* pass rename to the next module
3035 * so it doesn't appear as an originating update */
3036 return dsdb_module_rename(ar->module,
3037 ar->search_msg->dn, msg->dn,
3038 DSDB_FLAG_NEXT_MODULE | DSDB_MODIFY_RELAX, parent);
3041 /* we're going to keep our old object */
3042 DEBUG(4,(__location__ ": Keeping object %s and rejecting older rename to %s\n",
3043 ldb_dn_get_linearized(ar->search_msg->dn),
3044 ldb_dn_get_linearized(msg->dn)));
3049 static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
3051 struct ldb_context *ldb;
3052 struct ldb_request *change_req;
3053 enum ndr_err_code ndr_err;
3054 struct ldb_message *msg;
3055 struct replPropertyMetaDataBlob *rmd;
3056 struct replPropertyMetaDataBlob omd;
3057 const struct ldb_val *omd_value;
3058 struct replPropertyMetaDataBlob nmd;
3059 struct ldb_val nmd_value;
3062 unsigned int removed_attrs = 0;
3065 ldb = ldb_module_get_ctx(ar->module);
3066 msg = ar->objs->objects[ar->index_current].msg;
3067 rmd = ar->objs->objects[ar->index_current].meta_data;
3071 /* find existing meta data */
3072 omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData");
3074 ndr_err = ndr_pull_struct_blob(omd_value, ar, &omd,
3075 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
3076 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3077 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3078 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3081 if (omd.version != 1) {
3082 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3086 /* handle renames that come in over DRS */
3087 ret = replmd_replicated_handle_rename(ar, msg, rmd, &omd, ar->req);
3088 if (ret != LDB_SUCCESS) {
3089 ldb_debug(ldb, LDB_DEBUG_FATAL,
3090 "replmd_replicated_request rename %s => %s failed - %s\n",
3091 ldb_dn_get_linearized(ar->search_msg->dn),
3092 ldb_dn_get_linearized(msg->dn),
3093 ldb_errstring(ldb));
3094 return replmd_replicated_request_werror(ar, WERR_DS_DRA_DB_ERROR);
3099 nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count;
3100 nmd.ctr.ctr1.array = talloc_array(ar,
3101 struct replPropertyMetaData1,
3102 nmd.ctr.ctr1.count);
3103 if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3105 /* first copy the old meta data */
3106 for (i=0; i < omd.ctr.ctr1.count; i++) {
3107 nmd.ctr.ctr1.array[ni] = omd.ctr.ctr1.array[i];
3111 /* now merge in the new meta data */
3112 for (i=0; i < rmd->ctr.ctr1.count; i++) {
3115 for (j=0; j < ni; j++) {
3118 if (rmd->ctr.ctr1.array[i].attid != nmd.ctr.ctr1.array[j].attid) {
3122 cmp = replmd_replPropertyMetaData1_is_newer(&nmd.ctr.ctr1.array[j],
3123 &rmd->ctr.ctr1.array[i]);
3125 /* replace the entry */
3126 nmd.ctr.ctr1.array[j] = rmd->ctr.ctr1.array[i];
3131 if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType) {
3132 DEBUG(3,("Discarding older DRS attribute update to %s on %s from %s\n",
3133 msg->elements[i-removed_attrs].name,
3134 ldb_dn_get_linearized(msg->dn),
3135 GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
3138 /* we don't want to apply this change so remove the attribute */
3139 ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]);
3146 if (found) continue;
3148 nmd.ctr.ctr1.array[ni] = rmd->ctr.ctr1.array[i];
3153 * finally correct the size of the meta_data array
3155 nmd.ctr.ctr1.count = ni;
3158 * the rdn attribute (the alias for the name attribute),
3159 * 'cn' for most objects is the last entry in the meta data array
3162 * sort the new meta data array
3164 ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, ar->schema, msg->dn);
3165 if (ret != LDB_SUCCESS) {
3170 * check if some replicated attributes left, otherwise skip the ldb_modify() call
3172 if (msg->num_elements == 0) {
3173 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n",
3176 ar->index_current++;
3177 return replmd_replicated_apply_next(ar);
3180 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n",
3181 ar->index_current, msg->num_elements);
3183 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
3184 if (ret != LDB_SUCCESS) {
3185 return replmd_replicated_request_error(ar, ret);
3188 for (i=0; i<ni; i++) {
3189 nmd.ctr.ctr1.array[i].local_usn = ar->seq_num;
3192 /* create the meta data value */
3193 ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd,
3194 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
3195 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3196 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3197 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3201 * when we know that we'll modify the record, add the whenChanged, uSNChanged
3202 * and replPopertyMetaData attributes
3204 ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
3205 if (ret != LDB_SUCCESS) {
3206 return replmd_replicated_request_error(ar, ret);
3208 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
3209 if (ret != LDB_SUCCESS) {
3210 return replmd_replicated_request_error(ar, ret);
3212 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
3213 if (ret != LDB_SUCCESS) {
3214 return replmd_replicated_request_error(ar, ret);
3217 replmd_ldb_message_sort(msg, ar->schema);
3219 /* we want to replace the old values */
3220 for (i=0; i < msg->num_elements; i++) {
3221 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
3225 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
3226 DEBUG(4, ("DRS replication modify message:\n%s\n", s));
3230 ret = ldb_build_mod_req(&change_req,
3238 LDB_REQ_SET_LOCATION(change_req);
3239 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3241 return ldb_next_request(ar->module, change_req);
3244 static int replmd_replicated_apply_search_callback(struct ldb_request *req,
3245 struct ldb_reply *ares)
3247 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3248 struct replmd_replicated_request);
3252 return ldb_module_done(ar->req, NULL, NULL,
3253 LDB_ERR_OPERATIONS_ERROR);
3255 if (ares->error != LDB_SUCCESS &&
3256 ares->error != LDB_ERR_NO_SUCH_OBJECT) {
3257 return ldb_module_done(ar->req, ares->controls,
3258 ares->response, ares->error);
3261 switch (ares->type) {
3262 case LDB_REPLY_ENTRY:
3263 ar->search_msg = talloc_steal(ar, ares->message);
3266 case LDB_REPLY_REFERRAL:
3267 /* we ignore referrals */
3270 case LDB_REPLY_DONE:
3271 if (ar->search_msg != NULL) {
3272 ret = replmd_replicated_apply_merge(ar);
3274 ret = replmd_replicated_apply_add(ar);
3276 if (ret != LDB_SUCCESS) {
3277 return ldb_module_done(ar->req, NULL, NULL, ret);
3285 static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar);
3287 static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
3289 struct ldb_context *ldb;
3293 struct ldb_request *search_req;
3294 struct ldb_search_options_control *options;
3296 if (ar->index_current >= ar->objs->num_objects) {
3297 /* done with it, go to next stage */
3298 return replmd_replicated_uptodate_vector(ar);
3301 ldb = ldb_module_get_ctx(ar->module);
3302 ar->search_msg = NULL;
3304 tmp_str = ldb_binary_encode(ar, ar->objs->objects[ar->index_current].guid_value);
3305 if (!tmp_str) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3307 filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str);
3308 if (!filter) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3309 talloc_free(tmp_str);
3311 ret = ldb_build_search_req(&search_req,
3320 replmd_replicated_apply_search_callback,
3322 LDB_REQ_SET_LOCATION(search_req);
3324 ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
3326 if (ret != LDB_SUCCESS) {
3330 /* we need to cope with cross-partition links, so search for
3331 the GUID over all partitions */
3332 options = talloc(search_req, struct ldb_search_options_control);
3333 if (options == NULL) {
3334 DEBUG(0, (__location__ ": out of memory\n"));
3335 return LDB_ERR_OPERATIONS_ERROR;
3337 options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
3339 ret = ldb_request_add_control(search_req,
3340 LDB_CONTROL_SEARCH_OPTIONS_OID,
3342 if (ret != LDB_SUCCESS) {
3346 return ldb_next_request(ar->module, search_req);
3349 static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req,
3350 struct ldb_reply *ares)
3352 struct ldb_context *ldb;
3353 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3354 struct replmd_replicated_request);
3355 ldb = ldb_module_get_ctx(ar->module);
3358 return ldb_module_done(ar->req, NULL, NULL,
3359 LDB_ERR_OPERATIONS_ERROR);
3361 if (ares->error != LDB_SUCCESS) {
3362 return ldb_module_done(ar->req, ares->controls,
3363 ares->response, ares->error);
3366 if (ares->type != LDB_REPLY_DONE) {
3367 ldb_set_errstring(ldb, "Invalid reply type\n!");
3368 return ldb_module_done(ar->req, NULL, NULL,
3369 LDB_ERR_OPERATIONS_ERROR);
3374 return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
3377 static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar)
3379 struct ldb_context *ldb;
3380 struct ldb_request *change_req;
3381 enum ndr_err_code ndr_err;
3382 struct ldb_message *msg;
3383 struct replUpToDateVectorBlob ouv;
3384 const struct ldb_val *ouv_value;
3385 const struct drsuapi_DsReplicaCursor2CtrEx *ruv;
3386 struct replUpToDateVectorBlob nuv;
3387 struct ldb_val nuv_value;
3388 struct ldb_message_element *nuv_el = NULL;
3389 const struct GUID *our_invocation_id;
3390 struct ldb_message_element *orf_el = NULL;
3391 struct repsFromToBlob nrf;
3392 struct ldb_val *nrf_value = NULL;
3393 struct ldb_message_element *nrf_el = NULL;
3397 time_t t = time(NULL);
3400 uint32_t instanceType;
3402 ldb = ldb_module_get_ctx(ar->module);
3403 ruv = ar->objs->uptodateness_vector;
3409 unix_to_nt_time(&now, t);
3411 instanceType = ldb_msg_find_attr_as_uint(ar->search_msg, "instanceType", 0);
3412 if (! (instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
3413 DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as not NC root: %s\n",
3414 ldb_dn_get_linearized(ar->search_msg->dn)));
3415 return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
3419 * first create the new replUpToDateVector
3421 ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector");
3423 ndr_err = ndr_pull_struct_blob(ouv_value, ar, &ouv,
3424 (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
3425 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3426 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3427 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3430 if (ouv.version != 2) {
3431 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3436 * the new uptodateness vector will at least
3437 * contain 1 entry, one for the source_dsa
3439 * plus optional values from our old vector and the one from the source_dsa
3441 nuv.ctr.ctr2.count = 1 + ouv.ctr.ctr2.count;
3442 if (ruv) nuv.ctr.ctr2.count += ruv->count;
3443 nuv.ctr.ctr2.cursors = talloc_array(ar,
3444 struct drsuapi_DsReplicaCursor2,
3445 nuv.ctr.ctr2.count);
3446 if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3448 /* first copy the old vector */
3449 for (i=0; i < ouv.ctr.ctr2.count; i++) {
3450 nuv.ctr.ctr2.cursors[ni] = ouv.ctr.ctr2.cursors[i];
3454 /* get our invocation_id if we have one already attached to the ldb */
3455 our_invocation_id = samdb_ntds_invocation_id(ldb);
3457 /* merge in the source_dsa vector is available */
3458 for (i=0; (ruv && i < ruv->count); i++) {
3461 if (our_invocation_id &&
3462 GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
3463 our_invocation_id)) {
3467 for (j=0; j < ni; j++) {
3468 if (!GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
3469 &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) {
3476 * we update only the highest_usn and not the latest_sync_success time,
3477 * because the last success stands for direct replication
3479 if (ruv->cursors[i].highest_usn > nuv.ctr.ctr2.cursors[j].highest_usn) {
3480 nuv.ctr.ctr2.cursors[j].highest_usn = ruv->cursors[i].highest_usn;
3485 if (found) continue;
3487 /* if it's not there yet, add it */
3488 nuv.ctr.ctr2.cursors[ni] = ruv->cursors[i];
3493 * merge in the current highwatermark for the source_dsa
3496 for (j=0; j < ni; j++) {
3497 if (!GUID_equal(&ar->objs->source_dsa->source_dsa_invocation_id,
3498 &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) {
3505 * here we update the highest_usn and last_sync_success time
3506 * because we're directly replicating from the source_dsa
3508 * and use the tmp_highest_usn because this is what we have just applied
3511 nuv.ctr.ctr2.cursors[j].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn;
3512 nuv.ctr.ctr2.cursors[j].last_sync_success = now;
3517 * here we update the highest_usn and last_sync_success time
3518 * because we're directly replicating from the source_dsa
3520 * and use the tmp_highest_usn because this is what we have just applied
3523 nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= ar->objs->source_dsa->source_dsa_invocation_id;
3524 nuv.ctr.ctr2.cursors[ni].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn;
3525 nuv.ctr.ctr2.cursors[ni].last_sync_success = now;
3530 * finally correct the size of the cursors array
3532 nuv.ctr.ctr2.count = ni;
3537 TYPESAFE_QSORT(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, drsuapi_DsReplicaCursor2_compare);
3540 * create the change ldb_message
3542 msg = ldb_msg_new(ar);
3543 if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3544 msg->dn = ar->search_msg->dn;
3546 ndr_err = ndr_push_struct_blob(&nuv_value, msg, &nuv,
3547 (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
3548 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3549 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3550 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3552 ret = ldb_msg_add_value(msg, "replUpToDateVector", &nuv_value, &nuv_el);
3553 if (ret != LDB_SUCCESS) {
3554 return replmd_replicated_request_error(ar, ret);
3556 nuv_el->flags = LDB_FLAG_MOD_REPLACE;
3559 * now create the new repsFrom value from the given repsFromTo1 structure
3563 nrf.ctr.ctr1 = *ar->objs->source_dsa;
3564 nrf.ctr.ctr1.highwatermark.highest_usn = nrf.ctr.ctr1.highwatermark.tmp_highest_usn;
3567 * first see if we already have a repsFrom value for the current source dsa
3568 * if so we'll later replace this value
3570 orf_el = ldb_msg_find_element(ar->search_msg, "repsFrom");
3572 for (i=0; i < orf_el->num_values; i++) {
3573 struct repsFromToBlob *trf;
3575 trf = talloc(ar, struct repsFromToBlob);
3576 if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3578 ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, trf,
3579 (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
3580 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3581 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3582 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3585 if (trf->version != 1) {
3586 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3590 * we compare the source dsa objectGUID not the invocation_id
3591 * because we want only one repsFrom value per source dsa
3592 * and when the invocation_id of the source dsa has changed we don't need
3593 * the old repsFrom with the old invocation_id
3595 if (!GUID_equal(&trf->ctr.ctr1.source_dsa_obj_guid,
3596 &ar->objs->source_dsa->source_dsa_obj_guid)) {
3602 nrf_value = &orf_el->values[i];
3607 * copy over all old values to the new ldb_message
3609 ret = ldb_msg_add_empty(msg, "repsFrom", 0, &nrf_el);
3610 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3615 * if we haven't found an old repsFrom value for the current source dsa
3616 * we'll add a new value
3619 struct ldb_val zero_value;
3620 ZERO_STRUCT(zero_value);
3621 ret = ldb_msg_add_value(msg, "repsFrom", &zero_value, &nrf_el);
3622 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3624 nrf_value = &nrf_el->values[nrf_el->num_values - 1];
3627 /* we now fill the value which is already attached to ldb_message */
3628 ndr_err = ndr_push_struct_blob(nrf_value, msg,
3630 (ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
3631 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3632 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3633 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3637 * the ldb_message_element for the attribute, has all the old values and the new one
3638 * so we'll replace the whole attribute with all values
3640 nrf_el->flags = LDB_FLAG_MOD_REPLACE;
3643 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
3644 DEBUG(4, ("DRS replication uptodate modify message:\n%s\n", s));
3648 /* prepare the ldb_modify() request */
3649 ret = ldb_build_mod_req(&change_req,
3655 replmd_replicated_uptodate_modify_callback,
3657 LDB_REQ_SET_LOCATION(change_req);
3658 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3660 return ldb_next_request(ar->module, change_req);
3663 static int replmd_replicated_uptodate_search_callback(struct ldb_request *req,
3664 struct ldb_reply *ares)
3666 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3667 struct replmd_replicated_request);
3671 return ldb_module_done(ar->req, NULL, NULL,
3672 LDB_ERR_OPERATIONS_ERROR);
3674 if (ares->error != LDB_SUCCESS &&
3675 ares->error != LDB_ERR_NO_SUCH_OBJECT) {
3676 return ldb_module_done(ar->req, ares->controls,
3677 ares->response, ares->error);
3680 switch (ares->type) {
3681 case LDB_REPLY_ENTRY:
3682 ar->search_msg = talloc_steal(ar, ares->message);
3685 case LDB_REPLY_REFERRAL:
3686 /* we ignore referrals */
3689 case LDB_REPLY_DONE:
3690 if (ar->search_msg == NULL) {
3691 ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3693 ret = replmd_replicated_uptodate_modify(ar);
3695 if (ret != LDB_SUCCESS) {
3696 return ldb_module_done(ar->req, NULL, NULL, ret);
3705 static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar)
3707 struct ldb_context *ldb;
3709 static const char *attrs[] = {
3710 "replUpToDateVector",
3715 struct ldb_request *search_req;
3717 ldb = ldb_module_get_ctx(ar->module);
3718 ar->search_msg = NULL;
3720 ret = ldb_build_search_req(&search_req,
3723 ar->objs->partition_dn,
3729 replmd_replicated_uptodate_search_callback,
3731 LDB_REQ_SET_LOCATION(search_req);
3732 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3734 return ldb_next_request(ar->module, search_req);
3739 static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req)
3741 struct ldb_context *ldb;
3742 struct dsdb_extended_replicated_objects *objs;
3743 struct replmd_replicated_request *ar;
3744 struct ldb_control **ctrls;
3747 struct replmd_private *replmd_private =
3748 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
3750 ldb = ldb_module_get_ctx(module);
3752 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n");
3754 objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects);
3756 ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n");
3757 return LDB_ERR_PROTOCOL_ERROR;
3760 if (objs->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) {
3761 ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n",
3762 objs->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION);
3763 return LDB_ERR_PROTOCOL_ERROR;
3766 ar = replmd_ctx_init(module, req);
3768 return LDB_ERR_OPERATIONS_ERROR;
3770 /* Set the flags to have the replmd_op_callback run over the full set of objects */
3771 ar->apply_mode = true;
3773 ar->schema = dsdb_get_schema(ldb, ar);
3775 ldb_debug_set(ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n");
3777 DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
3778 return LDB_ERR_CONSTRAINT_VIOLATION;
3781 ctrls = req->controls;
3783 if (req->controls) {
3784 req->controls = talloc_memdup(ar, req->controls,
3785 talloc_get_size(req->controls));
3786 if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3789 /* This allows layers further down to know if a change came in over replication */
3790 ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL);
3791 if (ret != LDB_SUCCESS) {
3795 /* If this change contained linked attributes in the body
3796 * (rather than in the links section) we need to update
3797 * backlinks in linked_attributes */
3798 ret = ldb_request_add_control(req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
3799 if (ret != LDB_SUCCESS) {
3803 ar->controls = req->controls;
3804 req->controls = ctrls;
3806 DEBUG(4,("linked_attributes_count=%u\n", objs->linked_attributes_count));
3808 /* save away the linked attributes for the end of the
3810 for (i=0; i<ar->objs->linked_attributes_count; i++) {
3811 struct la_entry *la_entry;
3813 if (replmd_private->la_ctx == NULL) {
3814 replmd_private->la_ctx = talloc_new(replmd_private);
3816 la_entry = talloc(replmd_private->la_ctx, struct la_entry);
3817 if (la_entry == NULL) {
3819 return LDB_ERR_OPERATIONS_ERROR;
3821 la_entry->la = talloc(la_entry, struct drsuapi_DsReplicaLinkedAttribute);
3822 if (la_entry->la == NULL) {
3823 talloc_free(la_entry);
3825 return LDB_ERR_OPERATIONS_ERROR;
3827 *la_entry->la = ar->objs->linked_attributes[i];
3829 /* we need to steal the non-scalars so they stay
3830 around until the end of the transaction */
3831 talloc_steal(la_entry->la, la_entry->la->identifier);
3832 talloc_steal(la_entry->la, la_entry->la->value.blob);
3834 DLIST_ADD(replmd_private->la_list, la_entry);
3837 return replmd_replicated_apply_next(ar);
3841 process one linked attribute structure
3843 static int replmd_process_linked_attribute(struct ldb_module *module,
3844 struct la_entry *la_entry,
3845 struct ldb_request *parent)
3847 struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
3848 struct ldb_context *ldb = ldb_module_get_ctx(module);
3849 struct ldb_message *msg;
3850 TALLOC_CTX *tmp_ctx = talloc_new(la_entry);
3851 const struct dsdb_schema *schema = dsdb_get_schema(ldb, tmp_ctx);
3853 const struct dsdb_attribute *attr;
3854 struct dsdb_dn *dsdb_dn;
3855 uint64_t seq_num = 0;
3856 struct ldb_message_element *old_el;
3858 time_t t = time(NULL);
3859 struct ldb_result *res;
3860 const char *attrs[2];
3861 struct parsed_dn *pdn_list, *pdn;
3862 struct GUID guid = GUID_zero();
3864 bool active = (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?true:false;
3865 const struct GUID *our_invocation_id;
3868 linked_attributes[0]:
3869 &objs->linked_attributes[i]: struct drsuapi_DsReplicaLinkedAttribute
3871 identifier: struct drsuapi_DsReplicaObjectIdentifier
3872 __ndr_size : 0x0000003a (58)
3873 __ndr_size_sid : 0x00000000 (0)
3874 guid : 8e95b6a9-13dd-4158-89db-3220a5be5cc7
3876 __ndr_size_dn : 0x00000000 (0)
3878 attid : DRSUAPI_ATTID_member (0x1F)
3879 value: struct drsuapi_DsAttributeValue
3880 __ndr_size : 0x0000007e (126)
3882 blob : DATA_BLOB length=126
3883 flags : 0x00000001 (1)
3884 1: DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
3885 originating_add_time : Wed Sep 2 22:20:01 2009 EST
3886 meta_data: struct drsuapi_DsReplicaMetaData
3887 version : 0x00000015 (21)
3888 originating_change_time : Wed Sep 2 23:39:07 2009 EST
3889 originating_invocation_id: 794640f3-18cf-40ee-a211-a93992b67a64
3890 originating_usn : 0x000000000001e19c (123292)
3892 (for cases where the link is to a normal DN)
3893 &target: struct drsuapi_DsReplicaObjectIdentifier3
3894 __ndr_size : 0x0000007e (126)
3895 __ndr_size_sid : 0x0000001c (28)
3896 guid : 7639e594-db75-4086-b0d4-67890ae46031
3897 sid : S-1-5-21-2848215498-2472035911-1947525656-19924
3898 __ndr_size_dn : 0x00000022 (34)
3899 dn : 'CN=UOne,OU=TestOU,DC=vsofs8,DC=com'
3902 /* find the attribute being modified */
3903 attr = dsdb_attribute_by_attributeID_id(schema, la->attid);
3905 DEBUG(0, (__location__ ": Unable to find attributeID 0x%x\n", la->attid));
3906 talloc_free(tmp_ctx);
3907 return LDB_ERR_OPERATIONS_ERROR;
3910 attrs[0] = attr->lDAPDisplayName;
3913 /* get the existing message from the db for the object with
3914 this GUID, returning attribute being modified. We will then
3915 use this msg as the basis for a modify call */
3916 ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
3917 DSDB_FLAG_NEXT_MODULE |
3918 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
3919 DSDB_SEARCH_SHOW_RECYCLED |
3920 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
3921 DSDB_SEARCH_REVEAL_INTERNALS,
3923 "objectGUID=%s", GUID_string(tmp_ctx, &la->identifier->guid));
3924 if (ret != LDB_SUCCESS) {
3925 talloc_free(tmp_ctx);
3928 if (res->count != 1) {
3929 ldb_asprintf_errstring(ldb, "DRS linked attribute for GUID %s - DN not found",
3930 GUID_string(tmp_ctx, &la->identifier->guid));
3931 talloc_free(tmp_ctx);
3932 return LDB_ERR_NO_SUCH_OBJECT;
3936 if (msg->num_elements == 0) {
3937 ret = ldb_msg_add_empty(msg, attr->lDAPDisplayName, LDB_FLAG_MOD_REPLACE, &old_el);
3938 if (ret != LDB_SUCCESS) {
3939 ldb_module_oom(module);
3940 talloc_free(tmp_ctx);
3941 return LDB_ERR_OPERATIONS_ERROR;
3944 old_el = &msg->elements[0];
3945 old_el->flags = LDB_FLAG_MOD_REPLACE;
3948 /* parse the existing links */
3949 ret = get_parsed_dns(module, tmp_ctx, old_el, &pdn_list, attr->syntax->ldap_oid, parent);
3950 if (ret != LDB_SUCCESS) {
3951 talloc_free(tmp_ctx);
3955 /* get our invocationId */
3956 our_invocation_id = samdb_ntds_invocation_id(ldb);
3957 if (!our_invocation_id) {
3958 ldb_debug_set(ldb, LDB_DEBUG_ERROR, __location__ ": unable to find invocationId\n");
3959 talloc_free(tmp_ctx);
3960 return LDB_ERR_OPERATIONS_ERROR;
3963 ret = replmd_check_upgrade_links(pdn_list, old_el->num_values, old_el, our_invocation_id);
3964 if (ret != LDB_SUCCESS) {
3965 talloc_free(tmp_ctx);
3969 status = dsdb_dn_la_from_blob(ldb, attr, schema, tmp_ctx, la->value.blob, &dsdb_dn);
3970 if (!W_ERROR_IS_OK(status)) {
3971 ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s - %s\n",
3972 old_el->name, ldb_dn_get_linearized(msg->dn), win_errstr(status));
3973 return LDB_ERR_OPERATIONS_ERROR;
3976 ntstatus = dsdb_get_extended_dn_guid(dsdb_dn->dn, &guid, "GUID");
3977 if (!NT_STATUS_IS_OK(ntstatus) && active) {
3978 ldb_asprintf_errstring(ldb, "Failed to find GUID in linked attribute blob for %s on %s from %s",
3980 ldb_dn_get_linearized(dsdb_dn->dn),
3981 ldb_dn_get_linearized(msg->dn));
3982 return LDB_ERR_OPERATIONS_ERROR;
3985 /* re-resolve the DN by GUID, as the DRS server may give us an
3987 ret = dsdb_module_dn_by_guid(module, dsdb_dn, &guid, &dsdb_dn->dn, parent);
3988 if (ret != LDB_SUCCESS) {
3989 DEBUG(2,(__location__ ": WARNING: Failed to re-resolve GUID %s - using %s",
3990 GUID_string(tmp_ctx, &guid),
3991 ldb_dn_get_linearized(dsdb_dn->dn)));
3994 /* see if this link already exists */
3995 pdn = parsed_dn_find(pdn_list, old_el->num_values, &guid, dsdb_dn->dn);
3997 /* see if this update is newer than what we have already */
3998 struct GUID invocation_id = GUID_zero();
3999 uint32_t version = 0;
4000 uint32_t originating_usn = 0;
4001 NTTIME change_time = 0;
4002 uint32_t rmd_flags = dsdb_dn_rmd_flags(pdn->dsdb_dn->dn);
4004 dsdb_get_extended_dn_guid(pdn->dsdb_dn->dn, &invocation_id, "RMD_INVOCID");
4005 dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &version, "RMD_VERSION");
4006 dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &originating_usn, "RMD_ORIGINATING_USN");
4007 dsdb_get_extended_dn_nttime(pdn->dsdb_dn->dn, &change_time, "RMD_CHANGETIME");
4009 if (!replmd_update_is_newer(&invocation_id,
4010 &la->meta_data.originating_invocation_id,
4012 la->meta_data.version,
4014 la->meta_data.originating_change_time)) {
4015 DEBUG(3,("Discarding older DRS linked attribute update to %s on %s from %s\n",
4016 old_el->name, ldb_dn_get_linearized(msg->dn),
4017 GUID_string(tmp_ctx, &la->meta_data.originating_invocation_id)));
4018 talloc_free(tmp_ctx);
4022 /* get a seq_num for this change */
4023 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
4024 if (ret != LDB_SUCCESS) {
4025 talloc_free(tmp_ctx);
4029 if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
4030 /* remove the existing backlink */
4031 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid, false, attr, false);
4032 if (ret != LDB_SUCCESS) {
4033 talloc_free(tmp_ctx);
4038 ret = replmd_update_la_val(tmp_ctx, pdn->v, dsdb_dn, pdn->dsdb_dn,
4039 &la->meta_data.originating_invocation_id,
4040 la->meta_data.originating_usn, seq_num,
4041 la->meta_data.originating_change_time,
4042 la->meta_data.version,
4044 if (ret != LDB_SUCCESS) {
4045 talloc_free(tmp_ctx);
4050 /* add the new backlink */
4051 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid, true, attr, false);
4052 if (ret != LDB_SUCCESS) {
4053 talloc_free(tmp_ctx);
4058 /* get a seq_num for this change */
4059 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
4060 if (ret != LDB_SUCCESS) {
4061 talloc_free(tmp_ctx);
4065 old_el->values = talloc_realloc(msg->elements, old_el->values,
4066 struct ldb_val, old_el->num_values+1);
4067 if (!old_el->values) {
4068 ldb_module_oom(module);
4069 return LDB_ERR_OPERATIONS_ERROR;
4071 old_el->num_values++;
4073 ret = replmd_build_la_val(tmp_ctx, &old_el->values[old_el->num_values-1], dsdb_dn,
4074 &la->meta_data.originating_invocation_id,
4075 la->meta_data.originating_usn, seq_num,
4076 la->meta_data.originating_change_time,
4077 la->meta_data.version,
4078 (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?false:true);
4079 if (ret != LDB_SUCCESS) {
4080 talloc_free(tmp_ctx);
4085 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid,
4087 if (ret != LDB_SUCCESS) {
4088 talloc_free(tmp_ctx);
4094 /* we only change whenChanged and uSNChanged if the seq_num
4096 if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
4097 talloc_free(tmp_ctx);
4098 return ldb_operr(ldb);
4101 if (add_uint64_element(ldb, msg, "uSNChanged",
4102 seq_num) != LDB_SUCCESS) {
4103 talloc_free(tmp_ctx);
4104 return ldb_operr(ldb);
4107 old_el = ldb_msg_find_element(msg, attr->lDAPDisplayName);
4108 if (old_el == NULL) {
4109 talloc_free(tmp_ctx);
4110 return ldb_operr(ldb);
4113 ret = dsdb_check_single_valued_link(attr, old_el);
4114 if (ret != LDB_SUCCESS) {
4115 talloc_free(tmp_ctx);
4119 old_el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
4121 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
4122 if (ret != LDB_SUCCESS) {
4123 ldb_debug(ldb, LDB_DEBUG_WARNING, "Failed to apply linked attribute change '%s'\n%s\n",
4125 ldb_ldif_message_string(ldb, tmp_ctx, LDB_CHANGETYPE_MODIFY, msg));
4126 talloc_free(tmp_ctx);
4130 talloc_free(tmp_ctx);
4135 static int replmd_extended(struct ldb_module *module, struct ldb_request *req)
4137 if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) {
4138 return replmd_extended_replicated_objects(module, req);
4141 return ldb_next_request(module, req);
4146 we hook into the transaction operations to allow us to
4147 perform the linked attribute updates at the end of the whole
4148 transaction. This allows a forward linked attribute to be created
4149 before the object is created. During a vampire, w2k8 sends us linked
4150 attributes before the objects they are part of.
4152 static int replmd_start_transaction(struct ldb_module *module)
4154 /* create our private structure for this transaction */
4155 struct replmd_private *replmd_private = talloc_get_type(ldb_module_get_private(module),
4156 struct replmd_private);
4157 replmd_txn_cleanup(replmd_private);
4159 /* free any leftover mod_usn records from cancelled
4161 while (replmd_private->ncs) {
4162 struct nc_entry *e = replmd_private->ncs;
4163 DLIST_REMOVE(replmd_private->ncs, e);
4167 return ldb_next_start_trans(module);
4171 on prepare commit we loop over our queued la_context structures and
4174 static int replmd_prepare_commit(struct ldb_module *module)
4176 struct replmd_private *replmd_private =
4177 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
4178 struct la_entry *la, *prev;
4179 struct la_backlink *bl;
4182 /* walk the list backwards, to do the first entry first, as we
4183 * added the entries with DLIST_ADD() which puts them at the
4184 * start of the list */
4185 for (la = DLIST_TAIL(replmd_private->la_list); la; la=prev) {
4186 prev = DLIST_PREV(la);
4187 DLIST_REMOVE(replmd_private->la_list, la);
4188 ret = replmd_process_linked_attribute(module, la, NULL);
4189 if (ret != LDB_SUCCESS) {
4190 replmd_txn_cleanup(replmd_private);
4195 /* process our backlink list, creating and deleting backlinks
4197 for (bl=replmd_private->la_backlinks; bl; bl=bl->next) {
4198 ret = replmd_process_backlink(module, bl, NULL);
4199 if (ret != LDB_SUCCESS) {
4200 replmd_txn_cleanup(replmd_private);
4205 replmd_txn_cleanup(replmd_private);
4207 /* possibly change @REPLCHANGED */
4208 ret = replmd_notify_store(module, NULL);
4209 if (ret != LDB_SUCCESS) {
4213 return ldb_next_prepare_commit(module);
4216 static int replmd_del_transaction(struct ldb_module *module)
4218 struct replmd_private *replmd_private =
4219 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
4220 replmd_txn_cleanup(replmd_private);
4222 return ldb_next_del_trans(module);
4226 static const struct ldb_module_ops ldb_repl_meta_data_module_ops = {
4227 .name = "repl_meta_data",
4228 .init_context = replmd_init,
4230 .modify = replmd_modify,
4231 .rename = replmd_rename,
4232 .del = replmd_delete,
4233 .extended = replmd_extended,
4234 .start_transaction = replmd_start_transaction,
4235 .prepare_commit = replmd_prepare_commit,
4236 .del_transaction = replmd_del_transaction,
4239 int ldb_repl_meta_data_module_init(const char *version)
4241 LDB_MODULE_CHECK_VERSION(version);
4242 return ldb_register_module(&ldb_repl_meta_data_module_ops);
git.samba.org / obnox / samba / samba-obnox.git / blob