#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "dsdb/samdb/samdb.h"
-#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "dsdb/common/util.h"
#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
#include "auth/auth.h"
#include "param/param.h"
#include "lib/messaging/irpc.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DRS_REPL
+
#define DRSUAPI_UNSUPPORTED(fname) do { \
DEBUG(1,(__location__ ": Unsupported DRS call %s\n", #fname)); \
if (DEBUGLVL(2)) NDR_PRINT_IN_DEBUG(fname, r); \
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); \
} while (0)
+#define DCESRV_INTERFACE_DRSUAPI_BIND(call, iface) \
+ dcesrv_interface_drsuapi_bind(call, iface)
+static NTSTATUS dcesrv_interface_drsuapi_bind(struct dcesrv_call_state *dce_call,
+ const struct dcesrv_interface *iface)
+{
+ return dcesrv_interface_bind_require_privacy(dce_call, iface);
+}
+
/*
drsuapi_DsBind
*/
struct drsuapi_bind_state *b_state;
struct dcesrv_handle *handle;
struct drsuapi_DsBindInfoCtr *bind_info;
- struct GUID site_guid;
- struct ldb_result *site_res;
- struct ldb_dn *server_site_dn;
+ struct drsuapi_DsBindInfoCtr *local_info;
+ struct GUID site_guid, config_guid;
+ struct ldb_result *site_res, *config_res;
+ struct ldb_dn *server_site_dn, *config_dn;
static const char *site_attrs[] = { "objectGUID", NULL };
+ static const char *config_attrs[] = { "objectGUID", NULL };
struct ldb_result *ntds_res;
struct ldb_dn *ntds_dn;
static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL };
uint32_t pid;
uint32_t repl_epoch;
+ uint32_t supported_extensions;
+ uint32_t req_length;
int ret;
struct auth_session_info *auth_info;
WERROR werr;
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
connected_as_system = true;
} else {
- auth_info = dce_call->conn->auth_state.session_info;
+ auth_info = dcesrv_call_session_info(dce_call);
}
/*
* connect to the samdb
*/
- b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx,
- dce_call->conn->dce_ctx->lp_ctx, auth_info);
+ b_state->sam_ctx = samdb_connect(
+ b_state,
+ dce_call->event_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
+ auth_info,
+ dce_call->conn->remote_address,
+ 0);
if (!b_state->sam_ctx) {
return WERR_FOOBAR;
}
werr = drs_security_level_check(dce_call, NULL, SECURITY_RO_DOMAIN_CONTROLLER,
samdb_domain_sid(b_state->sam_ctx));
if (W_ERROR_IS_OK(werr)) {
- b_state->sam_ctx_system = samdb_connect(b_state, dce_call->event_ctx,
- dce_call->conn->dce_ctx->lp_ctx,
- system_session(dce_call->conn->dce_ctx->lp_ctx));
+ b_state->sam_ctx_system
+ = samdb_connect(
+ b_state,
+ dce_call->event_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
+ system_session(dce_call->conn->dce_ctx->lp_ctx),
+ dce_call->conn->remote_address,
+ 0);
if (!b_state->sam_ctx_system) {
return WERR_FOOBAR;
}
/*
* lookup the local servers Replication Epoch
*/
- ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx);
+ ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx, mem_ctx);
W_ERROR_HAVE_NO_MEMORY(ntds_dn);
ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
if (ntds_res->count != 1) {
return WERR_DS_DRA_INTERNAL_ERROR;
}
- repl_epoch = samdb_result_uint(ntds_res->msgs[0], "ms-DS-ReplicationEpoch", 0);
+ repl_epoch = ldb_msg_find_attr_as_uint(ntds_res->msgs[0],
+ "ms-DS-ReplicationEpoch", 0);
/*
* The "process identifier" of the client.
* store the clients bind_info
*/
if (r->in.bind_info) {
- switch (r->in.bind_info->length) {
- case 24: {
- struct drsuapi_DsBindInfo24 *info24;
- info24 = &r->in.bind_info->info.info24;
- b_state->remote_info28.supported_extensions = info24->supported_extensions;
- b_state->remote_info28.site_guid = info24->site_guid;
- b_state->remote_info28.pid = info24->pid;
- b_state->remote_info28.repl_epoch = 0;
- break;
- }
- case 28:
- b_state->remote_info28 = r->in.bind_info->info.info28;
- break;
- }
+ b_state->remote_info = r->in.bind_info;
}
/*
- * fill in our local bind info 28
+ * fill in our local bind info
*/
- b_state->local_info28.supported_extensions = 0;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+ local_info = talloc_zero(mem_ctx, struct drsuapi_DsBindInfoCtr);
+ W_ERROR_HAVE_NO_MEMORY(local_info);
+
+ /*
+ * Fill in supported extensions
+ */
+ supported_extensions = 0;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
#if 0 /* we don't support MSZIP compression (only decompression) */
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
#endif
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
#if 0 /* we don't support XPRESS compression yet */
- b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
#endif
- b_state->local_info28.site_guid = site_guid;
- b_state->local_info28.pid = pid;
- b_state->local_info28.repl_epoch = repl_epoch;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10;
+
+ /*
+ * There is a chance for r->in.bind_info == NULL
+ * Currently we don't care, since it seems to be used nowhere else.
+ * But we need a request length. So use 28 as default.
+ */
+ req_length = 28;
+ if (r->in.bind_info) {
+ req_length = r->in.bind_info->length;
+ }
+
+ /*
+ * fill 28 or 48 info, depends on request
+ */
+ if (req_length < 48) {
+ local_info->length = 28;
+ local_info->info.info28.supported_extensions = supported_extensions;
+ local_info->info.info28.site_guid = site_guid;
+ local_info->info.info28.pid = pid;
+ local_info->info.info28.repl_epoch = repl_epoch;
+ } else {
+ local_info->length = 48;
+ local_info->info.info48.supported_extensions = supported_extensions;
+ local_info->info.info48.site_guid = site_guid;
+ local_info->info.info48.pid = pid;
+ local_info->info.info48.repl_epoch = repl_epoch;
+
+ local_info->info.info48.supported_extensions_ext = 0;
+ local_info->info.info48.supported_extensions_ext |= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
+
+ /*
+ * find out the guid of our own site
+ */
+ config_dn = ldb_get_config_basedn(b_state->sam_ctx);
+ W_ERROR_HAVE_NO_MEMORY(config_dn);
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &config_res,
+ config_dn, LDB_SCOPE_BASE, config_attrs,
+ "(objectClass=*)");
+ if (ret != LDB_SUCCESS) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ if (config_res->count != 1) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ config_guid = samdb_result_guid(config_res->msgs[0], "objectGUID");
+ local_info->info.info48.config_dn_guid = config_guid;
+ }
/*
- * allocate the return bind_info
+ * set local_info
*/
- bind_info = talloc(mem_ctx, struct drsuapi_DsBindInfoCtr);
- W_ERROR_HAVE_NO_MEMORY(bind_info);
+ b_state->local_info = local_info;
- bind_info->length = 28;
- bind_info->info.info28 = b_state->local_info28;
+ /*
+ * set bind_info
+ */
+ bind_info = local_info;
/*
* allocate a bind handle
switch (r->in.level) {
case 1: {
switch(r->in.req->req1.format_offered){
- case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
- case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
- case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
- case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
+ case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
case DRSUAPI_DS_NAME_FORMAT_STRING_SID_NAME:
case DRSUAPI_DS_NAME_FORMAT_ALT_SECURITY_IDENTITIES_NAME:
+ case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
case DRSUAPI_DS_NAME_FORMAT_LIST_NCS:
case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS:
- case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
- case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
- case DRSUAPI_DS_NAME_FORMAT_LIST_INFO_FOR_SERVER:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_FOR_DOMAIN_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_SITES:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
DEBUG(0, ("DsCrackNames: Unsupported operation requested: %X",
r->in.req->req1.format_offered));
return WERR_OK;
+ case DRSUAPI_DS_NAME_FORMAT_LIST_INFO_FOR_SERVER:
+ return dcesrv_drsuapi_ListInfoServer(b_state->sam_ctx, mem_ctx, &r->in.req->req1, &r->out.ctr->ctr1);
case DRSUAPI_DS_NAME_FORMAT_LIST_ROLES:
return dcesrv_drsuapi_ListRoles(b_state->sam_ctx, mem_ctx,
&r->in.req->req1, &r->out.ctr->ctr1);
return dcesrv_drsuapi_CrackNamesByNameFormat(b_state->sam_ctx, mem_ctx,
&r->in.req->req1, &r->out.ctr->ctr1);
}
- return WERR_OK;
}
}
- return WERR_UNKNOWN_LEVEL;
+ return WERR_INVALID_LEVEL;
}
}
if (r->in.req->req1.commit) {
- ret = ldb_delete(b_state->sam_ctx, ntds_dn);
+ ret = dsdb_delete(b_state->sam_ctx, ntds_dn, DSDB_TREE_DELETE);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
struct drsuapi_DsGetDCInfoCtr1 *ctr1;
struct drsuapi_DsGetDCInfoCtr2 *ctr2;
+ struct drsuapi_DsGetDCInfoCtr3 *ctr3;
int ret;
unsigned int i;
*r->out.level_out = r->in.req->req1.level;
- r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr);
+ r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsGetDCInfoCtr);
W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
- sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
- if (!sites_dn) {
- return WERR_DS_OBJ_NOT_FOUND;
- }
-
switch (*r->out.level_out) {
case -1:
/* this level is not like the others */
- return WERR_UNKNOWN_LEVEL;
+ return WERR_INVALID_LEVEL;
case 1:
attrs = attrs_1;
break;
case 2:
+ case 3:
attrs = attrs_2;
break;
default:
- return WERR_UNKNOWN_LEVEL;
+ return WERR_INVALID_LEVEL;
+ }
+
+ sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
+ if (!sites_dn) {
+ return WERR_DS_OBJ_NOT_FOUND;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
- "objectClass=server");
+ "(&(objectClass=server)(serverReference=*))");
if (ret) {
DEBUG(1, ("searching for servers in sites DN %s failed: %s\n",
ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx)));
- return WERR_GENERAL_FAILURE;
+ return WERR_GEN_FAILURE;
}
switch (*r->out.level_out) {
"serverReference");
if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
- return WERR_NOMEM;
+ return WERR_NOT_ENOUGH_MEMORY;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
- LDB_SCOPE_BASE, attrs_account_1, "objectClass=computer");
+ LDB_SCOPE_BASE, attrs_account_1,
+ "(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=%u))",
+ UF_SERVER_TRUST_ACCOUNT);
if (ret == LDB_SUCCESS && res_account->count == 1) {
const char *errstr;
ctr1->array[i].dns_name
LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
ldb_dn_get_linearized(ntds_dn));
if (ret) {
- return WERR_GENERAL_FAILURE;
+ return WERR_GEN_FAILURE;
}
if (res_domain->count == 1) {
ctr1->array[i].is_pdc = true;
"serverReference");
if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
- return WERR_NOMEM;
+ return WERR_NOT_ENOUGH_MEMORY;
}
/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
- return WERR_NOMEM;
+ return WERR_NOT_ENOUGH_MEMORY;
}
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
if (ret == LDB_SUCCESS && res_ntds->count == 1) {
ctr2->array[i].is_gc
- = (ldb_msg_find_attr_as_int(res_ntds->msgs[0], "options", 0) == 1);
+ = (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
ctr2->array[i].ntds_guid
= samdb_result_guid(res_ntds->msgs[0], "objectGUID");
ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
}
break;
+ case 3:
+ ctr3 = &r->out.ctr->ctr3;
+ ctr3->count = res->count;
+ ctr3->array = talloc_zero_array(mem_ctx,
+ struct drsuapi_DsGetDCInfo3,
+ res->count);
+ for (i=0; i<res->count; i++) {
+ struct ldb_dn *domain_dn;
+ struct ldb_result *res_domain;
+ struct ldb_result *res_account;
+ struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_ntds;
+ struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_site;
+ bool is_rodc;
+ struct ldb_dn *ref_dn
+ = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
+ mem_ctx, res->msgs[i],
+ "serverReference");
+
+ if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+ if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
+ LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
+ if (ret == LDB_SUCCESS && res_ntds->count == 1) {
+ ctr3->array[i].is_gc
+ = (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
+ ctr3->array[i].ntds_guid
+ = samdb_result_guid(res_ntds->msgs[0], "objectGUID");
+ ctr3->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DEBUG(5, ("warning: searching for NTDS DN %s failed: %s\n",
+ ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx)));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
+ LDB_SCOPE_BASE, attrs_site, "objectClass=site");
+ if (ret == LDB_SUCCESS && res_site->count == 1) {
+ ctr3->array[i].site_guid
+ = samdb_result_guid(res_site->msgs[0], "objectGUID");
+ ctr3->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DEBUG(5, ("warning: searching for site DN %s failed: %s\n",
+ ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx)));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+ LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
+ if (ret == LDB_SUCCESS && res_account->count == 1) {
+ const char *errstr;
+ ctr3->array[i].dns_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+ ctr3->array[i].netbios_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+ ctr3->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+ ctr3->array[i].computer_guid
+ = samdb_result_guid(res_account->msgs[0], "objectGUID");
+
+ /* Determine if this is the PDC */
+ ret = samdb_search_for_parent_domain(b_state->sam_ctx,
+ mem_ctx, res_account->msgs[0]->dn,
+ &domain_dn, &errstr);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+ LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+ ldb_dn_get_linearized(ntds_dn));
+ if (ret == LDB_SUCCESS && res_domain->count == 1) {
+ ctr3->array[i].is_pdc = true;
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DEBUG(5, ("warning: searching for domain DN %s failed: %s\n",
+ ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx)));
+ }
+ }
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DEBUG(5, ("warning: searching for computer account DN %s failed: %s\n",
+ ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
+ }
+
+ /* Look at server DN and extract site component */
+ ctr3->array[i].site_name = result_site_name(res->msgs[i]->dn);
+ ctr3->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+ ctr3->array[i].server_guid
+ = samdb_result_guid(res->msgs[i], "objectGUID");
+
+ ctr3->array[i].is_enabled = true;
+
+ /* rodc? */
+ ret = samdb_is_rodc(b_state->sam_ctx, &ctr3->array[i].server_guid, &is_rodc);
+ if (ret == LDB_SUCCESS && is_rodc) {
+ ctr3->array[i].is_rodc = true;
+ }
+ }
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
}
return WERR_OK;
}
return dcesrv_drsuapi_DsGetDomainControllerInfo_1(b_state, mem_ctx, r);
}
- return WERR_UNKNOWN_LEVEL;
+ return WERR_INVALID_LEVEL;
}
struct drsuapi_DsExecuteKCC *r)
{
WERROR status;
+ uint32_t timeout;
status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
}
+ if (r->in.req->ctr1.taskID != 0) {
+ return WERR_INVALID_PARAMETER;
+ }
+ if (r->in.req->ctr1.flags & DRSUAPI_DS_EXECUTE_KCC_ASYNCHRONOUS_OPERATION) {
+ timeout = IRPC_CALL_TIMEOUT;
+ } else {
+ /*
+ * use Infinite time for timeout in case
+ * the caller made a sync call
+ */
+ timeout = IRPC_CALL_TIMEOUT_INF;
+ }
dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSEXECUTEKCC,
&ndr_table_drsuapi, "kccsrv", "DsExecuteKCC",
- IRPC_CALL_TIMEOUT);
+ timeout);
+ DEBUG(10, ("Forwarded the call to execute the KCC\n"));
return WERR_OK;
}
static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaGetInfo *r)
{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
enum security_user_level level;
if (!lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
- level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
- if (level < SECURITY_ADMINISTRATOR) {
+ level = security_session_user_level(session_info, NULL);
+ if (level < SECURITY_DOMAIN_CONTROLLER) {
DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
- security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
+ security_token_debug(DBGC_DRS_REPL, 2,
+ session_info->security_token);
return WERR_DS_DRA_ACCESS_DENIED;
}
}
git.samba.org / samba.git / blobdiff