dssync: allow replications of a single obj with net rpc vampire keytab.

This is triggered by setting the new "single" flag in the dssync_context
and filling the "object_dn" member with the dn of the object to be
fetched.

This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ
extended operation in the DsGetNCCHanges request. This variant does
honor an up-to-date-ness vectore passed in, but the answer does not
return a new up-to-dateness vector.

Call this operation as "net rpc vampire keytab /path/keytab object_dn" .

Michael
(This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0)

diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c
index 54bdbb7b22bff8e803609ce361fe6a1483dff47b..fa2bb2de146110d54ba2888c8d39940c4153e8e7 100644 (file)
--- a/source3/libnet/libnet_dssync.c
+++ b/source3/libnet/libnet_dssync.c
@@ -378,6 +378,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
        struct drsuapi_DsReplicaCursorCtrEx cursors;
        struct drsuapi_DsReplicaCursorCtrEx *pcursors = NULL;
        struct replUpToDateVectorBlob new_utdv;
+       struct replUpToDateVectorBlob *pnew_utdv = NULL;
        int32_t out_level = 0;
        int y;
        uint32_t replica_flags  = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE |
@@ -389,10 +390,18 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
        ZERO_STRUCT(null_sid);
        ZERO_STRUCT(req);
 
-       nc.dn = ctx->nc_dn;
+       if (ctx->single && ctx->object_dn) {
+               nc.dn = ctx->object_dn;
+       } else {
+               nc.dn = ctx->nc_dn;
+       }
        nc.guid = GUID_zero();
        nc.sid = null_sid;
 
+       if (!ctx->single) {
+               pnew_utdv = &new_utdv;
+       }
+
        status = ctx->ops->startup(ctx, mem_ctx, &old_utdv);
        if (!NT_STATUS_IS_OK(status)) {
                ctx->error_message = talloc_asprintf(mem_ctx,
@@ -434,6 +443,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
                req.req8.max_object_count       = 402;
                req.req8.max_ndr_size           = 402116;
                req.req8.uptodateness_vector    = pcursors;
+               if (ctx->single) {
+                       req.req8.extended_op    = DRSUAPI_EXOP_REPL_OBJ;
+               }
        } else {
                level = 5;
                req.req5.naming_context         = &nc;
@@ -441,6 +453,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
                req.req5.max_object_count       = 402;
                req.req5.max_ndr_size           = 402116;
                req.req5.uptodateness_vector    = pcursors;
+               if (ctx->single) {
+                       req.req5.extended_op    = DRSUAPI_EXOP_REPL_OBJ;
+               }
        }
 
        for (y=0; ;y++) {
@@ -524,8 +539,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
 
                        ZERO_STRUCT(new_utdv);
                        new_utdv.version = 1;
-                       new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count;
-                       new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors;
+                       if (ctr1->uptodateness_vector) {
+                               new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count;
+                               new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors;
+                       }
                }
 
                if (level_out == 6) {
@@ -570,11 +587,13 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
 
                        ZERO_STRUCT(new_utdv);
                        new_utdv.version = 2;
-                       new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count;
-                       new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors;
+                       if (ctr6->uptodateness_vector) {
+                               new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count;
+                               new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors;
+                       }
                }
 
-               status = ctx->ops->finish(ctx, mem_ctx, &new_utdv);
+               status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv);
                if (!NT_STATUS_IS_OK(status)) {
                        ctx->error_message = talloc_asprintf(mem_ctx,
                                "Failed to call finishing operation: %s",
@@ -610,3 +629,4 @@ NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx,
  out:
        return status;
 }
+

diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h
index 245680324805b9b10148368e87007880626ead82..13a68de4c7bc90543a2cf4a1cb1b1fb8478bdc9e 100644 (file)
--- a/source3/libnet/libnet_dssync.h
+++ b/source3/libnet/libnet_dssync.h
@@ -35,6 +35,8 @@ struct dssync_context {
        const char *dns_domain_name;
        struct rpc_pipe_client *cli;
        const char *nc_dn;
+       bool single;
+       const char *object_dn;
        struct policy_handle bind_handle;
        DATA_BLOB session_key;
        const char *output_filename;

diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 2dd849df3405c869447bc85084ea94866a10874d..11ada717dac14ab9a89e1fef7f1421c975517d58 100644 (file)
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -299,6 +299,10 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
        if (argc >= 1) {
                ctx->output_filename = argv[0];
        }
+       if (argc >= 2) {
+               ctx->object_dn = argv[1];
+               ctx->single = true;
+       }
 
        ctx->cli                = pipe_hnd;
        ctx->domain_name        = domain_name;