2 Unix SMB/CIFS implementation.
4 implement the DRSUpdateRefs call
6 Copyright (C) Anatoliy Atanasov 2009
7 Copyright (C) Andrew Tridgell 2009
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_drsuapi.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "rpc_server/common/common.h"
27 #include "dsdb/samdb/samdb.h"
28 #include "lib/ldb/include/ldb_errors.h"
29 #include "param/param.h"
30 #include "librpc/gen_ndr/ndr_drsblobs.h"
31 #include "auth/auth.h"
32 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
33 #include "rpc_server/dcerpc_server_proto.h"
34 #include "../libcli/drsuapi/drsuapi.h"
35 #include "../libcli/security/dom_sid.h"
38 drsuapi_DsGetNCChanges for one object
40 static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItemEx *obj,
41 struct ldb_message *msg,
42 struct ldb_context *sam_ctx,
43 struct ldb_dn *ncRoot_dn,
44 struct dsdb_schema *schema,
45 DATA_BLOB *session_key,
48 const struct ldb_val *md_value;
50 struct ldb_dn *obj_dn;
51 struct replPropertyMetaDataBlob md;
54 enum ndr_err_code ndr_err;
57 if (ldb_dn_compare(ncRoot_dn, msg->dn) == 0) {
58 obj->is_nc_prefix = true;
59 obj->parent_object_guid = NULL;
61 obj->is_nc_prefix = false;
62 obj->parent_object_guid = talloc(obj, struct GUID);
63 *obj->parent_object_guid = samdb_result_guid(msg, "parentGUID");
65 obj->next_object = NULL;
67 md_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
73 ndr_err = ndr_pull_struct_blob(md_value, obj,
74 lp_iconv_convenience(ldb_get_opaque(sam_ctx, "loadparm")), &md,
75 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
76 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
77 return WERR_DS_DRA_INTERNAL_ERROR;
80 if (md.version != 1) {
81 return WERR_DS_DRA_INTERNAL_ERROR;
84 obj->meta_data_ctr = talloc(obj, struct drsuapi_DsReplicaMetaDataCtr);
85 attids = talloc_array(obj, uint32_t, md.ctr.ctr1.count);
87 obj->meta_data_ctr->meta_data = talloc_array(obj, struct drsuapi_DsReplicaMetaData, md.ctr.ctr1.count);
88 for (n=i=0; i<md.ctr.ctr1.count; i++) {
89 if (md.ctr.ctr1.array[i].originating_usn < highest_usn) continue;
90 obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
91 obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
92 obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;
93 obj->meta_data_ctr->meta_data[n].originating_usn = md.ctr.ctr1.array[i].originating_usn;
94 attids[n] = md.ctr.ctr1.array[i].attid;
99 talloc_free(obj->meta_data_ctr);
100 obj->meta_data_ctr = NULL;
103 obj->meta_data_ctr->count = n;
105 obj->object.identifier = talloc(obj, struct drsuapi_DsReplicaObjectIdentifier);
106 obj_dn = ldb_msg_find_attr_as_dn(sam_ctx, obj, msg, "distinguishedName");
107 obj->object.identifier->dn = ldb_dn_get_linearized(obj_dn);
108 obj->object.identifier->guid = samdb_result_guid(msg, "objectGUID");
109 sid = samdb_result_dom_sid(obj, msg, "objectSid");
111 dom_sid_split_rid(NULL, sid, NULL, &rid);
112 obj->object.identifier->sid = *sid;
114 ZERO_STRUCT(obj->object.identifier->sid);
117 obj->object.attribute_ctr.num_attributes = obj->meta_data_ctr->count;
118 obj->object.attribute_ctr.attributes = talloc_array(obj, struct drsuapi_DsReplicaAttribute,
119 obj->object.attribute_ctr.num_attributes);
122 * Note that the meta_data array and the attributes array must
123 * be the same size and in the same order
125 for (i=0; i<obj->object.attribute_ctr.num_attributes; i++) {
126 const struct dsdb_attribute *sa;
127 struct ldb_message_element *el;
130 sa = dsdb_attribute_by_attributeID_id(schema, attids[i]);
132 DEBUG(0,("Unable to find attributeID %u in schema\n", attids[i]));
133 return WERR_DS_DRA_INTERNAL_ERROR;
136 el = ldb_msg_find_element(msg, sa->lDAPDisplayName);
138 DEBUG(0,("No element '%s' for attributeID %u in message\n",
139 sa->lDAPDisplayName, attids[i]));
140 ZERO_STRUCT(obj->object.attribute_ctr.attributes[i]);
141 obj->object.attribute_ctr.attributes[i].attid = attids[i];
143 werr = dsdb_attribute_ldb_to_drsuapi(sam_ctx, schema, el, obj,
144 &obj->object.attribute_ctr.attributes[i]);
145 if (!W_ERROR_IS_OK(werr)) {
146 DEBUG(0,("Unable to convert %s to DRS object - %s\n",
147 sa->lDAPDisplayName, win_errstr(werr)));
151 /* some attributes needs to be encrypted
153 werr = drsuapi_encrypt_attribute(obj, session_key, rid,
154 &obj->object.attribute_ctr.attributes[i]);
155 if (!W_ERROR_IS_OK(werr)) {
156 DEBUG(0,("Unable to encrypt %s in DRS object - %s\n",
157 sa->lDAPDisplayName, win_errstr(werr)));
166 static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1,
167 const struct drsuapi_DsReplicaCursor2 *c2)
169 return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id);
173 load replUpToDateVector from a DN
175 static WERROR load_udv(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
176 struct ldb_dn *dn, struct replUpToDateVectorBlob *ouv)
178 const char *attrs[] = { "replUpToDateVector", NULL };
179 struct ldb_result *res = NULL;
180 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
181 struct ldb_message_element *el;
182 enum ndr_err_code ndr_err;
186 if (ldb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL) != LDB_SUCCESS ||
188 DEBUG(0,("load_udv: failed to read partition object\n"));
189 talloc_free(tmp_ctx);
190 return WERR_DS_DRA_INTERNAL_ERROR;
193 el = ldb_msg_find_element(res->msgs[0], "replUpToDateVector");
194 if (el == NULL || el->num_values < 1) {
195 talloc_free(tmp_ctx);
200 ndr_err = ndr_pull_struct_blob(&el->values[0],
201 mem_ctx, lp_iconv_convenience(ldb_get_opaque(sam_ctx, "loadparm")),
203 (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
204 talloc_free(tmp_ctx);
205 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
206 DEBUG(0,(__location__ ": Failed to parse replUpToDateVector for %s\n",
207 ldb_dn_get_linearized(dn)));
208 return WERR_DS_DRA_INTERNAL_ERROR;
216 fill in the cursors return based on the replUpToDateVector for the ncRoot_dn
218 static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx,
219 struct ldb_dn *ncRoot_dn,
220 struct drsuapi_DsReplicaCursor2CtrEx *udv)
223 struct drsuapi_DsReplicaCursor2 *tmp_cursor;
224 uint64_t highest_commited_usn;
226 time_t t = time(NULL);
228 struct replUpToDateVectorBlob ouv;
230 werr = load_udv(sam_ctx, udv, ncRoot_dn, &ouv);
231 if (!W_ERROR_IS_OK(werr)) {
235 ret = ldb_sequence_number(sam_ctx, LDB_SEQ_HIGHEST_SEQ, &highest_commited_usn);
236 if (ret != LDB_SUCCESS) {
237 return WERR_DS_DRA_INTERNAL_ERROR;
240 tmp_cursor = talloc(udv, struct drsuapi_DsReplicaCursor2);
241 tmp_cursor->source_dsa_invocation_id = *(samdb_ntds_invocation_id(sam_ctx));
242 tmp_cursor->highest_usn = highest_commited_usn;
243 unix_to_nt_time(&now, t);
244 tmp_cursor->last_sync_success = now;
246 udv->count = ouv.ctr.ctr2.count + 1;
247 udv->cursors = talloc_steal(udv, ouv.ctr.ctr2.cursors);
248 udv->cursors = talloc_realloc(udv, udv->cursors, struct drsuapi_DsReplicaCursor2, udv->count);
250 return WERR_DS_DRA_INTERNAL_ERROR;
252 udv->cursors[udv->count - 1] = *tmp_cursor;
254 qsort(udv->cursors, udv->count,
255 sizeof(struct drsuapi_DsReplicaCursor2),
256 (comparison_fn_t)replmd_drsuapi_DsReplicaCursor2_compare);
262 drsuapi_DsGetNCChanges
264 WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
265 struct drsuapi_DsGetNCChanges *r)
267 struct ldb_result *site_res;
268 struct drsuapi_DsReplicaObjectIdentifier *ncRoot;
269 struct ldb_context *sam_ctx;
270 struct ldb_dn *ncRoot_dn;
273 struct dsdb_schema *schema;
274 struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
275 struct drsuapi_DsReplicaObjectListItemEx **currentObject;
277 DATA_BLOB session_key;
278 const char *attrs[] = { "*", "parentGUID", NULL };
282 * connect to the samdb. TODO: We need to check that the caller
283 * has the rights to do this. This exposes all attributes,
284 * including all passwords.
286 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
287 system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
292 /* Check request revision. */
293 if (r->in.level != 8) {
294 return WERR_REVISION_MISMATCH;
297 /* Perform access checks. */
298 if (r->in.req->req8.naming_context == NULL) {
299 return WERR_DS_DRA_INVALID_PARAMETER;
302 ncRoot = r->in.req->req8.naming_context;
303 if (ncRoot == NULL) {
304 return WERR_DS_DRA_BAD_NC;
307 /* we need the session key for encrypting password attributes */
308 status = dcesrv_inherited_session_key(dce_call->conn, &session_key);
309 if (!NT_STATUS_IS_OK(status)) {
310 DEBUG(0,(__location__ ": Failed to get session key\n"));
311 return WERR_DS_DRA_INTERNAL_ERROR;
314 /* Construct response. */
315 ncRoot_dn = ldb_dn_new(mem_ctx, sam_ctx, ncRoot->dn);
316 ret = drsuapi_search_with_extended_dn(sam_ctx, mem_ctx, &site_res,
317 ncRoot_dn, LDB_SCOPE_SUBTREE, attrs,
318 "(uSNChanged>=%llu)",
319 (unsigned long long)(r->in.req->req8.highwatermark.highest_usn+1));
320 if (ret != LDB_SUCCESS) {
321 return WERR_DS_DRA_INTERNAL_ERROR;
324 *r->out.level_out = 6;
325 r->out.ctr->ctr6.naming_context = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
326 *r->out.ctr->ctr6.naming_context = *ncRoot;
327 /* TODO: linked attributes*/
328 r->out.ctr->ctr6.linked_attributes_count = 0;
329 r->out.ctr->ctr6.linked_attributes = NULL;
331 r->out.ctr->ctr6.object_count = 0;
332 r->out.ctr->ctr6.more_data = false;
333 r->out.ctr->ctr6.uptodateness_vector = NULL;
336 schema = dsdb_get_schema(sam_ctx);
338 DEBUG(0,("No schema in sam_ctx\n"));
339 return WERR_DS_DRA_INTERNAL_ERROR;
342 dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr);
343 r->out.ctr->ctr6.mapping_ctr = *ctr;
345 r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(sam_ctx));
346 r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(sam_ctx));
348 r->out.ctr->ctr6.old_highwatermark = r->in.req->req8.highwatermark;
349 r->out.ctr->ctr6.new_highwatermark = r->in.req->req8.highwatermark;
351 r->out.ctr->ctr6.uptodateness_vector = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2CtrEx);
352 r->out.ctr->ctr6.uptodateness_vector->version = 2;
353 r->out.ctr->ctr6.uptodateness_vector->reserved1 = 0;
354 r->out.ctr->ctr6.uptodateness_vector->reserved2 = 0;
356 r->out.ctr->ctr6.first_object = NULL;
357 currentObject = &r->out.ctr->ctr6.first_object;
359 for(i=0; i<site_res->count; i++) {
361 struct drsuapi_DsReplicaObjectListItemEx *obj;
362 obj = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjectListItemEx);
364 uSN = ldb_msg_find_attr_as_int(site_res->msgs[i], "uSNChanged", -1);
365 if (uSN > r->out.ctr->ctr6.new_highwatermark.highest_usn) {
366 r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn = uSN;
367 r->out.ctr->ctr6.new_highwatermark.highest_usn = uSN;
370 werr = get_nc_changes_build_object(obj, site_res->msgs[i], sam_ctx, ncRoot_dn,
371 schema, &session_key, r->in.req->req8.highwatermark.highest_usn);
372 if (!W_ERROR_IS_OK(werr)) {
376 if (obj->meta_data_ctr == NULL) {
377 /* no attributes to send */
382 r->out.ctr->ctr6.object_count++;
384 *currentObject = obj;
385 currentObject = &obj->next_object;
388 werr = get_nc_changes_udv(sam_ctx, ncRoot_dn, r->out.ctr->ctr6.uptodateness_vector);
389 if (!W_ERROR_IS_OK(werr)) {
394 DEBUG(3,("DsGetNCChanges with uSNChanged >= %llu on %s gave %u objects\n",
395 (unsigned long long)(r->in.req->req8.highwatermark.highest_usn+1),
396 ncRoot->dn, r->out.ctr->ctr6.object_count));
398 if (r->out.ctr->ctr6.object_count <= 10 && DEBUGLVL(6)) {
399 NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsGetNCChanges, NDR_IN|NDR_OUT, r);
git.samba.org / ira / wip.git / blob