search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib: Modernize a DEBUG
[samba4-gss.git] / source4 / libnet / libnet_vampire.c
blobe29792f7db33ae4dff420f3a7d83829d933ebe03
1 /*
2 Unix SMB/CIFS implementation.
3
4 Extract the user/system database from a remote server
5
6 Copyright (C) Stefan Metzmacher 2004-2006
7 Copyright (C) Brad Henry 2005
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2008
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24
25 #include "includes.h"
26 #include "libnet/libnet.h"
27 #include "libnet/libnet_join_proto.h"
28 #include "lib/events/events.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "../lib/util/dlinklist.h"
31 #include <ldb.h>
32 #include <ldb_errors.h>
33 #include "librpc/ndr/libndr.h"
34 #include "librpc/gen_ndr/ndr_drsuapi.h"
35 #include "librpc/gen_ndr/ndr_drsblobs.h"
36 #include "librpc/gen_ndr/ndr_misc.h"
37 #include "system/time.h"
38 #include "ldb_wrap.h"
39 #include "auth/auth.h"
40 #include "auth/credentials/credentials.h"
41 #include "param/param.h"
42 #include "param/provision.h"
43 #include "libcli/security/security.h"
44 #include "dsdb/common/util.h"
45
46 #undef DBGC_CLASS
47 #define DBGC_CLASS DBGC_DRS_REPL
48
49 /*
50 List of tasks vampire.py must perform:
51 - Domain Join
52 - but don't write the secrets.ldb
53 - results for this should be enough to handle the provision
54 - if vampire method is samsync
55 - Provision using these results
56 - do we still want to support this NT4 technology?
57 - Start samsync with libnet code
58 - provision in the callback
59 - Write out the secrets database, using the code from libnet_Join
60
61 */
62 struct libnet_vampire_cb_state {
63 const char *netbios_name;
64 const char *domain_name;
65 const char *realm;
66 struct cli_credentials *machine_account;
67
68 /* Schema loaded from local LDIF files */
69 struct dsdb_schema *provision_schema;
70
71 /* 1st pass, with some OIDs/attribute names/class names not
72 * converted, because we may not know them yet */
73 struct dsdb_schema *self_made_schema;
74
75 /* prefixMap in LDB format, from the remote DRS server */
76 DATA_BLOB prefixmap_blob;
77 const struct dsdb_schema *schema;
78
79 struct ldb_context *ldb;
80
81 struct {
82 uint32_t object_count;
83 struct drsuapi_DsReplicaObjectListItemEx *first_object;
84 struct drsuapi_DsReplicaObjectListItemEx *last_object;
85 } schema_part;
86
87 const char *targetdir;
88
89 struct loadparm_context *lp_ctx;
90 struct tevent_context *event_ctx;
91 unsigned total_objects;
92 unsigned total_links;
93 char *last_partition;
94 const char *server_dn_str;
95 };
96
97 /* initialise a state structure ready for replication of chunks */
98 void *libnet_vampire_replicate_init(TALLOC_CTX *mem_ctx,
99 struct ldb_context *samdb,
100 struct loadparm_context *lp_ctx)
101 {
102 struct libnet_vampire_cb_state *s = talloc_zero(mem_ctx, struct libnet_vampire_cb_state);
103 if (!s) {
104 return NULL;
105 }
106
107 s->ldb = samdb;
108 s->lp_ctx = lp_ctx;
109 s->provision_schema = dsdb_get_schema(s->ldb, s);
110 s->schema = s->provision_schema;
111 s->netbios_name = lpcfg_netbios_name(lp_ctx);
112 s->domain_name = lpcfg_workgroup(lp_ctx);
113 s->realm = lpcfg_realm(lp_ctx);
114
115 return s;
116 }
117
118 /* Caller is expected to keep supplied pointers around for the lifetime of the structure */
119 void *libnet_vampire_cb_state_init(TALLOC_CTX *mem_ctx,
120 struct loadparm_context *lp_ctx, struct tevent_context *event_ctx,
121 const char *netbios_name, const char *domain_name, const char *realm,
122 const char *targetdir)
123 {
124 struct libnet_vampire_cb_state *s = talloc_zero(mem_ctx, struct libnet_vampire_cb_state);
125 if (!s) {
126 return NULL;
127 }
128
129 s->lp_ctx = lp_ctx;
130 s->event_ctx = event_ctx;
131 s->netbios_name = netbios_name;
132 s->domain_name = domain_name;
133 s->realm = realm;
134 s->targetdir = targetdir;
135 return s;
136 }
137
138 struct ldb_context *libnet_vampire_cb_ldb(struct libnet_vampire_cb_state *state)
139 {
140 state = talloc_get_type_abort(state, struct libnet_vampire_cb_state);
141 return state->ldb;
142 }
143
144 struct loadparm_context *libnet_vampire_cb_lp_ctx(struct libnet_vampire_cb_state *state)
145 {
146 state = talloc_get_type_abort(state, struct libnet_vampire_cb_state);
147 return state->lp_ctx;
148 }
149
150 NTSTATUS libnet_vampire_cb_prepare_db(void *private_data,
151 const struct libnet_BecomeDC_PrepareDB *p)
152 {
153 struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
154 struct provision_settings settings;
155 struct provision_result result;
156 NTSTATUS status;
157
158 ZERO_STRUCT(settings);
159 settings.site_name = p->dest_dsa->site_name;
160 settings.root_dn_str = p->forest->root_dn_str;
161 settings.domain_dn_str = p->domain->dn_str;
162 settings.config_dn_str = p->forest->config_dn_str;
163 settings.schema_dn_str = p->forest->schema_dn_str;
164 settings.netbios_name = p->dest_dsa->netbios_name;
165 settings.realm = s->realm;
166 settings.domain = s->domain_name;
167 settings.server_dn_str = p->dest_dsa->server_dn_str;
168 settings.machine_password = generate_random_machine_password(s, 120, 120);
169 settings.targetdir = s->targetdir;
170 settings.use_ntvfs = true;
171 status = provision_bare(s, s->lp_ctx, &settings, &result);
172
173 if (!NT_STATUS_IS_OK(status)) {
174 return status;
175 }
176
177 s->ldb = talloc_steal(s, result.samdb);
178 s->lp_ctx = talloc_reparent(talloc_parent(result.lp_ctx), s, result.lp_ctx);
179 s->provision_schema = dsdb_get_schema(s->ldb, s);
180 s->server_dn_str = talloc_steal(s, p->dest_dsa->server_dn_str);
181
182 /* wrap the entire vapire operation in a transaction. This
183 isn't just cosmetic - we use this to ensure that linked
184 attribute back links are added at the end by relying on a
185 transaction commit hook in the linked attributes module. We
186 need to do this as the order of objects coming from the
187 server is not sufficiently deterministic to know that the
188 record that a backlink needs to be created in has itself
189 been created before the object containing the forward link
190 has come over the wire */
191 if (ldb_transaction_start(s->ldb) != LDB_SUCCESS) {
192 return NT_STATUS_FOOBAR;
193 }
194
195 return NT_STATUS_OK;
196
197
198 }
199
200 NTSTATUS libnet_vampire_cb_check_options(void *private_data,
201 const struct libnet_BecomeDC_CheckOptions *o)
202 {
203 struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
204
205 DEBUG(0,("Become DC [%s] of Domain[%s]/[%s]\n",
206 s->netbios_name,
207 o->domain->netbios_name, o->domain->dns_name));
208
209 DEBUG(0,("Promotion Partner is Server[%s] from Site[%s]\n",
210 o->source_dsa->dns_name, o->source_dsa->site_name));
211
212 DEBUG(0,("Options:crossRef behavior_version[%u]\n"
213 "\tschema object_version[%u]\n"
214 "\tdomain behavior_version[%u]\n"
215 "\tdomain w2k3_update_revision[%u]\n",
216 o->forest->crossref_behavior_version,
217 o->forest->schema_object_version,
218 o->domain->behavior_version,
219 o->domain->w2k3_update_revision));
220
221 return NT_STATUS_OK;
222 }
223
224 static WERROR libnet_vampire_cb_apply_schema(struct libnet_vampire_cb_state *s,
225 const struct libnet_BecomeDC_StoreChunk *c)
226 {
227 WERROR status;
228 struct dsdb_schema_prefixmap *pfm_remote;
229 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
230 struct dsdb_schema *provision_schema;
231 uint32_t object_count = 0;
232 struct drsuapi_DsReplicaObjectListItemEx *first_object;
233 uint32_t linked_attributes_count;
234 struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
235 const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
236 struct dsdb_extended_replicated_objects *schema_objs;
237 struct repsFromTo1 *s_dsa;
238 char *tmp_dns_name;
239 struct ldb_context *schema_ldb;
240 struct ldb_dn *partition_dn;
241 struct ldb_message *msg;
242 struct ldb_message_element *prefixMap_el;
243 uint32_t i;
244 int ret;
245 bool ok;
246 uint64_t seq_num = 0;
247 uint32_t cycle_before_switching;
248
249 DEBUG(0,("Analyze and apply schema objects\n"));
250
251 s_dsa = talloc_zero(s, struct repsFromTo1);
252 if (s_dsa == NULL) {
253 return WERR_NOT_ENOUGH_MEMORY;
254 }
255 s_dsa->other_info = talloc(s_dsa, struct repsFromTo1OtherInfo);
256 if (s_dsa->other_info == NULL) {
257 return WERR_NOT_ENOUGH_MEMORY;
258 }
259
260 switch (c->ctr_level) {
261 case 1:
262 mapping_ctr = &c->ctr1->mapping_ctr;
263 object_count = s->schema_part.object_count;
264 first_object = s->schema_part.first_object;
265 linked_attributes_count = 0;
266 linked_attributes = NULL;
267 s_dsa->highwatermark = c->ctr1->new_highwatermark;
268 s_dsa->source_dsa_obj_guid = c->ctr1->source_dsa_guid;
269 s_dsa->source_dsa_invocation_id = c->ctr1->source_dsa_invocation_id;
270 uptodateness_vector = NULL; /* TODO: map it */
271 break;
272 case 6:
273 mapping_ctr = &c->ctr6->mapping_ctr;
274 object_count = s->schema_part.object_count;
275 first_object = s->schema_part.first_object;
276 linked_attributes_count = c->ctr6->linked_attributes_count;
277 linked_attributes = c->ctr6->linked_attributes;
278 s_dsa->highwatermark = c->ctr6->new_highwatermark;
279 s_dsa->source_dsa_obj_guid = c->ctr6->source_dsa_guid;
280 s_dsa->source_dsa_invocation_id = c->ctr6->source_dsa_invocation_id;
281 uptodateness_vector = c->ctr6->uptodateness_vector;
282 break;
283 default:
284 return WERR_INVALID_PARAMETER;
285 }
286 /* We must set these up to ensure the replMetaData is written
287 * correctly, before our NTDS Settings entry is replicated */
288 ok = samdb_set_ntds_invocation_id(s->ldb, &c->dest_dsa->invocation_id);
289 if (!ok) {
290 DEBUG(0,("Failed to set cached ntds invocationId\n"));
291 return WERR_INTERNAL_ERROR;
292 }
293 ok = samdb_set_ntds_objectGUID(s->ldb, &c->dest_dsa->ntds_guid);
294 if (!ok) {
295 DEBUG(0,("Failed to set cached ntds objectGUID\n"));
296 return WERR_INTERNAL_ERROR;
297 }
298
299 status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
300 s, &pfm_remote, NULL);
301 if (!W_ERROR_IS_OK(status)) {
302 DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n",
303 win_errstr(status)));
304 return status;
305 }
306
307 s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
308 | DRSUAPI_DRS_INIT_SYNC
309 | DRSUAPI_DRS_PER_SYNC;
310 memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
311
312 tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
313 if (tmp_dns_name == NULL) {
314 return WERR_NOT_ENOUGH_MEMORY;
315 }
316 tmp_dns_name = talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
317 if (tmp_dns_name == NULL) {
318 return WERR_NOT_ENOUGH_MEMORY;
319 }
320 s_dsa->other_info->dns_name = tmp_dns_name;
321
322 if (s->self_made_schema == NULL) {
323 DEBUG(0,("libnet_vampire_cb_apply_schema: called with out self_made_schema\n"));
324 return WERR_INTERNAL_ERROR;
325 }
326
327 schema_ldb = provision_get_schema(s, s->lp_ctx,
328 c->forest->schema_dn_str,
329 &s->prefixmap_blob);
330 if (!schema_ldb) {
331 DEBUG(0,("Failed to re-load from local provision using remote prefixMap. "
332 "Will continue with local prefixMap\n"));
333 provision_schema = dsdb_get_schema(s->ldb, s);
334 } else {
335 provision_schema = dsdb_get_schema(schema_ldb, s);
336 ret = dsdb_reference_schema(s->ldb, provision_schema, SCHEMA_MEMORY_ONLY);
337 if (ret != LDB_SUCCESS) {
338 DEBUG(0,("Failed to attach schema from local provision using remote prefixMap.\n"));
339 return WERR_INTERNAL_ERROR;
340 }
341 talloc_unlink(s, schema_ldb);
342 }
343
344 cycle_before_switching = lpcfg_parm_long(s->lp_ctx, NULL,
345 "become dc",
346 "schema convert retrial", 1);
347
348 provision_schema->resolving_in_progress = true;
349 s->self_made_schema->resolving_in_progress = true;
350
351 status = dsdb_repl_resolve_working_schema(s->ldb,
352 pfm_remote,
353 cycle_before_switching,
354 provision_schema,
355 s->self_made_schema,
356 object_count,
357 first_object);
358 if (!W_ERROR_IS_OK(status)) {
359 DEBUG(0, ("%s: dsdb_repl_resolve_working_schema() failed: %s\n",
360 __location__, win_errstr(status)));
361 return status;
362 }
363
364 /* free temp objects for 1st conversion phase */
365 talloc_unlink(s, provision_schema);
366
367 s->self_made_schema->resolving_in_progress = false;
368
369 /*
370 * attach the schema we just brought over DRS to the ldb,
371 * so we can use it in dsdb_convert_object_ex below
372 */
373 ret = dsdb_set_schema(s->ldb, s->self_made_schema, SCHEMA_WRITE);
374 if (ret != LDB_SUCCESS) {
375 DEBUG(0,("Failed to attach working schema from DRS.\n"));
376 return WERR_INTERNAL_ERROR;
377 }
378
379 /* we don't want to access the self made schema anymore */
380 s->schema = s->self_made_schema;
381 s->self_made_schema = NULL;
382
383 partition_dn = ldb_dn_new(s, s->ldb, c->partition->nc.dn);
384 if (partition_dn == NULL) {
385 DEBUG(0,("Failed to parse partition DN from DRS.\n"));
386 return WERR_INVALID_PARAMETER;
387 }
388
389 /* Now convert the schema elements again, using the schema we finalised, ready to actually import */
390 status = dsdb_replicated_objects_convert(s->ldb,
391 s->schema,
392 partition_dn,
393 mapping_ctr,
394 object_count,
395 first_object,
396 linked_attributes_count,
397 linked_attributes,
398 s_dsa,
399 uptodateness_vector,
400 c->gensec_skey,
401 0,
402 s, &schema_objs);
403 if (!W_ERROR_IS_OK(status)) {
404 DEBUG(0,("Failed to convert objects when trying to import over DRS (2nd pass, to store remote schema): %s\n", win_errstr(status)));
405 return status;
406 }
407
408 if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
409 for (i=0; i < schema_objs->num_objects; i++) {
410 struct ldb_ldif ldif;
411 fprintf(stdout, "#\n");
412 ldif.changetype = LDB_CHANGETYPE_NONE;
413 ldif.msg = schema_objs->objects[i].msg;
414 ldb_ldif_write_file(s->ldb, stdout, &ldif);
415 NDR_PRINT_DEBUG(replPropertyMetaDataBlob, schema_objs->objects[i].meta_data);
416 }
417 }
418
419 status = dsdb_replicated_objects_commit(s->ldb, NULL, schema_objs, &seq_num);
420 if (!W_ERROR_IS_OK(status)) {
421 DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
422 return status;
423 }
424
425 msg = ldb_msg_new(schema_objs);
426 if (msg == NULL) {
427 return WERR_NOT_ENOUGH_MEMORY;
428 }
429 msg->dn = schema_objs->partition_dn;
430
431 /* We must ensure a prefixMap has been written. Unlike other
432 * attributes (including schemaInfo), it is not replicated in
433 * the normal replication stream. We can use the one from
434 * s->prefixmap_blob because we operate with one, unchanging
435 * prefixMap for this entire operation. */
436 ret = ldb_msg_add_value(msg, "prefixMap", &s->prefixmap_blob, &prefixMap_el);
437 if (ret != LDB_SUCCESS) {
438 return WERR_NOT_ENOUGH_MEMORY;
439 }
440 /* We want to know if a prefixMap was written already, as it
441 * would mean that the above comment was not true, and we have
442 * somehow updated the prefixMap during this transaction */
443 prefixMap_el->flags = LDB_FLAG_MOD_ADD;
444
445 ret = dsdb_modify(s->ldb, msg, DSDB_FLAG_AS_SYSTEM);
446 if (ret != LDB_SUCCESS) {
447 DEBUG(0,("Failed to add prefixMap: %s\n", ldb_errstring(s->ldb)));
448 return WERR_INTERNAL_ERROR;
449 }
450
451 talloc_free(s_dsa);
452 talloc_free(schema_objs);
453
454 s->schema = dsdb_get_schema(s->ldb, s);
455 if (!s->schema) {
456 DEBUG(0,("Failed to get loaded dsdb_schema\n"));
457 return WERR_INTERNAL_ERROR;
458 }
459
460 return WERR_OK;
461 }
462
463 WERROR libnet_vampire_cb_schema_chunk(void *private_data,
464 const struct libnet_BecomeDC_StoreChunk *c)
465 {
466 struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
467 WERROR werr;
468 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
469 uint32_t nc_object_count;
470 uint32_t nc_total_received = 0;
471 uint32_t object_count;
472 struct drsuapi_DsReplicaObjectListItemEx *first_object;
473 struct drsuapi_DsReplicaObjectListItemEx *cur;
474 uint32_t nc_linked_attributes_count;
475 uint32_t linked_attributes_count;
476
477 switch (c->ctr_level) {
478 case 1:
479 mapping_ctr = &c->ctr1->mapping_ctr;
480 nc_object_count = c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
481 object_count = c->ctr1->object_count;
482 first_object = c->ctr1->first_object;
483 nc_linked_attributes_count = 0;
484 linked_attributes_count = 0;
485 break;
486 case 6:
487 mapping_ctr = &c->ctr6->mapping_ctr;
488 nc_object_count = c->ctr6->nc_object_count;
489 object_count = c->ctr6->object_count;
490 first_object = c->ctr6->first_object;
491 nc_linked_attributes_count = c->ctr6->nc_linked_attributes_count;
492 linked_attributes_count = c->ctr6->linked_attributes_count;
493 break;
494 default:
495 return WERR_INVALID_PARAMETER;
496 }
497
498 if (!s->schema_part.first_object) {
499 nc_total_received = object_count;
500 } else {
501 nc_total_received = s->schema_part.object_count + object_count;
502 }
503 if (nc_object_count) {
504 DEBUG(0,("Schema-DN[%s] objects[%u/%u] linked_values[%u/%u]\n",
505 c->partition->nc.dn, nc_total_received, nc_object_count,
506 linked_attributes_count, nc_linked_attributes_count));
507 } else {
508 DEBUG(0,("Schema-DN[%s] objects[%u] linked_values[%u]\n",
509 c->partition->nc.dn, nc_total_received, linked_attributes_count));
510 }
511
512 if (!s->self_made_schema) {
513 struct drsuapi_DsReplicaOIDMapping_Ctr mapping_ctr_without_schema_info;
514 /* Put the DRS prefixmap aside for the schema we are
515 * about to load in the provision, and into the one we
516 * are making with the help of DRS */
517
518 mapping_ctr_without_schema_info = *mapping_ctr;
519
520 /* This strips off the 0xFF schema info from the end,
521 * because we don't want it in the blob */
522 if (mapping_ctr_without_schema_info.num_mappings > 0) {
523 mapping_ctr_without_schema_info.num_mappings--;
524 }
525 werr = dsdb_get_drsuapi_prefixmap_as_blob(&mapping_ctr_without_schema_info, s, &s->prefixmap_blob);
526 if (!W_ERROR_IS_OK(werr)) {
527 return werr;
528 }
529
530 /* Set up two manually-constructed schema - the local
531 * schema from the provision will be used to build
532 * one, which will then in turn be used to build the
533 * other. */
534 s->self_made_schema = dsdb_new_schema(s);
535 if (s->self_made_schema == NULL) {
536 return WERR_NOT_ENOUGH_MEMORY;
537 }
538
539 werr = dsdb_load_prefixmap_from_drsuapi(s->self_made_schema, mapping_ctr);
540 if (!W_ERROR_IS_OK(werr)) {
541 return werr;
542 }
543 } else {
544 werr = dsdb_schema_pfm_contains_drsuapi_pfm(s->self_made_schema->prefixmap, mapping_ctr);
545 if (!W_ERROR_IS_OK(werr)) {
546 return werr;
547 }
548 }
549
550 if (!s->schema_part.first_object) {
551 s->schema_part.object_count = object_count;
552 s->schema_part.first_object = talloc_steal(s, first_object);
553 } else {
554 s->schema_part.object_count += object_count;
555 s->schema_part.last_object->next_object = talloc_steal(s->schema_part.last_object,
556 first_object);
557 }
558 if (first_object != NULL) {
559 for (cur = first_object; cur->next_object; cur = cur->next_object) {}
560 } else {
561 cur = first_object;
562 }
563
564 s->schema_part.last_object = cur;
565
566 if (!c->partition->more_data) {
567 return libnet_vampire_cb_apply_schema(s, c);
568 }
569
570 return WERR_OK;
571 }
572
573 WERROR libnet_vampire_cb_store_chunk(void *private_data,
574 const struct libnet_BecomeDC_StoreChunk *c)
575 {
576 struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
577 WERROR status;
578 struct dsdb_schema *schema;
579 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
580 uint32_t nc_object_count;
581 uint32_t object_count;
582 struct drsuapi_DsReplicaObjectListItemEx *first_object;
583 uint32_t nc_linked_attributes_count;
584 uint32_t linked_attributes_count;
585 struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
586 const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
587 struct dsdb_extended_replicated_objects *objs;
588 uint32_t req_replica_flags;
589 uint32_t dsdb_repl_flags = 0;
590 struct repsFromTo1 *s_dsa;
591 char *tmp_dns_name;
592 uint32_t i;
593 uint64_t seq_num = 0;
594 bool is_exop = false;
595 struct ldb_dn *partition_dn = NULL;
596 struct ldb_dn *nc_root = NULL;
597
598 s_dsa = talloc_zero(s, struct repsFromTo1);
599 if (s_dsa == NULL) {
600 return WERR_NOT_ENOUGH_MEMORY;
601 }
602 s_dsa->other_info = talloc(s_dsa, struct repsFromTo1OtherInfo);
603 if (s_dsa->other_info == NULL) {
604 return WERR_NOT_ENOUGH_MEMORY;
605 }
606
607 switch (c->ctr_level) {
608 case 1:
609 mapping_ctr = &c->ctr1->mapping_ctr;
610 nc_object_count = c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
611 object_count = c->ctr1->object_count;
612 first_object = c->ctr1->first_object;
613 nc_linked_attributes_count = 0;
614 linked_attributes_count = 0;
615 linked_attributes = NULL;
616 s_dsa->highwatermark = c->ctr1->new_highwatermark;
617 s_dsa->source_dsa_obj_guid = c->ctr1->source_dsa_guid;
618 s_dsa->source_dsa_invocation_id = c->ctr1->source_dsa_invocation_id;
619 uptodateness_vector = NULL; /* TODO: map it */
620 break;
621 case 6:
622 mapping_ctr = &c->ctr6->mapping_ctr;
623 nc_object_count = c->ctr6->nc_object_count;
624 object_count = c->ctr6->object_count;
625 first_object = c->ctr6->first_object;
626 nc_linked_attributes_count = c->ctr6->nc_linked_attributes_count;
627 linked_attributes_count = c->ctr6->linked_attributes_count;
628 linked_attributes = c->ctr6->linked_attributes;
629 s_dsa->highwatermark = c->ctr6->new_highwatermark;
630 s_dsa->source_dsa_obj_guid = c->ctr6->source_dsa_guid;
631 s_dsa->source_dsa_invocation_id = c->ctr6->source_dsa_invocation_id;
632 uptodateness_vector = c->ctr6->uptodateness_vector;
633 break;
634 default:
635 return WERR_INVALID_PARAMETER;
636 }
637
638 switch (c->req_level) {
639 case 0:
640 /* none */
641 req_replica_flags = 0;
642 break;
643 case 5:
644 if (c->req5->extended_op != DRSUAPI_EXOP_NONE) {
645 is_exop = true;
646 }
647 req_replica_flags = c->req5->replica_flags;
648 break;
649 case 8:
650 if (c->req8->extended_op != DRSUAPI_EXOP_NONE) {
651 is_exop = true;
652 }
653 req_replica_flags = c->req8->replica_flags;
654 break;
655 case 10:
656 if (c->req10->extended_op != DRSUAPI_EXOP_NONE) {
657 is_exop = true;
658 }
659 req_replica_flags = c->req10->replica_flags;
660
661 if (c->req10->more_flags & DRSUAPI_DRS_GET_TGT) {
662 dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
663 }
664 break;
665 default:
666 return WERR_INVALID_PARAMETER;
667 }
668
669 /*
670 * If the peer DC doesn't support GET_TGT (req v10), then the link
671 * targets are as up-to-date as they're ever gonna be. (Without this,
672 * cases where we'd normally retry with GET_TGT cause the join to fail)
673 */
674 if (c->req_level < 10) {
675 dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
676 }
677
678 if (req_replica_flags & DRSUAPI_DRS_CRITICAL_ONLY || is_exop) {
679 /*
680 * If we only replicate the critical objects, or this
681 * is an exop we should not remember what we already
682 * got, as it is incomplete.
683 */
684 ZERO_STRUCT(s_dsa->highwatermark);
685 uptodateness_vector = NULL;
686 dsdb_repl_flags |= DSDB_REPL_FLAG_OBJECT_SUBSET;
687 }
688
689 /* TODO: avoid hardcoded flags */
690 s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
691 | DRSUAPI_DRS_INIT_SYNC
692 | DRSUAPI_DRS_PER_SYNC;
693 memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
694
695 tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
696 if (tmp_dns_name == NULL) {
697 return WERR_NOT_ENOUGH_MEMORY;
698 }
699 tmp_dns_name = talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
700 if (tmp_dns_name == NULL) {
701 return WERR_NOT_ENOUGH_MEMORY;
702 }
703 s_dsa->other_info->dns_name = tmp_dns_name;
704
705 /* we want to show a count per partition */
706 if (!s->last_partition || strcmp(s->last_partition, c->partition->nc.dn) != 0) {
707 s->total_objects = 0;
708 s->total_links = 0;
709 talloc_free(s->last_partition);
710 s->last_partition = talloc_strdup(s, c->partition->nc.dn);
711 }
712 s->total_objects += object_count;
713 s->total_links += linked_attributes_count;
714
715 partition_dn = ldb_dn_new(s_dsa, s->ldb, c->partition->nc.dn);
716 if (partition_dn == NULL) {
717 DEBUG(0,("Failed to parse partition DN from DRS.\n"));
718 return WERR_INVALID_PARAMETER;
719 }
720
721 if (is_exop) {
722 int ret;
723 if (nc_object_count) {
724 DEBUG(0,("Exop on[%s] objects[%u/%u] linked_values[%u/%u]\n",
725 c->partition->nc.dn, s->total_objects, nc_object_count,
726 s->total_links, nc_linked_attributes_count));
727 } else {
728 DEBUG(0,("Exop on[%s] objects[%u] linked_values[%u]\n",
729 c->partition->nc.dn, s->total_objects, linked_attributes_count));
730 }
731 ret = dsdb_find_nc_root(s->ldb, s_dsa,
732 partition_dn, &nc_root);
733 if (ret != LDB_SUCCESS) {
734 DEBUG(0,(__location__ ": Failed to find nc_root for %s\n",
735 ldb_dn_get_linearized(partition_dn)));
736 return WERR_INTERNAL_ERROR;
737 }
738 } else {
739 if (nc_object_count) {
740 DEBUG(0,("Partition[%s] objects[%u/%u] linked_values[%u/%u]\n",
741 c->partition->nc.dn, s->total_objects, nc_object_count,
742 s->total_links, nc_linked_attributes_count));
743 } else {
744 DEBUG(0,("Partition[%s] objects[%u] linked_values[%u]\n",
745 c->partition->nc.dn, s->total_objects, s->total_links));
746 }
747 nc_root = partition_dn;
748 }
749
750
751 schema = dsdb_get_schema(s->ldb, NULL);
752 if (!schema) {
753 DEBUG(0,(__location__ ": Schema is not loaded yet!\n"));
754 return WERR_INTERNAL_ERROR;
755 }
756
757 if (req_replica_flags & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
758 dsdb_repl_flags |= DSDB_REPL_FLAG_PRIORITISE_INCOMING;
759 }
760
761 if (req_replica_flags & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
762 dsdb_repl_flags |= DSDB_REPL_FLAG_EXPECT_NO_SECRETS;
763 }
764
765 status = dsdb_replicated_objects_convert(s->ldb,
766 schema,
767 nc_root,
768 mapping_ctr,
769 object_count,
770 first_object,
771 linked_attributes_count,
772 linked_attributes,
773 s_dsa,
774 uptodateness_vector,
775 c->gensec_skey,
776 dsdb_repl_flags,
777 s, &objs);
778 if (!W_ERROR_IS_OK(status)) {
779 DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status)));
780 return status;
781 }
782
783 if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
784 for (i=0; i < objs->num_objects; i++) {
785 struct ldb_ldif ldif;
786 fprintf(stdout, "#\n");
787 ldif.changetype = LDB_CHANGETYPE_NONE;
788 ldif.msg = objs->objects[i].msg;
789 ldb_ldif_write_file(s->ldb, stdout, &ldif);
790 NDR_PRINT_DEBUG(replPropertyMetaDataBlob, objs->objects[i].meta_data);
791 }
792 }
793 status = dsdb_replicated_objects_commit(s->ldb, NULL, objs, &seq_num);
794 if (!W_ERROR_IS_OK(status)) {
795 DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
796 return status;
797 }
798
799 /* reset debug counters once we've finished replicating the partition */
800 if (!c->partition->more_data) {
801 s->total_objects = 0;
802 s->total_links = 0;
803 }
804
805 talloc_free(s_dsa);
806 talloc_free(objs);
807
808 for (i=0; i < linked_attributes_count; i++) {
809 const struct dsdb_attribute *sa;
810
811 if (!linked_attributes[i].identifier) {
812 DEBUG(0, ("No linked attribute identifier\n"));
813 return WERR_INTERNAL_ERROR;
814 }
815
816 if (!linked_attributes[i].value.blob) {
817 DEBUG(0, ("No linked attribute value\n"));
818 return WERR_INTERNAL_ERROR;
819 }
820
821 sa = dsdb_attribute_by_attributeID_id(s->schema,
822 linked_attributes[i].attid);
823 if (!sa) {
824 DEBUG(0, ("Unable to find attribute via attribute id %d\n", linked_attributes[i].attid));
825 return WERR_INTERNAL_ERROR;
826 }
827
828 if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
829 DEBUG(0,("# %s\n", sa->lDAPDisplayName));
830 NDR_PRINT_DEBUG(drsuapi_DsReplicaLinkedAttribute, &linked_attributes[i]);
831 dump_data(0,
832 linked_attributes[i].value.blob->data,
833 linked_attributes[i].value.blob->length);
834 }
835 }
836
837 return WERR_OK;
838 }
839
GSS-enabled samba4