2005-05-02 14:17:19 +00:00
/*
Unix SMB / CIFS implementation .
2008-04-09 12:02:11 +10:00
Extract the user / system database from a remote server
2005-05-21 06:31:02 +00:00
2008-04-09 12:02:11 +10:00
Copyright ( C ) Stefan Metzmacher 2004 - 2006
Copyright ( C ) Brad Henry 2005
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005 - 2008
2005-05-02 14:17:19 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2005-05-02 14:17:19 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-05-02 14:17:19 +00:00
*/
# include "includes.h"
# include "libnet/libnet.h"
2008-04-09 12:02:11 +10:00
# include "lib/events/events.h"
# include "dsdb/samdb/samdb.h"
2008-10-11 21:31:42 +02:00
# include "../lib/util/dlinklist.h"
2008-04-09 12:02:11 +10:00
# include "lib/ldb/include/ldb.h"
# include "lib/ldb/include/ldb_errors.h"
# include "librpc/ndr/libndr.h"
# include "librpc/gen_ndr/ndr_drsuapi.h"
# include "librpc/gen_ndr/ndr_drsblobs.h"
# include "librpc/gen_ndr/ndr_misc.h"
# include "system/time.h"
# include "lib/ldb_wrap.h"
# include "auth/auth.h"
2007-09-28 01:17:46 +00:00
# include "param/param.h"
2008-04-09 14:59:32 +10:00
# include "param/provision.h"
2009-09-24 10:33:36 -07:00
# include "libcli/security/dom_sid.h"
2005-05-21 05:05:44 +00:00
2008-04-09 12:02:11 +10:00
/*
List of tasks vampire . py must perform :
- Domain Join
- but don ' t write the secrets . ldb
- results for this should be enough to handle the provision
- if vampire method is samsync
- Provision using these results
- do we still want to support this NT4 technology ?
- Start samsync with libnet code
- provision in the callback
- Write out the secrets database , using the code from libnet_Join
*/
struct vampire_state {
const char * netbios_name ;
struct libnet_JoinDomain * join ;
struct cli_credentials * machine_account ;
struct dsdb_schema * self_made_schema ;
const struct dsdb_schema * schema ;
struct ldb_context * ldb ;
2005-05-21 05:05:44 +00:00
2008-04-09 12:02:11 +10:00
struct {
uint32_t object_count ;
struct drsuapi_DsReplicaObjectListItemEx * first_object ;
struct drsuapi_DsReplicaObjectListItemEx * last_object ;
} schema_part ;
const char * targetdir ;
struct loadparm_context * lp_ctx ;
2008-12-29 20:24:57 +01:00
struct tevent_context * event_ctx ;
2009-09-03 18:31:45 +10:00
unsigned total_objects ;
char * last_partition ;
2008-04-09 12:02:11 +10:00
} ;
static NTSTATUS vampire_prepare_db ( void * private_data ,
const struct libnet_BecomeDC_PrepareDB * p )
2005-05-21 05:05:44 +00:00
{
2008-04-09 12:02:11 +10:00
struct vampire_state * s = talloc_get_type ( private_data , struct vampire_state ) ;
struct provision_settings settings ;
2008-04-11 19:15:24 +10:00
struct provision_result result ;
2008-04-09 12:02:11 +10:00
NTSTATUS status ;
2005-05-21 05:05:44 +00:00
2009-07-02 14:47:06 +10:00
ZERO_STRUCT ( settings ) ;
2008-04-09 12:02:11 +10:00
settings . site_name = p - > dest_dsa - > site_name ;
settings . root_dn_str = p - > forest - > root_dn_str ;
settings . domain_dn_str = p - > domain - > dn_str ;
settings . config_dn_str = p - > forest - > config_dn_str ;
settings . schema_dn_str = p - > forest - > schema_dn_str ;
settings . netbios_name = p - > dest_dsa - > netbios_name ;
settings . realm = s - > join - > out . realm ;
2008-04-09 14:59:32 +10:00
settings . domain = s - > join - > out . domain_name ;
2008-04-09 12:02:11 +10:00
settings . server_dn_str = p - > dest_dsa - > server_dn_str ;
settings . machine_password = generate_random_str ( s , 16 ) ;
settings . targetdir = s - > targetdir ;
2008-04-11 19:15:24 +10:00
status = provision_bare ( s , s - > lp_ctx , & settings , & result ) ;
2005-05-02 14:17:19 +00:00
2008-04-11 19:15:24 +10:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
2005-05-02 14:17:19 +00:00
}
2008-04-11 19:15:24 +10:00
s - > ldb = result . samdb ;
s - > lp_ctx = result . lp_ctx ;
2008-04-09 12:02:11 +10:00
2009-09-02 16:57:25 +10:00
/* wrap the entire vapire operation in a transaction. This
isn ' t just cosmetic - we use this to ensure that linked
attribute back links are added at the end by relying on a
transaction commit hook in the linked attributes module . We
need to do this as the order of objects coming from the
server is not sufficiently deterministic to know that the
record that a backlink needs to be created in has itself
been created before the object containing the forward link
has come over the wire */
if ( ldb_transaction_start ( s - > ldb ) ! = LDB_SUCCESS ) {
return NT_STATUS_FOOBAR ;
}
2008-04-09 12:02:11 +10:00
return NT_STATUS_OK ;
}
static NTSTATUS vampire_check_options ( void * private_data ,
const struct libnet_BecomeDC_CheckOptions * o )
{
struct vampire_state * s = talloc_get_type ( private_data , struct vampire_state ) ;
DEBUG ( 0 , ( " Become DC [%s] of Domain[%s]/[%s] \n " ,
s - > netbios_name ,
o - > domain - > netbios_name , o - > domain - > dns_name ) ) ;
DEBUG ( 0 , ( " Promotion Partner is Server[%s] from Site[%s] \n " ,
o - > source_dsa - > dns_name , o - > source_dsa - > site_name ) ) ;
DEBUG ( 0 , ( " Options:crossRef behavior_version[%u] \n "
" \t schema object_version[%u] \n "
" \t domain behavior_version[%u] \n "
" \t domain w2k3_update_revision[%u] \n " ,
o - > forest - > crossref_behavior_version ,
o - > forest - > schema_object_version ,
o - > domain - > behavior_version ,
o - > domain - > w2k3_update_revision ) ) ;
return NT_STATUS_OK ;
}
static NTSTATUS vampire_apply_schema ( struct vampire_state * s ,
const struct libnet_BecomeDC_StoreChunk * c )
{
WERROR status ;
const struct drsuapi_DsReplicaOIDMapping_Ctr * mapping_ctr ;
uint32_t object_count ;
struct drsuapi_DsReplicaObjectListItemEx * first_object ;
struct drsuapi_DsReplicaObjectListItemEx * cur ;
uint32_t linked_attributes_count ;
struct drsuapi_DsReplicaLinkedAttribute * linked_attributes ;
const struct drsuapi_DsReplicaCursor2CtrEx * uptodateness_vector ;
struct dsdb_extended_replicated_objects * objs ;
struct repsFromTo1 * s_dsa ;
char * tmp_dns_name ;
struct ldb_message * msg ;
struct ldb_val prefixMap_val ;
struct ldb_message_element * prefixMap_el ;
struct ldb_val schemaInfo_val ;
uint32_t i ;
int ret ;
bool ok ;
2009-09-15 14:42:26 -07:00
uint64_t seq_num ;
2008-04-09 12:02:11 +10:00
DEBUG ( 0 , ( " Analyze and apply schema objects \n " ) ) ;
s_dsa = talloc_zero ( s , struct repsFromTo1 ) ;
NT_STATUS_HAVE_NO_MEMORY ( s_dsa ) ;
s_dsa - > other_info = talloc ( s_dsa , struct repsFromTo1OtherInfo ) ;
NT_STATUS_HAVE_NO_MEMORY ( s_dsa - > other_info ) ;
switch ( c - > ctr_level ) {
case 1 :
mapping_ctr = & c - > ctr1 - > mapping_ctr ;
object_count = s - > schema_part . object_count ;
first_object = s - > schema_part . first_object ;
linked_attributes_count = 0 ;
linked_attributes = NULL ;
s_dsa - > highwatermark = c - > ctr1 - > new_highwatermark ;
s_dsa - > source_dsa_obj_guid = c - > ctr1 - > source_dsa_guid ;
s_dsa - > source_dsa_invocation_id = c - > ctr1 - > source_dsa_invocation_id ;
uptodateness_vector = NULL ; /* TODO: map it */
break ;
case 6 :
mapping_ctr = & c - > ctr6 - > mapping_ctr ;
object_count = s - > schema_part . object_count ;
first_object = s - > schema_part . first_object ;
2009-09-03 18:31:45 +10:00
linked_attributes_count = c - > ctr6 - > linked_attributes_count ;
linked_attributes = c - > ctr6 - > linked_attributes ;
2008-04-09 12:02:11 +10:00
s_dsa - > highwatermark = c - > ctr6 - > new_highwatermark ;
s_dsa - > source_dsa_obj_guid = c - > ctr6 - > source_dsa_guid ;
s_dsa - > source_dsa_invocation_id = c - > ctr6 - > source_dsa_invocation_id ;
uptodateness_vector = c - > ctr6 - > uptodateness_vector ;
break ;
default :
return NT_STATUS_INVALID_PARAMETER ;
}
2010-01-17 21:59:56 +11:00
s_dsa - > replica_flags = DRSUAPI_DRS_WRIT_REP
| DRSUAPI_DRS_INIT_SYNC
| DRSUAPI_DRS_PER_SYNC ;
2008-04-09 12:02:11 +10:00
memset ( s_dsa - > schedule , 0x11 , sizeof ( s_dsa - > schedule ) ) ;
tmp_dns_name = GUID_string ( s_dsa - > other_info , & s_dsa - > source_dsa_obj_guid ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp_dns_name ) ;
tmp_dns_name = talloc_asprintf_append_buffer ( tmp_dns_name , " ._msdcs.%s " , c - > forest - > dns_name ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp_dns_name ) ;
s_dsa - > other_info - > dns_name = tmp_dns_name ;
for ( cur = first_object ; cur ; cur = cur - > next_object ) {
bool is_attr = false ;
bool is_class = false ;
for ( i = 0 ; i < cur - > object . attribute_ctr . num_attributes ; i + + ) {
struct drsuapi_DsReplicaAttribute * a ;
uint32_t j ;
const char * oid = NULL ;
a = & cur - > object . attribute_ctr . attributes [ i ] ;
2009-10-26 03:47:41 +02:00
status = dsdb_schema_pfm_oid_from_attid ( s - > self_made_schema - > prefixmap ,
a - > attid , s , & oid ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
return werror_to_ntstatus ( status ) ;
}
switch ( a - > attid ) {
case DRSUAPI_ATTRIBUTE_objectClass :
for ( j = 0 ; j < a - > value_ctr . num_values ; j + + ) {
uint32_t val = 0xFFFFFFFF ;
2009-09-10 01:26:34 +10:00
if ( a - > value_ctr . values [ j ] . blob
& & a - > value_ctr . values [ j ] . blob - > length = = 4 ) {
val = IVAL ( a - > value_ctr . values [ j ] . blob - > data , 0 ) ;
2008-04-09 12:02:11 +10:00
}
if ( val = = DRSUAPI_OBJECTCLASS_attributeSchema ) {
is_attr = true ;
}
if ( val = = DRSUAPI_OBJECTCLASS_classSchema ) {
is_class = true ;
}
}
break ;
default :
break ;
}
2005-05-02 14:17:19 +00:00
}
2007-11-03 11:21:04 +01:00
2008-04-09 12:02:11 +10:00
if ( is_attr ) {
struct dsdb_attribute * sa ;
sa = talloc_zero ( s - > self_made_schema , struct dsdb_attribute ) ;
NT_STATUS_HAVE_NO_MEMORY ( sa ) ;
2009-04-02 16:42:21 +11:00
status = dsdb_attribute_from_drsuapi ( s - > ldb , s - > self_made_schema , & cur - > object , s , sa ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
return werror_to_ntstatus ( status ) ;
2007-11-03 11:21:04 +01:00
}
2008-04-09 12:02:11 +10:00
DLIST_ADD_END ( s - > self_made_schema - > attributes , sa , struct dsdb_attribute * ) ;
2007-11-03 11:21:04 +01:00
}
2008-04-09 12:02:11 +10:00
if ( is_class ) {
struct dsdb_class * sc ;
sc = talloc_zero ( s - > self_made_schema , struct dsdb_class ) ;
NT_STATUS_HAVE_NO_MEMORY ( sc ) ;
2009-11-16 18:40:24 +11:00
status = dsdb_class_from_drsuapi ( s - > ldb , s - > self_made_schema , & cur - > object , s , sc ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
return werror_to_ntstatus ( status ) ;
2007-11-03 11:21:04 +01:00
}
2008-04-09 12:02:11 +10:00
DLIST_ADD_END ( s - > self_made_schema - > classes , sc , struct dsdb_class * ) ;
2007-11-03 11:21:04 +01:00
}
2005-05-02 14:17:19 +00:00
}
2008-04-09 12:02:11 +10:00
/* attach the schema to the ldb */
ret = dsdb_set_schema ( s - > ldb , s - > self_made_schema ) ;
if ( ret ! = LDB_SUCCESS ) {
return NT_STATUS_FOOBAR ;
}
/* we don't want to access the self made schema anymore */
2009-11-09 21:26:02 +11:00
s - > schema = s - > self_made_schema ;
2008-04-09 12:02:11 +10:00
s - > self_made_schema = NULL ;
2009-11-09 21:26:02 +11:00
/* Now convert the schema elements again, using the schema we just imported */
status = dsdb_extended_replicated_objects_convert ( s - > ldb ,
c - > partition - > nc . dn ,
mapping_ctr ,
object_count ,
first_object ,
linked_attributes_count ,
linked_attributes ,
s_dsa ,
uptodateness_vector ,
c - > gensec_skey ,
s , & objs ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Failed to commit objects: %s \n " , win_errstr ( status ) ) ) ;
return werror_to_ntstatus ( status ) ;
}
2005-05-21 06:31:02 +00:00
2008-04-09 12:02:11 +10:00
if ( lp_parm_bool ( s - > lp_ctx , NULL , " become dc " , " dump objects " , false ) ) {
for ( i = 0 ; i < objs - > num_objects ; i + + ) {
struct ldb_ldif ldif ;
fprintf ( stdout , " # \n " ) ;
ldif . changetype = LDB_CHANGETYPE_NONE ;
ldif . msg = objs - > objects [ i ] . msg ;
ldb_ldif_write_file ( s - > ldb , stdout , & ldif ) ;
NDR_PRINT_DEBUG ( replPropertyMetaDataBlob , objs - > objects [ i ] . meta_data ) ;
}
}
2009-11-09 21:26:02 +11:00
status = dsdb_extended_replicated_objects_commit ( s - > ldb , objs , & seq_num ) ;
if ( ! W_ERROR_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Failed to commit objects: %s \n " , win_errstr ( status ) ) ) ;
return werror_to_ntstatus ( status ) ;
}
2008-04-09 12:02:11 +10:00
msg = ldb_msg_new ( objs ) ;
NT_STATUS_HAVE_NO_MEMORY ( msg ) ;
msg - > dn = objs - > partition_dn ;
status = dsdb_get_oid_mappings_ldb ( s - > schema , msg , & prefixMap_val , & schemaInfo_val ) ;
if ( ! W_ERROR_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Failed dsdb_get_oid_mappings_ldb(%s) \n " , win_errstr ( status ) ) ) ;
return werror_to_ntstatus ( status ) ;
}
/* we only add prefixMap here, because schemaInfo is a replicated attribute and already applied */
ret = ldb_msg_add_value ( msg , " prefixMap " , & prefixMap_val , & prefixMap_el ) ;
if ( ret ! = LDB_SUCCESS ) {
return NT_STATUS_FOOBAR ;
}
prefixMap_el - > flags = LDB_FLAG_MOD_REPLACE ;
ret = ldb_modify ( s - > ldb , msg ) ;
if ( ret ! = LDB_SUCCESS ) {
DEBUG ( 0 , ( " Failed to add prefixMap and schemaInfo %s \n " , ldb_strerror ( ret ) ) ) ;
return NT_STATUS_FOOBAR ;
}
talloc_free ( s_dsa ) ;
talloc_free ( objs ) ;
2009-09-02 16:57:25 +10:00
/* We must set these up to ensure the replMetaData is written
* correctly , before our NTDS Settings entry is replicated */
2008-04-09 12:02:11 +10:00
ok = samdb_set_ntds_invocation_id ( s - > ldb , & c - > dest_dsa - > invocation_id ) ;
if ( ! ok ) {
DEBUG ( 0 , ( " Failed to set cached ntds invocationId \n " ) ) ;
return NT_STATUS_FOOBAR ;
}
ok = samdb_set_ntds_objectGUID ( s - > ldb , & c - > dest_dsa - > ntds_guid ) ;
if ( ! ok ) {
DEBUG ( 0 , ( " Failed to set cached ntds objectGUID \n " ) ) ;
return NT_STATUS_FOOBAR ;
}
s - > schema = dsdb_get_schema ( s - > ldb ) ;
if ( ! s - > schema ) {
DEBUG ( 0 , ( " Failed to get loaded dsdb_schema \n " ) ) ;
return NT_STATUS_FOOBAR ;
}
2005-05-21 06:31:02 +00:00
return NT_STATUS_OK ;
}
2008-04-09 12:02:11 +10:00
static NTSTATUS vampire_schema_chunk ( void * private_data ,
const struct libnet_BecomeDC_StoreChunk * c )
2005-05-03 14:38:14 +00:00
{
2008-04-09 12:02:11 +10:00
struct vampire_state * s = talloc_get_type ( private_data , struct vampire_state ) ;
WERROR status ;
const struct drsuapi_DsReplicaOIDMapping_Ctr * mapping_ctr ;
2008-07-15 16:59:09 +02:00
uint32_t nc_object_count ;
2008-04-09 12:02:11 +10:00
uint32_t object_count ;
struct drsuapi_DsReplicaObjectListItemEx * first_object ;
struct drsuapi_DsReplicaObjectListItemEx * cur ;
2008-07-16 13:02:54 +02:00
uint32_t nc_linked_attributes_count ;
uint32_t linked_attributes_count ;
2009-09-03 18:31:45 +10:00
struct drsuapi_DsReplicaLinkedAttribute * linked_attributes ;
2008-04-09 12:02:11 +10:00
switch ( c - > ctr_level ) {
case 1 :
2008-07-16 13:02:54 +02:00
mapping_ctr = & c - > ctr1 - > mapping_ctr ;
nc_object_count = c - > ctr1 - > extended_ret ; /* maybe w2k send this unexpected? */
object_count = c - > ctr1 - > object_count ;
first_object = c - > ctr1 - > first_object ;
nc_linked_attributes_count = 0 ;
linked_attributes_count = 0 ;
2009-09-03 18:31:45 +10:00
linked_attributes = NULL ;
2005-05-03 14:38:14 +00:00
break ;
2008-04-09 12:02:11 +10:00
case 6 :
2008-07-16 13:02:54 +02:00
mapping_ctr = & c - > ctr6 - > mapping_ctr ;
nc_object_count = c - > ctr6 - > nc_object_count ;
object_count = c - > ctr6 - > object_count ;
first_object = c - > ctr6 - > first_object ;
nc_linked_attributes_count = c - > ctr6 - > nc_linked_attributes_count ;
linked_attributes_count = c - > ctr6 - > linked_attributes_count ;
2009-09-03 18:31:45 +10:00
linked_attributes = c - > ctr6 - > linked_attributes ;
2005-05-21 06:31:02 +00:00
break ;
2005-07-25 01:19:16 +00:00
default :
2008-04-09 12:02:11 +10:00
return NT_STATUS_INVALID_PARAMETER ;
2005-05-03 14:38:14 +00:00
}
2005-05-02 14:17:19 +00:00
2008-07-15 16:59:09 +02:00
if ( nc_object_count ) {
2008-07-16 13:02:54 +02:00
DEBUG ( 0 , ( " Schema-DN[%s] objects[%u/%u] linked_values[%u/%u] \n " ,
c - > partition - > nc . dn , object_count , nc_object_count ,
linked_attributes_count , nc_linked_attributes_count ) ) ;
2008-04-09 12:02:11 +10:00
} else {
2009-09-25 20:47:06 -07:00
DEBUG ( 0 , ( " Schema-DN[%s] objects[%u] linked_values[%u] \n " ,
2008-07-16 13:02:54 +02:00
c - > partition - > nc . dn , object_count , linked_attributes_count ) ) ;
2008-04-09 12:02:11 +10:00
}
if ( ! s - > schema ) {
s - > self_made_schema = dsdb_new_schema ( s , lp_iconv_convenience ( s - > lp_ctx ) ) ;
NT_STATUS_HAVE_NO_MEMORY ( s - > self_made_schema ) ;
2009-11-03 09:05:51 +01:00
status = dsdb_load_prefixmap_from_drsuapi ( s - > self_made_schema , mapping_ctr ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
return werror_to_ntstatus ( status ) ;
2005-07-25 02:23:41 +00:00
}
2008-04-09 12:02:11 +10:00
s - > schema = s - > self_made_schema ;
} else {
2009-10-26 03:06:16 +02:00
status = dsdb_schema_pfm_contains_drsuapi_pfm ( s - > schema - > prefixmap , mapping_ctr ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
return werror_to_ntstatus ( status ) ;
2005-07-25 02:23:41 +00:00
}
2008-04-09 12:02:11 +10:00
}
if ( ! s - > schema_part . first_object ) {
s - > schema_part . object_count = object_count ;
s - > schema_part . first_object = talloc_steal ( s , first_object ) ;
2005-07-25 02:23:41 +00:00
} else {
2008-04-09 12:02:11 +10:00
s - > schema_part . object_count + = object_count ;
s - > schema_part . last_object - > next_object = talloc_steal ( s - > schema_part . last_object ,
first_object ) ;
2005-05-02 14:17:19 +00:00
}
2008-04-09 12:02:11 +10:00
for ( cur = first_object ; cur - > next_object ; cur = cur - > next_object ) { }
s - > schema_part . last_object = cur ;
2005-07-25 02:23:41 +00:00
2008-07-16 13:01:56 +02:00
if ( ! c - > partition - > more_data ) {
2008-04-09 12:02:11 +10:00
return vampire_apply_schema ( s , c ) ;
2005-05-02 14:17:19 +00:00
}
2008-04-09 12:02:11 +10:00
return NT_STATUS_OK ;
}
static NTSTATUS vampire_store_chunk ( void * private_data ,
const struct libnet_BecomeDC_StoreChunk * c )
{
struct vampire_state * s = talloc_get_type ( private_data , struct vampire_state ) ;
WERROR status ;
const struct drsuapi_DsReplicaOIDMapping_Ctr * mapping_ctr ;
2008-07-15 16:59:09 +02:00
uint32_t nc_object_count ;
2008-04-09 12:02:11 +10:00
uint32_t object_count ;
struct drsuapi_DsReplicaObjectListItemEx * first_object ;
2008-07-16 13:02:54 +02:00
uint32_t nc_linked_attributes_count ;
2008-04-09 12:02:11 +10:00
uint32_t linked_attributes_count ;
struct drsuapi_DsReplicaLinkedAttribute * linked_attributes ;
const struct drsuapi_DsReplicaCursor2CtrEx * uptodateness_vector ;
struct dsdb_extended_replicated_objects * objs ;
struct repsFromTo1 * s_dsa ;
char * tmp_dns_name ;
uint32_t i ;
2009-09-15 14:42:26 -07:00
uint64_t seq_num ;
2008-04-09 12:02:11 +10:00
s_dsa = talloc_zero ( s , struct repsFromTo1 ) ;
NT_STATUS_HAVE_NO_MEMORY ( s_dsa ) ;
s_dsa - > other_info = talloc ( s_dsa , struct repsFromTo1OtherInfo ) ;
NT_STATUS_HAVE_NO_MEMORY ( s_dsa - > other_info ) ;
switch ( c - > ctr_level ) {
case 1 :
mapping_ctr = & c - > ctr1 - > mapping_ctr ;
2008-07-15 16:59:09 +02:00
nc_object_count = c - > ctr1 - > extended_ret ; /* maybe w2k send this unexpected? */
2008-04-09 12:02:11 +10:00
object_count = c - > ctr1 - > object_count ;
first_object = c - > ctr1 - > first_object ;
2008-07-16 13:02:54 +02:00
nc_linked_attributes_count = 0 ;
2008-04-09 12:02:11 +10:00
linked_attributes_count = 0 ;
linked_attributes = NULL ;
s_dsa - > highwatermark = c - > ctr1 - > new_highwatermark ;
s_dsa - > source_dsa_obj_guid = c - > ctr1 - > source_dsa_guid ;
s_dsa - > source_dsa_invocation_id = c - > ctr1 - > source_dsa_invocation_id ;
uptodateness_vector = NULL ; /* TODO: map it */
break ;
case 6 :
mapping_ctr = & c - > ctr6 - > mapping_ctr ;
2008-07-15 16:59:09 +02:00
nc_object_count = c - > ctr6 - > nc_object_count ;
2008-04-09 12:02:11 +10:00
object_count = c - > ctr6 - > object_count ;
first_object = c - > ctr6 - > first_object ;
2008-07-16 13:02:54 +02:00
nc_linked_attributes_count = c - > ctr6 - > nc_linked_attributes_count ;
2008-04-09 12:02:11 +10:00
linked_attributes_count = c - > ctr6 - > linked_attributes_count ;
linked_attributes = c - > ctr6 - > linked_attributes ;
s_dsa - > highwatermark = c - > ctr6 - > new_highwatermark ;
s_dsa - > source_dsa_obj_guid = c - > ctr6 - > source_dsa_guid ;
s_dsa - > source_dsa_invocation_id = c - > ctr6 - > source_dsa_invocation_id ;
uptodateness_vector = c - > ctr6 - > uptodateness_vector ;
break ;
default :
return NT_STATUS_INVALID_PARAMETER ;
2006-01-12 09:33:49 +00:00
}
2010-01-17 21:59:56 +11:00
s_dsa - > replica_flags = DRSUAPI_DRS_WRIT_REP
| DRSUAPI_DRS_INIT_SYNC
| DRSUAPI_DRS_PER_SYNC ;
2008-04-09 12:02:11 +10:00
memset ( s_dsa - > schedule , 0x11 , sizeof ( s_dsa - > schedule ) ) ;
tmp_dns_name = GUID_string ( s_dsa - > other_info , & s_dsa - > source_dsa_obj_guid ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp_dns_name ) ;
tmp_dns_name = talloc_asprintf_append_buffer ( tmp_dns_name , " ._msdcs.%s " , c - > forest - > dns_name ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp_dns_name ) ;
s_dsa - > other_info - > dns_name = tmp_dns_name ;
2009-09-03 18:31:45 +10:00
/* we want to show a count per partition */
if ( ! s - > last_partition | | strcmp ( s - > last_partition , c - > partition - > nc . dn ) ! = 0 ) {
s - > total_objects = 0 ;
talloc_free ( s - > last_partition ) ;
s - > last_partition = talloc_strdup ( s , c - > partition - > nc . dn ) ;
}
s - > total_objects + = object_count ;
2008-07-15 16:59:09 +02:00
if ( nc_object_count ) {
2008-07-16 13:02:54 +02:00
DEBUG ( 0 , ( " Partition[%s] objects[%u/%u] linked_values[%u/%u] \n " ,
2009-09-03 18:31:45 +10:00
c - > partition - > nc . dn , s - > total_objects , nc_object_count ,
2008-07-16 13:02:54 +02:00
linked_attributes_count , nc_linked_attributes_count ) ) ;
2006-01-12 09:33:49 +00:00
} else {
2009-09-25 20:47:06 -07:00
DEBUG ( 0 , ( " Partition[%s] objects[%u] linked_values[%u] \n " ,
2009-09-03 18:31:45 +10:00
c - > partition - > nc . dn , s - > total_objects , linked_attributes_count ) ) ;
2006-01-12 09:33:49 +00:00
}
2008-04-09 12:02:11 +10:00
2009-09-03 18:31:45 +10:00
2009-11-09 21:26:02 +11:00
status = dsdb_extended_replicated_objects_convert ( s - > ldb ,
c - > partition - > nc . dn ,
mapping_ctr ,
object_count ,
first_object ,
linked_attributes_count ,
linked_attributes ,
s_dsa ,
uptodateness_vector ,
c - > gensec_skey ,
s , & objs ) ;
2008-04-09 12:02:11 +10:00
if ( ! W_ERROR_IS_OK ( status ) ) {
2009-11-09 21:26:02 +11:00
DEBUG ( 0 , ( " Failed to convert objects: %s \n " , win_errstr ( status ) ) ) ;
2008-04-09 12:02:11 +10:00
return werror_to_ntstatus ( status ) ;
2006-01-12 09:33:49 +00:00
}
2008-04-09 12:02:11 +10:00
if ( lp_parm_bool ( s - > lp_ctx , NULL , " become dc " , " dump objects " , false ) ) {
for ( i = 0 ; i < objs - > num_objects ; i + + ) {
struct ldb_ldif ldif ;
fprintf ( stdout , " # \n " ) ;
ldif . changetype = LDB_CHANGETYPE_NONE ;
ldif . msg = objs - > objects [ i ] . msg ;
ldb_ldif_write_file ( s - > ldb , stdout , & ldif ) ;
NDR_PRINT_DEBUG ( replPropertyMetaDataBlob , objs - > objects [ i ] . meta_data ) ;
2006-01-12 21:42:26 +00:00
}
2005-05-02 14:17:19 +00:00
}
2009-11-09 21:26:02 +11:00
status = dsdb_extended_replicated_objects_commit ( s - > ldb ,
objs , & seq_num ) ;
if ( ! W_ERROR_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Failed to commit objects: %s \n " , win_errstr ( status ) ) ) ;
return werror_to_ntstatus ( status ) ;
}
2008-04-09 12:02:11 +10:00
talloc_free ( s_dsa ) ;
talloc_free ( objs ) ;
2005-05-02 14:17:19 +00:00
2008-04-09 12:02:11 +10:00
for ( i = 0 ; i < linked_attributes_count ; i + + ) {
const struct dsdb_attribute * sa ;
2006-01-12 09:33:49 +00:00
2008-04-09 12:02:11 +10:00
if ( ! linked_attributes [ i ] . identifier ) {
return NT_STATUS_FOOBAR ;
}
2006-01-12 09:33:49 +00:00
2008-04-09 12:02:11 +10:00
if ( ! linked_attributes [ i ] . value . blob ) {
return NT_STATUS_FOOBAR ;
}
2005-05-02 14:17:19 +00:00
2008-04-09 12:02:11 +10:00
sa = dsdb_attribute_by_attributeID_id ( s - > schema ,
linked_attributes [ i ] . attid ) ;
if ( ! sa ) {
return NT_STATUS_FOOBAR ;
}
2005-05-02 14:17:19 +00:00
2008-04-09 12:02:11 +10:00
if ( lp_parm_bool ( s - > lp_ctx , NULL , " become dc " , " dump objects " , false ) ) {
DEBUG ( 0 , ( " # %s \n " , sa - > lDAPDisplayName ) ) ;
NDR_PRINT_DEBUG ( drsuapi_DsReplicaLinkedAttribute , & linked_attributes [ i ] ) ;
dump_data ( 0 ,
linked_attributes [ i ] . value . blob - > data ,
linked_attributes [ i ] . value . blob - > length ) ;
}
2005-05-02 14:17:19 +00:00
}
2008-04-09 12:02:11 +10:00
return NT_STATUS_OK ;
}
2008-04-09 14:59:32 +10:00
NTSTATUS libnet_Vampire ( struct libnet_context * ctx , TALLOC_CTX * mem_ctx ,
struct libnet_Vampire * r )
2008-04-09 12:02:11 +10:00
{
struct libnet_JoinDomain * join ;
2009-09-20 16:27:24 -07:00
struct provision_store_self_join_settings * set_secrets ;
2008-04-09 12:02:11 +10:00
struct libnet_BecomeDC b ;
struct vampire_state * s ;
struct ldb_message * msg ;
2009-09-20 16:27:24 -07:00
const char * error_string ;
2008-04-09 12:02:11 +10:00
int ldb_ret ;
uint32_t i ;
NTSTATUS status ;
const char * account_name ;
const char * netbios_name ;
2006-01-13 12:52:56 +00:00
2008-04-09 12:02:11 +10:00
r - > out . error_string = NULL ;
2008-04-17 12:23:44 +02:00
s = talloc_zero ( mem_ctx , struct vampire_state ) ;
2008-04-09 12:02:11 +10:00
if ( ! s ) {
return NT_STATUS_NO_MEMORY ;
}
2008-04-14 17:58:09 +02:00
s - > lp_ctx = ctx - > lp_ctx ;
2008-04-17 12:23:44 +02:00
s - > event_ctx = ctx - > event_ctx ;
2008-04-14 17:58:09 +02:00
2008-04-09 12:02:11 +10:00
join = talloc_zero ( s , struct libnet_JoinDomain ) ;
if ( ! join ) {
return NT_STATUS_NO_MEMORY ;
}
if ( r - > in . netbios_name ! = NULL ) {
netbios_name = r - > in . netbios_name ;
} else {
netbios_name = talloc_reference ( join , lp_netbios_name ( ctx - > lp_ctx ) ) ;
if ( ! netbios_name ) {
r - > out . error_string = NULL ;
talloc_free ( s ) ;
return NT_STATUS_NO_MEMORY ;
2006-01-13 12:52:56 +00:00
}
}
2008-04-09 12:02:11 +10:00
account_name = talloc_asprintf ( join , " %s$ " , netbios_name ) ;
if ( ! account_name ) {
r - > out . error_string = NULL ;
talloc_free ( s ) ;
return NT_STATUS_NO_MEMORY ;
}
join - > in . domain_name = r - > in . domain_name ;
join - > in . account_name = account_name ;
join - > in . netbios_name = netbios_name ;
join - > in . level = LIBNET_JOINDOMAIN_AUTOMATIC ;
join - > in . acct_type = ACB_WSTRUST ;
join - > in . recreate_account = false ;
status = libnet_JoinDomain ( ctx , join , join ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
r - > out . error_string = talloc_steal ( mem_ctx , join - > out . error_string ) ;
talloc_free ( s ) ;
return status ;
}
s - > join = join ;
2008-04-09 14:59:32 +10:00
s - > targetdir = r - > in . targetdir ;
2008-04-09 12:02:11 +10:00
ZERO_STRUCT ( b ) ;
b . in . domain_dns_name = join - > out . realm ;
b . in . domain_netbios_name = join - > out . domain_name ;
b . in . domain_sid = join - > out . domain_sid ;
b . in . source_dsa_address = join - > out . samr_binding - > host ;
b . in . dest_dsa_netbios_name = netbios_name ;
b . in . callbacks . private_data = s ;
b . in . callbacks . check_options = vampire_check_options ;
b . in . callbacks . prepare_db = vampire_prepare_db ;
b . in . callbacks . schema_chunk = vampire_schema_chunk ;
b . in . callbacks . config_chunk = vampire_store_chunk ;
b . in . callbacks . domain_chunk = vampire_store_chunk ;
2010-02-17 18:01:31 +02:00
b . in . rodc_join = lp_parm_bool ( s - > lp_ctx , NULL , " repl " , " RODC " , false ) ;
2008-04-09 14:59:32 +10:00
status = libnet_BecomeDC ( ctx , s , & b ) ;
2008-04-09 12:02:11 +10:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " libnet_BecomeDC() failed - %s \n " , nt_errstr ( status ) ) ;
talloc_free ( s ) ;
return status ;
}
2005-05-02 14:17:19 +00:00
2008-04-09 12:02:11 +10:00
msg = ldb_msg_new ( s ) ;
if ( ! msg ) {
printf ( " ldb_msg_new() failed \n " ) ;
talloc_free ( s ) ;
return NT_STATUS_NO_MEMORY ;
}
msg - > dn = ldb_dn_new ( msg , s - > ldb , " @ROOTDSE " ) ;
if ( ! msg - > dn ) {
printf ( " ldb_msg_new(@ROOTDSE) failed \n " ) ;
talloc_free ( s ) ;
return NT_STATUS_NO_MEMORY ;
2005-05-02 14:17:19 +00:00
}
2008-04-09 12:02:11 +10:00
ldb_ret = ldb_msg_add_string ( msg , " isSynchronized " , " TRUE " ) ;
if ( ldb_ret ! = LDB_SUCCESS ) {
printf ( " ldb_msg_add_string(msg, isSynchronized, TRUE) failed: %d \n " , ldb_ret ) ;
talloc_free ( s ) ;
return NT_STATUS_NO_MEMORY ;
}
2005-05-02 14:17:19 +00:00
2008-04-09 12:02:11 +10:00
for ( i = 0 ; i < msg - > num_elements ; i + + ) {
msg - > elements [ i ] . flags = LDB_FLAG_MOD_REPLACE ;
}
2006-01-12 09:33:49 +00:00
2008-04-09 12:02:11 +10:00
printf ( " mark ROOTDSE with isSynchronized=TRUE \n " ) ;
ldb_ret = ldb_modify ( s - > ldb , msg ) ;
if ( ldb_ret ! = LDB_SUCCESS ) {
2010-01-07 12:19:42 +11:00
printf ( " ldb_modify() failed: %d : %s \n " , ldb_ret , ldb_errstring ( s - > ldb ) ) ;
2008-04-09 12:02:11 +10:00
talloc_free ( s ) ;
return NT_STATUS_INTERNAL_DB_ERROR ;
2005-05-03 14:38:14 +00:00
}
2008-04-09 14:59:32 +10:00
2009-09-20 16:27:24 -07:00
/* prepare the transaction - this prepares to commit all the changes in
the ldb from the whole vampire . Note that this
2009-09-02 16:57:25 +10:00
triggers the writing of the linked attribute backlinks .
*/
2009-09-20 16:27:24 -07:00
if ( ldb_transaction_prepare_commit ( s - > ldb ) ! = LDB_SUCCESS ) {
2010-01-07 12:19:42 +11:00
printf ( " Failed to prepare_commit vampire transaction: %s \n " , ldb_errstring ( s - > ldb ) ) ;
2009-09-02 16:57:25 +10:00
return NT_STATUS_INTERNAL_DB_ERROR ;
}
2009-09-20 16:27:24 -07:00
set_secrets = talloc ( s , struct provision_store_self_join_settings ) ;
2008-04-09 14:59:32 +10:00
if ( ! set_secrets ) {
2009-09-20 16:27:24 -07:00
r - > out . error_string = NULL ;
talloc_free ( s ) ;
2008-04-09 14:59:32 +10:00
return NT_STATUS_NO_MEMORY ;
}
2009-09-20 16:27:24 -07:00
ZERO_STRUCTP ( set_secrets ) ;
set_secrets - > domain_name = join - > out . domain_name ;
set_secrets - > realm = join - > out . realm ;
set_secrets - > account_name = account_name ;
set_secrets - > netbios_name = netbios_name ;
set_secrets - > secure_channel_type = SEC_CHAN_BDC ;
set_secrets - > machine_password = join - > out . join_password ;
set_secrets - > key_version_number = join - > out . kvno ;
set_secrets - > domain_sid = join - > out . domain_sid ;
status = provision_store_self_join ( ctx , ctx - > lp_ctx , ctx - > event_ctx , set_secrets , & error_string ) ;
2008-04-09 14:59:32 +10:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-09-20 16:27:24 -07:00
r - > out . error_string = talloc_steal ( mem_ctx , error_string ) ;
2008-04-09 14:59:32 +10:00
talloc_free ( s ) ;
return status ;
}
r - > out . domain_name = talloc_steal ( r , join - > out . domain_name ) ;
2009-09-24 10:33:36 -07:00
r - > out . domain_sid = dom_sid_dup ( r , join - > out . domain_sid ) ;
2008-04-09 14:59:32 +10:00
2009-09-20 16:27:24 -07:00
/* commit the transaction now we know the secrets were written
* out properly
*/
if ( ldb_transaction_commit ( s - > ldb ) ! = LDB_SUCCESS ) {
printf ( " Failed to commit vampire transaction \n " ) ;
return NT_STATUS_INTERNAL_DB_ERROR ;
}
talloc_free ( s ) ;
2008-04-09 14:59:32 +10:00
return NT_STATUS_OK ;
2005-05-03 14:38:14 +00:00
}