s4-repl: added repl_secret handling

initiate a repl secret extended op when requested

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

source4/dsdb/repl/drepl_secret.c

@@ -28,6 +28,28 @@
 #include "dsdb/repl/drepl_service.h"
 #include "param/param.h"
 
+struct repl_secret_state {
+	const char *user_dn;
+};
+
+/*
+  called when a repl secret has completed
+ */
+static void drepl_repl_secret_callback(struct dreplsrv_service *service,
+				       WERROR werr,
+				       enum drsuapi_DsExtendedError ext_err,
+				       void *cb_data)
+{
+	struct repl_secret_state *state = talloc_get_type_abort(cb_data, struct repl_secret_state);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(3,(__location__ ": repl secret failed for user %s - %s: extended_ret[0x%X]\n",
+			 state->user_dn, win_errstr(werr), ext_err));
+	} else {
+		DEBUG(3,(__location__ ": repl secret completed OK for '%s'\n", state->user_dn));
+	}
+	talloc_free(state);
+}
+
 
 /**
  * Called when the auth code wants us to try and replicate
@@ -36,5 +58,79 @@
 void drepl_repl_secret(struct dreplsrv_service *service,
 		       const char *user_dn)
 {
-	DEBUG(0,(__location__ ": got drepl_repl_secret with %s\n", user_dn));
+	WERROR werr;
+	struct ldb_dn *nc_dn, *nc_root, *source_dsa_dn;
+	struct dreplsrv_partition *p;
+	struct GUID *source_dsa_guid;
+	struct repl_secret_state *state;
+	int ret;
+
+	state = talloc_zero(service, struct repl_secret_state);
+	if (state == NULL) {
+		/* nothing to do, no return value */
+		return;
+	}
+
+	/* keep a copy for logging in the callback */
+	state->user_dn = talloc_strdup(state, user_dn);
+
+	nc_dn = ldb_dn_new(state, service->samdb, user_dn);
+	if (!ldb_dn_validate(nc_dn)) {
+		DEBUG(0,(__location__ ": Failed to parse user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* work out which partition this is in */
+	ret = dsdb_find_nc_root(service->samdb, state, nc_dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find nc_root for user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* find the partition in our list */
+	for (p=service->partitions; p; p=p->next) {
+		if (ldb_dn_compare(p->dn, nc_root) == 0) {
+			break;
+		}
+	}
+	if (p == NULL) {
+		DEBUG(0,(__location__ ": Failed to find partition for nc_root '%s'\n", ldb_dn_get_linearized(nc_root)));
+		talloc_free(state);
+		return;
+	}
+
+	if (p->sources == NULL) {
+		DEBUG(0,(__location__ ": No sources for nc_root '%s' for user_dn '%s'\n",
+			 ldb_dn_get_linearized(nc_root), user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* use the first source, for no particularly good reason */
+	source_dsa_guid = &p->sources->repsFrom1->source_dsa_obj_guid;
+
+	source_dsa_dn = ldb_dn_new(state, service->samdb,
+				   talloc_asprintf(state, "<GUID=%s>",
+						   GUID_string(state, source_dsa_guid)));
+	if (!ldb_dn_validate(source_dsa_dn)) {
+		DEBUG(0,(__location__ ": Invalid source DSA GUID '%s' for user_dn '%s'\n",
+			 GUID_string(state, source_dsa_guid), user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	werr = drepl_request_extended_op(service,
+					 nc_dn,
+					 source_dsa_dn,
+					 DRSUAPI_EXOP_REPL_SECRET,
+					 0,
+					 drepl_repl_secret_callback, state);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(2,(__location__ ": Failed to setup secret replication for user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+	DEBUG(3,(__location__ ": started secret replication for %s\n", user_dn));
 }

source4/dsdb/wscript_build

@@ -25,7 +25,7 @@ bld.SAMBA_SUBSYSTEM('SAMDB_SCHEMA',
 
 
 bld.SAMBA_MODULE('DREPL_SRV',
-	source='repl/drepl_service.c repl/drepl_periodic.c repl/drepl_partitions.c repl/drepl_out_pull.c repl/drepl_out_helpers.c repl/drepl_notify.c repl/drepl_ridalloc.c repl/drepl_extended.c repl/drepl_fsmo.c',
+	source='repl/drepl_service.c repl/drepl_periodic.c repl/drepl_partitions.c repl/drepl_out_pull.c repl/drepl_out_helpers.c repl/drepl_notify.c repl/drepl_ridalloc.c repl/drepl_extended.c repl/drepl_fsmo.c repl/drepl_secret.c',
 	autoproto='repl/drepl_service_proto.h',
 	subsystem='service',
 	init_function='server_service_drepl_init',