sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code
samba-mirror/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
Andrew Bartlett 99579e7063 s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication 
This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.

This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.

Azure AD will do a sequence of (roughly)

* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)

However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.

RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-13 21:59:29 +00:00

85 lines
3.0 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
endpoint server for the drsuapi pipe
Copyright (C) Stefan Metzmacher 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
this type allows us to distinguish handle types
*/
enum drsuapi_handle {
DRSUAPI_BIND_HANDLE,
};
/*
state asscoiated with a drsuapi_DsBind*() operation
*/
struct drsuapi_bind_state {
struct ldb_context *sam_ctx;
struct ldb_context *sam_ctx_system;
struct GUID remote_bind_guid;
struct drsuapi_DsBindInfoCtr *remote_info;
struct drsuapi_DsBindInfoCtr *local_info;
struct drsuapi_getncchanges_state *getncchanges_full_repl_state;
};
/* prototypes of internal functions */
WERROR drsuapi_UpdateRefs(struct imessaging_context *msg_ctx,
struct tevent_context *event_ctx,
struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaUpdateRefsRequest1 *req);
WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaUpdateRefs *r);
WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsGetNCChanges *r);
WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsAddEntry *r);
WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsWriteAccountSpn *r);
char *drs_ObjectIdentifier_to_string(TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaObjectIdentifier *nc);
int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_result **_res,
struct ldb_dn *basedn,
enum ldb_scope scope,
const char * const *attrs,
const char *filter);
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
const char* call, enum security_user_level minimum_level,
const struct dom_sid *domain_sid);
void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
struct drsuapi_DsReplicaMetaData *meta_data);
WERROR drs_security_access_check(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
struct security_token *token,
struct drsuapi_DsReplicaObjectIdentifier *nc,
const char *ext_right);
WERROR drs_security_access_check_nc_root(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
struct security_token *token,
struct drsuapi_DsReplicaObjectIdentifier *nc,
const char *ext_right);
View Git Blame Copy Permalink