Line data Source code
1 : /*
2 : Unix SMB/CIFS Implementation.
3 : DSDB replication service helper function for outgoing traffic
4 :
5 : Copyright (C) Stefan Metzmacher 2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 :
20 : */
21 :
22 : #include "includes.h"
23 : #include "dsdb/samdb/samdb.h"
24 : #include "auth/auth.h"
25 : #include "samba/service.h"
26 : #include "lib/events/events.h"
27 : #include "dsdb/repl/drepl_service.h"
28 : #include <ldb_errors.h>
29 : #include "../lib/util/dlinklist.h"
30 : #include "librpc/gen_ndr/ndr_misc.h"
31 : #include "librpc/gen_ndr/ndr_drsuapi.h"
32 : #include "librpc/gen_ndr/ndr_drsblobs.h"
33 : #include "libcli/composite/composite.h"
34 : #include "auth/gensec/gensec.h"
35 : #include "param/param.h"
36 : #include "../lib/util/tevent_ntstatus.h"
37 : #include "libcli/security/security.h"
38 :
39 : #undef DBGC_CLASS
40 : #define DBGC_CLASS DBGC_DRS_REPL
41 :
42 : struct dreplsrv_out_drsuapi_state {
43 : struct tevent_context *ev;
44 :
45 : struct dreplsrv_out_connection *conn;
46 :
47 : struct dreplsrv_drsuapi_connection *drsuapi;
48 :
49 : struct drsuapi_DsBindInfoCtr bind_info_ctr;
50 : struct drsuapi_DsBind bind_r;
51 : };
52 :
53 : static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq);
54 :
55 11389 : struct tevent_req *dreplsrv_out_drsuapi_send(TALLOC_CTX *mem_ctx,
56 : struct tevent_context *ev,
57 : struct dreplsrv_out_connection *conn)
58 : {
59 0 : struct tevent_req *req;
60 0 : struct dreplsrv_out_drsuapi_state *state;
61 0 : struct composite_context *creq;
62 :
63 11389 : req = tevent_req_create(mem_ctx, &state,
64 : struct dreplsrv_out_drsuapi_state);
65 11389 : if (req == NULL) {
66 0 : return NULL;
67 : }
68 :
69 11389 : state->ev = ev;
70 11389 : state->conn = conn;
71 11389 : state->drsuapi = conn->drsuapi;
72 :
73 11389 : if (state->drsuapi != NULL) {
74 5151 : struct dcerpc_binding_handle *b =
75 5151 : state->drsuapi->pipe->binding_handle;
76 5151 : bool is_connected = dcerpc_binding_handle_is_connected(b);
77 :
78 5151 : if (is_connected) {
79 5151 : tevent_req_done(req);
80 5151 : return tevent_req_post(req, ev);
81 : }
82 :
83 0 : TALLOC_FREE(conn->drsuapi);
84 : }
85 :
86 6238 : state->drsuapi = talloc_zero(state, struct dreplsrv_drsuapi_connection);
87 6238 : if (tevent_req_nomem(state->drsuapi, req)) {
88 0 : return tevent_req_post(req, ev);
89 : }
90 :
91 6238 : creq = dcerpc_pipe_connect_b_send(state, conn->binding, &ndr_table_drsuapi,
92 6238 : conn->service->system_session_info->credentials,
93 6238 : ev, conn->service->task->lp_ctx);
94 6238 : if (tevent_req_nomem(creq, req)) {
95 0 : return tevent_req_post(req, ev);
96 : }
97 6238 : composite_continue(NULL, creq, dreplsrv_out_drsuapi_connect_done, req);
98 :
99 6238 : return req;
100 : }
101 :
102 : static void dreplsrv_out_drsuapi_bind_done(struct tevent_req *subreq);
103 :
104 6238 : static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq)
105 : {
106 6238 : struct tevent_req *req = talloc_get_type(creq->async.private_data,
107 : struct tevent_req);
108 6238 : struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
109 : struct dreplsrv_out_drsuapi_state);
110 0 : NTSTATUS status;
111 0 : struct tevent_req *subreq;
112 :
113 6238 : status = dcerpc_pipe_connect_b_recv(creq,
114 6238 : state->drsuapi,
115 6238 : &state->drsuapi->pipe);
116 6238 : if (tevent_req_nterror(req, status)) {
117 6221 : return;
118 : }
119 :
120 17 : state->drsuapi->drsuapi_handle = state->drsuapi->pipe->binding_handle;
121 :
122 17 : status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state,
123 17 : state->drsuapi,
124 17 : &state->drsuapi->gensec_skey);
125 17 : if (tevent_req_nterror(req, status)) {
126 0 : return;
127 : }
128 :
129 17 : state->bind_info_ctr.length = 28;
130 17 : state->bind_info_ctr.info.info28 = state->conn->service->bind_info28;
131 :
132 17 : state->bind_r.in.bind_guid = &state->conn->service->ntds_guid;
133 17 : state->bind_r.in.bind_info = &state->bind_info_ctr;
134 17 : state->bind_r.out.bind_handle = &state->drsuapi->bind_handle;
135 :
136 17 : subreq = dcerpc_drsuapi_DsBind_r_send(state,
137 : state->ev,
138 17 : state->drsuapi->drsuapi_handle,
139 : &state->bind_r);
140 17 : if (tevent_req_nomem(subreq, req)) {
141 0 : return;
142 : }
143 17 : tevent_req_set_callback(subreq, dreplsrv_out_drsuapi_bind_done, req);
144 : }
145 :
146 17 : static void dreplsrv_out_drsuapi_bind_done(struct tevent_req *subreq)
147 : {
148 17 : struct tevent_req *req = tevent_req_callback_data(subreq,
149 : struct tevent_req);
150 17 : struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
151 : struct dreplsrv_out_drsuapi_state);
152 0 : NTSTATUS status;
153 :
154 17 : status = dcerpc_drsuapi_DsBind_r_recv(subreq, state);
155 17 : TALLOC_FREE(subreq);
156 17 : if (tevent_req_nterror(req, status)) {
157 0 : return;
158 : }
159 :
160 17 : if (!W_ERROR_IS_OK(state->bind_r.out.result)) {
161 0 : status = werror_to_ntstatus(state->bind_r.out.result);
162 0 : tevent_req_nterror(req, status);
163 0 : return;
164 : }
165 :
166 17 : ZERO_STRUCT(state->drsuapi->remote_info28);
167 17 : if (state->bind_r.out.bind_info) {
168 0 : struct drsuapi_DsBindInfo28 *info28;
169 17 : info28 = &state->drsuapi->remote_info28;
170 :
171 17 : switch (state->bind_r.out.bind_info->length) {
172 0 : case 24: {
173 0 : struct drsuapi_DsBindInfo24 *info24;
174 0 : info24 = &state->bind_r.out.bind_info->info.info24;
175 :
176 0 : info28->supported_extensions = info24->supported_extensions;
177 0 : info28->site_guid = info24->site_guid;
178 0 : info28->pid = info24->pid;
179 0 : info28->repl_epoch = 0;
180 0 : break;
181 : }
182 17 : case 28: {
183 17 : *info28 = state->bind_r.out.bind_info->info.info28;
184 17 : break;
185 : }
186 0 : case 32: {
187 0 : struct drsuapi_DsBindInfo32 *info32;
188 0 : info32 = &state->bind_r.out.bind_info->info.info32;
189 :
190 0 : info28->supported_extensions = info32->supported_extensions;
191 0 : info28->site_guid = info32->site_guid;
192 0 : info28->pid = info32->pid;
193 0 : info28->repl_epoch = info32->repl_epoch;
194 0 : break;
195 : }
196 0 : case 48: {
197 0 : struct drsuapi_DsBindInfo48 *info48;
198 0 : info48 = &state->bind_r.out.bind_info->info.info48;
199 :
200 0 : info28->supported_extensions = info48->supported_extensions;
201 0 : info28->site_guid = info48->site_guid;
202 0 : info28->pid = info48->pid;
203 0 : info28->repl_epoch = info48->repl_epoch;
204 0 : break;
205 : }
206 0 : case 52: {
207 0 : struct drsuapi_DsBindInfo52 *info52;
208 0 : info52 = &state->bind_r.out.bind_info->info.info52;
209 :
210 0 : info28->supported_extensions = info52->supported_extensions;
211 0 : info28->site_guid = info52->site_guid;
212 0 : info28->pid = info52->pid;
213 0 : info28->repl_epoch = info52->repl_epoch;
214 0 : break;
215 : }
216 0 : default:
217 0 : DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
218 : state->bind_r.out.bind_info->length));
219 0 : break;
220 : }
221 : }
222 :
223 17 : tevent_req_done(req);
224 : }
225 :
226 11389 : NTSTATUS dreplsrv_out_drsuapi_recv(struct tevent_req *req)
227 : {
228 11389 : struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
229 : struct dreplsrv_out_drsuapi_state);
230 0 : NTSTATUS status;
231 :
232 11389 : if (tevent_req_is_nterror(req, &status)) {
233 6221 : tevent_req_received(req);
234 6221 : return status;
235 : }
236 :
237 5168 : state->conn->drsuapi = talloc_move(state->conn, &state->drsuapi);
238 :
239 5168 : tevent_req_received(req);
240 5168 : return NT_STATUS_OK;
241 : }
242 :
243 : struct dreplsrv_op_pull_source_schema_cycle {
244 : struct repsFromTo1 repsFrom1;
245 : size_t object_count;
246 : struct drsuapi_DsReplicaObjectListItemEx *first_object;
247 : struct drsuapi_DsReplicaObjectListItemEx *last_object;
248 : uint32_t linked_attributes_count;
249 : struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
250 : };
251 :
252 : struct dreplsrv_op_pull_source_state {
253 : struct tevent_context *ev;
254 : struct dreplsrv_out_operation *op;
255 : void *ndr_struct_ptr;
256 : /*
257 : * Used when we have to re-try with a different NC, eg for
258 : * EXOP retry or to get a current schema first
259 : */
260 : struct dreplsrv_partition_source_dsa *source_dsa_retry;
261 : enum drsuapi_DsExtendedOperation extended_op_retry;
262 : bool retry_started;
263 : struct dreplsrv_op_pull_source_schema_cycle *schema_cycle;
264 : };
265 :
266 : static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq);
267 :
268 3945 : struct tevent_req *dreplsrv_op_pull_source_send(TALLOC_CTX *mem_ctx,
269 : struct tevent_context *ev,
270 : struct dreplsrv_out_operation *op)
271 : {
272 0 : struct tevent_req *req;
273 0 : struct dreplsrv_op_pull_source_state *state;
274 0 : struct tevent_req *subreq;
275 :
276 3945 : req = tevent_req_create(mem_ctx, &state,
277 : struct dreplsrv_op_pull_source_state);
278 3945 : if (req == NULL) {
279 0 : return NULL;
280 : }
281 3945 : state->ev = ev;
282 3945 : state->op = op;
283 :
284 3945 : subreq = dreplsrv_out_drsuapi_send(state, ev, op->source_dsa->conn);
285 3945 : if (tevent_req_nomem(subreq, req)) {
286 0 : return tevent_req_post(req, ev);
287 : }
288 3945 : tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, req);
289 :
290 3945 : return req;
291 : }
292 :
293 3926 : static bool dreplsrv_op_pull_source_detect_schema_cycle(struct tevent_req *req)
294 : {
295 0 : struct dreplsrv_op_pull_source_state *state =
296 3926 : tevent_req_data(req,
297 : struct dreplsrv_op_pull_source_state);
298 3926 : bool is_schema = false;
299 :
300 3926 : if (state->op->extended_op == DRSUAPI_EXOP_NONE) {
301 2053 : struct dreplsrv_out_operation *op = state->op;
302 2053 : struct dreplsrv_service *service = op->service;
303 2053 : struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
304 2053 : struct dreplsrv_partition *partition = op->source_dsa->partition;
305 :
306 2053 : is_schema = ldb_dn_compare(partition->dn, schema_dn) == 0;
307 : }
308 :
309 3926 : if (is_schema) {
310 0 : struct dreplsrv_op_pull_source_schema_cycle *sc;
311 :
312 127 : sc = talloc_zero(state,
313 : struct dreplsrv_op_pull_source_schema_cycle);
314 127 : if (tevent_req_nomem(sc, req)) {
315 0 : return false;
316 : }
317 127 : sc->repsFrom1 = *state->op->source_dsa->repsFrom1;
318 :
319 127 : state->schema_cycle = sc;
320 : }
321 :
322 3926 : return true;
323 : }
324 :
325 : static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req);
326 :
327 3945 : static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq)
328 : {
329 3945 : struct tevent_req *req = tevent_req_callback_data(subreq,
330 : struct tevent_req);
331 0 : NTSTATUS status;
332 0 : bool ok;
333 :
334 3945 : status = dreplsrv_out_drsuapi_recv(subreq);
335 3945 : TALLOC_FREE(subreq);
336 3945 : if (tevent_req_nterror(req, status)) {
337 25 : return;
338 : }
339 :
340 3920 : ok = dreplsrv_op_pull_source_detect_schema_cycle(req);
341 3920 : if (!ok) {
342 0 : return;
343 : }
344 :
345 3920 : dreplsrv_op_pull_source_get_changes_trigger(req);
346 : }
347 :
348 : static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq);
349 :
350 : /*
351 : get a RODC partial attribute set for a replication call
352 : */
353 2418 : static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service *service,
354 : TALLOC_CTX *mem_ctx,
355 : struct drsuapi_DsPartialAttributeSet **_pas,
356 : struct drsuapi_DsReplicaOIDMapping_Ctr **pfm,
357 : bool for_schema)
358 : {
359 0 : struct drsuapi_DsPartialAttributeSet *pas;
360 0 : struct dsdb_schema *schema;
361 0 : uint32_t i;
362 :
363 2418 : pas = talloc_zero(mem_ctx, struct drsuapi_DsPartialAttributeSet);
364 2418 : NT_STATUS_HAVE_NO_MEMORY(pas);
365 :
366 2418 : schema = dsdb_get_schema(service->samdb, NULL);
367 :
368 2418 : pas->version = 1;
369 2418 : pas->attids = talloc_array(pas, enum drsuapi_DsAttributeId, schema->num_attributes);
370 2418 : if (pas->attids == NULL) {
371 0 : TALLOC_FREE(pas);
372 0 : return NT_STATUS_NO_MEMORY;
373 : }
374 :
375 3182718 : for (i=0; i<schema->num_attributes; i++) {
376 0 : struct dsdb_attribute *a;
377 3180300 : a = schema->attributes_by_attributeID_id[i];
378 3180300 : if (a->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED | DS_FLAG_ATTR_IS_CONSTRUCTED)) {
379 292578 : continue;
380 : }
381 2887722 : if (a->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
382 14508 : continue;
383 : }
384 2873214 : pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, for_schema);
385 2873214 : pas->num_attids++;
386 : }
387 :
388 2418 : pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
389 2418 : if (pas->attids == NULL) {
390 0 : TALLOC_FREE(pas);
391 0 : return NT_STATUS_NO_MEMORY;
392 : }
393 :
394 2418 : *_pas = pas;
395 :
396 2418 : if (pfm != NULL) {
397 2418 : dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
398 : }
399 :
400 2418 : return NT_STATUS_OK;
401 : }
402 :
403 :
404 : /*
405 : get a GC partial attribute set for a replication call
406 : */
407 0 : static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *service,
408 : TALLOC_CTX *mem_ctx,
409 : struct drsuapi_DsPartialAttributeSet **_pas,
410 : struct drsuapi_DsReplicaOIDMapping_Ctr **pfm)
411 : {
412 0 : struct drsuapi_DsPartialAttributeSet *pas;
413 0 : struct dsdb_schema *schema;
414 0 : uint32_t i;
415 :
416 0 : pas = talloc_zero(mem_ctx, struct drsuapi_DsPartialAttributeSet);
417 0 : NT_STATUS_HAVE_NO_MEMORY(pas);
418 :
419 0 : schema = dsdb_get_schema(service->samdb, NULL);
420 :
421 0 : pas->version = 1;
422 0 : pas->attids = talloc_array(pas, enum drsuapi_DsAttributeId, schema->num_attributes);
423 0 : if (pas->attids == NULL) {
424 0 : TALLOC_FREE(pas);
425 0 : return NT_STATUS_NO_MEMORY;
426 : }
427 :
428 0 : for (i=0; i<schema->num_attributes; i++) {
429 0 : struct dsdb_attribute *a;
430 0 : a = schema->attributes_by_attributeID_id[i];
431 0 : if (a->isMemberOfPartialAttributeSet) {
432 0 : pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, false);
433 0 : pas->num_attids++;
434 : }
435 : }
436 :
437 0 : pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
438 0 : if (pas->attids == NULL) {
439 0 : TALLOC_FREE(pas);
440 0 : return NT_STATUS_NO_MEMORY;
441 : }
442 :
443 0 : *_pas = pas;
444 :
445 0 : if (pfm != NULL) {
446 0 : dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
447 : }
448 :
449 0 : return NT_STATUS_OK;
450 : }
451 :
452 : /*
453 : convert from one udv format to the other
454 : */
455 2785 : static WERROR udv_convert(TALLOC_CTX *mem_ctx,
456 : const struct replUpToDateVectorCtr2 *udv,
457 : struct drsuapi_DsReplicaCursorCtrEx *udv_ex)
458 : {
459 0 : uint32_t i;
460 :
461 2785 : udv_ex->version = 2;
462 2785 : udv_ex->reserved1 = 0;
463 2785 : udv_ex->reserved2 = 0;
464 2785 : udv_ex->count = udv->count;
465 2785 : udv_ex->cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, udv->count);
466 2785 : W_ERROR_HAVE_NO_MEMORY(udv_ex->cursors);
467 :
468 10147 : for (i=0; i<udv->count; i++) {
469 7362 : udv_ex->cursors[i].source_dsa_invocation_id = udv->cursors[i].source_dsa_invocation_id;
470 7362 : udv_ex->cursors[i].highest_usn = udv->cursors[i].highest_usn;
471 : }
472 :
473 2785 : return WERR_OK;
474 : }
475 :
476 :
477 4430 : static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
478 : {
479 4430 : struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
480 : struct dreplsrv_op_pull_source_state);
481 4430 : const struct repsFromTo1 *rf1 = state->op->source_dsa->repsFrom1;
482 4430 : struct dreplsrv_service *service = state->op->service;
483 4430 : struct dreplsrv_partition *partition = state->op->source_dsa->partition;
484 4430 : struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
485 0 : struct drsuapi_DsGetNCChanges *r;
486 0 : struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
487 0 : struct tevent_req *subreq;
488 4430 : struct drsuapi_DsPartialAttributeSet *pas = NULL;
489 0 : NTSTATUS status;
490 0 : uint32_t replica_flags;
491 0 : struct drsuapi_DsReplicaHighWaterMark highwatermark;
492 4430 : struct drsuapi_DsReplicaOIDMapping_Ctr *mappings = NULL;
493 4430 : bool is_schema = false;
494 :
495 4430 : if (state->schema_cycle != NULL) {
496 133 : is_schema = true;
497 133 : rf1 = &state->schema_cycle->repsFrom1;
498 : }
499 :
500 4430 : r = talloc(state, struct drsuapi_DsGetNCChanges);
501 4430 : if (tevent_req_nomem(r, req)) {
502 0 : return;
503 : }
504 :
505 4430 : r->out.level_out = talloc(r, uint32_t);
506 4430 : if (tevent_req_nomem(r->out.level_out, req)) {
507 0 : return;
508 : }
509 4430 : r->in.req = talloc(r, union drsuapi_DsGetNCChangesRequest);
510 4430 : if (tevent_req_nomem(r->in.req, req)) {
511 0 : return;
512 : }
513 4430 : r->out.ctr = talloc(r, union drsuapi_DsGetNCChangesCtr);
514 4430 : if (tevent_req_nomem(r->out.ctr, req)) {
515 0 : return;
516 : }
517 :
518 4430 : if (partition->uptodatevector.count != 0 &&
519 4430 : partition->uptodatevector_ex.count == 0) {
520 0 : WERROR werr;
521 2785 : werr = udv_convert(partition, &partition->uptodatevector, &partition->uptodatevector_ex);
522 2785 : if (!W_ERROR_IS_OK(werr)) {
523 0 : DEBUG(0,(__location__ ": Failed to convert UDV for %s : %s\n",
524 : ldb_dn_get_linearized(partition->dn), win_errstr(werr)));
525 0 : tevent_req_nterror(req, werror_to_ntstatus(werr));
526 0 : return;
527 : }
528 : }
529 :
530 4430 : if (partition->uptodatevector_ex.count == 0) {
531 0 : uptodateness_vector = NULL;
532 : } else {
533 4430 : uptodateness_vector = &partition->uptodatevector_ex;
534 : }
535 :
536 4430 : replica_flags = rf1->replica_flags;
537 4430 : highwatermark = rf1->highwatermark;
538 :
539 4430 : if (state->op->options & DRSUAPI_DRS_GET_ANC) {
540 43 : replica_flags |= DRSUAPI_DRS_GET_ANC;
541 : }
542 :
543 4430 : if (state->op->options & DRSUAPI_DRS_SYNC_FORCED) {
544 1118 : replica_flags |= DRSUAPI_DRS_SYNC_FORCED;
545 : }
546 :
547 4430 : if (partition->partial_replica) {
548 0 : status = dreplsrv_get_gc_partial_attribute_set(service, r,
549 : &pas,
550 : &mappings);
551 0 : if (!NT_STATUS_IS_OK(status)) {
552 0 : DEBUG(0,(__location__ ": Failed to construct GC partial attribute set : %s\n", nt_errstr(status)));
553 0 : tevent_req_nterror(req, status);
554 0 : return;
555 : }
556 0 : replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
557 4430 : } else if (partition->rodc_replica || state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
558 2418 : status = dreplsrv_get_rodc_partial_attribute_set(service, r,
559 : &pas,
560 : &mappings,
561 : is_schema);
562 2418 : if (!NT_STATUS_IS_OK(status)) {
563 0 : DEBUG(0,(__location__ ": Failed to construct RODC partial attribute set : %s\n", nt_errstr(status)));
564 0 : tevent_req_nterror(req, status);
565 0 : return;
566 : }
567 2418 : replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
568 2418 : if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
569 1849 : replica_flags &= ~DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
570 : } else {
571 569 : replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
572 : }
573 :
574 : /*
575 : * As per MS-DRSR:
576 : *
577 : * 4.1.10.4
578 : * Client Behavior When Sending the IDL_DRSGetNCChanges Request
579 : *
580 : * 4.1.10.4.1
581 : * ReplicateNCRequestMsg
582 : */
583 2418 : replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
584 : } else {
585 2012 : replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
586 : }
587 :
588 4430 : if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
589 : /*
590 : * If it's an exop never set the ADD_REF even if it's in
591 : * repsFrom flags.
592 : */
593 1873 : replica_flags &= ~DRSUAPI_DRS_ADD_REF;
594 : }
595 :
596 : /* is this a full resync of all objects? */
597 4430 : if (state->op->options & DRSUAPI_DRS_FULL_SYNC_NOW) {
598 10 : ZERO_STRUCT(highwatermark);
599 : /* clear the FULL_SYNC_NOW option for subsequent
600 : stages of the replication cycle */
601 10 : state->op->options &= ~DRSUAPI_DRS_FULL_SYNC_NOW;
602 10 : state->op->options |= DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS;
603 10 : replica_flags |= DRSUAPI_DRS_NEVER_SYNCED;
604 : }
605 4430 : if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
606 161 : uptodateness_vector = NULL;
607 : }
608 :
609 4430 : r->in.bind_handle = &drsuapi->bind_handle;
610 :
611 4430 : if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10) {
612 4430 : r->in.level = 10;
613 4430 : r->in.req->req10.destination_dsa_guid = service->ntds_guid;
614 4430 : r->in.req->req10.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
615 4430 : r->in.req->req10.naming_context = &partition->nc;
616 4430 : r->in.req->req10.highwatermark = highwatermark;
617 4430 : r->in.req->req10.uptodateness_vector = uptodateness_vector;
618 4430 : r->in.req->req10.replica_flags = replica_flags;
619 4430 : r->in.req->req10.max_object_count = 133;
620 4430 : r->in.req->req10.max_ndr_size = 1336811;
621 4430 : r->in.req->req10.extended_op = state->op->extended_op;
622 4430 : r->in.req->req10.fsmo_info = state->op->fsmo_info;
623 4430 : r->in.req->req10.partial_attribute_set = pas;
624 4430 : r->in.req->req10.partial_attribute_set_ex= NULL;
625 4430 : r->in.req->req10.mapping_ctr.num_mappings= mappings == NULL ? 0 : mappings->num_mappings;
626 4430 : r->in.req->req10.mapping_ctr.mappings = mappings == NULL ? NULL : mappings->mappings;
627 :
628 : /* the only difference to v8 is the more_flags */
629 4430 : r->in.req->req10.more_flags = state->op->more_flags;
630 :
631 0 : } else if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
632 0 : r->in.level = 8;
633 0 : r->in.req->req8.destination_dsa_guid = service->ntds_guid;
634 0 : r->in.req->req8.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
635 0 : r->in.req->req8.naming_context = &partition->nc;
636 0 : r->in.req->req8.highwatermark = highwatermark;
637 0 : r->in.req->req8.uptodateness_vector = uptodateness_vector;
638 0 : r->in.req->req8.replica_flags = replica_flags;
639 0 : r->in.req->req8.max_object_count = 133;
640 0 : r->in.req->req8.max_ndr_size = 1336811;
641 0 : r->in.req->req8.extended_op = state->op->extended_op;
642 0 : r->in.req->req8.fsmo_info = state->op->fsmo_info;
643 0 : r->in.req->req8.partial_attribute_set = pas;
644 0 : r->in.req->req8.partial_attribute_set_ex= NULL;
645 0 : r->in.req->req8.mapping_ctr.num_mappings= mappings == NULL ? 0 : mappings->num_mappings;
646 0 : r->in.req->req8.mapping_ctr.mappings = mappings == NULL ? NULL : mappings->mappings;
647 : } else {
648 0 : r->in.level = 5;
649 0 : r->in.req->req5.destination_dsa_guid = service->ntds_guid;
650 0 : r->in.req->req5.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
651 0 : r->in.req->req5.naming_context = &partition->nc;
652 0 : r->in.req->req5.highwatermark = highwatermark;
653 0 : r->in.req->req5.uptodateness_vector = uptodateness_vector;
654 0 : r->in.req->req5.replica_flags = replica_flags;
655 0 : r->in.req->req5.max_object_count = 133;
656 0 : r->in.req->req5.max_ndr_size = 1336770;
657 0 : r->in.req->req5.extended_op = state->op->extended_op;
658 0 : r->in.req->req5.fsmo_info = state->op->fsmo_info;
659 : }
660 :
661 : #if 0
662 : NDR_PRINT_IN_DEBUG(drsuapi_DsGetNCChanges, r);
663 : #endif
664 :
665 4430 : state->ndr_struct_ptr = r;
666 4430 : subreq = dcerpc_drsuapi_DsGetNCChanges_r_send(state,
667 : state->ev,
668 : drsuapi->drsuapi_handle,
669 : r);
670 4430 : if (tevent_req_nomem(subreq, req)) {
671 0 : return;
672 : }
673 4430 : tevent_req_set_callback(subreq, dreplsrv_op_pull_source_get_changes_done, req);
674 : }
675 :
676 : static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
677 : struct drsuapi_DsGetNCChanges *r,
678 : uint32_t ctr_level,
679 : struct drsuapi_DsGetNCChangesCtr1 *ctr1,
680 : struct drsuapi_DsGetNCChangesCtr6 *ctr6);
681 :
682 4430 : static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq)
683 : {
684 4430 : struct tevent_req *req = tevent_req_callback_data(subreq,
685 : struct tevent_req);
686 4430 : struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
687 : struct dreplsrv_op_pull_source_state);
688 0 : NTSTATUS status;
689 4430 : struct drsuapi_DsGetNCChanges *r = talloc_get_type(state->ndr_struct_ptr,
690 : struct drsuapi_DsGetNCChanges);
691 4430 : uint32_t ctr_level = 0;
692 4430 : struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
693 4430 : struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
694 4430 : enum drsuapi_DsExtendedError extended_ret = DRSUAPI_EXOP_ERR_NONE;
695 4430 : state->ndr_struct_ptr = NULL;
696 :
697 4430 : status = dcerpc_drsuapi_DsGetNCChanges_r_recv(subreq, r);
698 4430 : TALLOC_FREE(subreq);
699 4430 : if (tevent_req_nterror(req, status)) {
700 2016 : return;
701 : }
702 :
703 4430 : if (!W_ERROR_IS_OK(r->out.result)) {
704 2016 : status = werror_to_ntstatus(r->out.result);
705 2016 : tevent_req_nterror(req, status);
706 2016 : return;
707 : }
708 :
709 2414 : if (*r->out.level_out == 1) {
710 0 : ctr_level = 1;
711 0 : ctr1 = &r->out.ctr->ctr1;
712 2414 : } else if (*r->out.level_out == 2 &&
713 0 : r->out.ctr->ctr2.mszip1.ts) {
714 0 : ctr_level = 1;
715 0 : ctr1 = &r->out.ctr->ctr2.mszip1.ts->ctr1;
716 2414 : } else if (*r->out.level_out == 6) {
717 2414 : ctr_level = 6;
718 2414 : ctr6 = &r->out.ctr->ctr6;
719 0 : } else if (*r->out.level_out == 7 &&
720 0 : r->out.ctr->ctr7.level == 6 &&
721 0 : r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP &&
722 0 : r->out.ctr->ctr7.ctr.mszip6.ts) {
723 0 : ctr_level = 6;
724 0 : ctr6 = &r->out.ctr->ctr7.ctr.mszip6.ts->ctr6;
725 0 : } else if (*r->out.level_out == 7 &&
726 0 : r->out.ctr->ctr7.level == 6 &&
727 0 : r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2 &&
728 0 : r->out.ctr->ctr7.ctr.xpress6.ts) {
729 0 : ctr_level = 6;
730 0 : ctr6 = &r->out.ctr->ctr7.ctr.xpress6.ts->ctr6;
731 : } else {
732 0 : status = werror_to_ntstatus(WERR_BAD_NET_RESP);
733 0 : tevent_req_nterror(req, status);
734 0 : return;
735 : }
736 :
737 2414 : if (!ctr1 && !ctr6) {
738 0 : status = werror_to_ntstatus(WERR_BAD_NET_RESP);
739 0 : tevent_req_nterror(req, status);
740 0 : return;
741 : }
742 :
743 2414 : if (ctr_level == 6) {
744 2414 : if (!W_ERROR_IS_OK(ctr6->drs_error)) {
745 0 : status = werror_to_ntstatus(ctr6->drs_error);
746 0 : tevent_req_nterror(req, status);
747 0 : return;
748 : }
749 2414 : extended_ret = ctr6->extended_ret;
750 : }
751 :
752 2414 : if (ctr_level == 1) {
753 0 : extended_ret = ctr1->extended_ret;
754 : }
755 :
756 2414 : if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
757 24 : state->op->extended_ret = extended_ret;
758 :
759 24 : if (extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
760 0 : status = NT_STATUS_UNSUCCESSFUL;
761 0 : tevent_req_nterror(req, status);
762 0 : return;
763 : }
764 : }
765 :
766 2414 : dreplsrv_op_pull_source_apply_changes_trigger(req, r, ctr_level, ctr1, ctr6);
767 : }
768 :
769 : /**
770 : * If processing a chunk of replication data fails, check if it is due to a
771 : * problem that can be fixed by setting extra flags in the GetNCChanges request,
772 : * i.e. GET_ANC or GET_TGT.
773 : * @returns NT_STATUS_OK if the request was retried, and an error code if not
774 : */
775 43 : static NTSTATUS dreplsrv_op_pull_retry_with_flags(struct tevent_req *req,
776 : WERROR error_code)
777 : {
778 0 : struct dreplsrv_op_pull_source_state *state;
779 43 : NTSTATUS nt_status = NT_STATUS_OK;
780 :
781 43 : state = tevent_req_data(req, struct dreplsrv_op_pull_source_state);
782 :
783 : /*
784 : * Check if we failed to apply the records due to a missing parent or
785 : * target object. If so, try again and ask for any missing parent/target
786 : * objects to be included this time.
787 : */
788 43 : if (W_ERROR_EQUAL(error_code, WERR_DS_DRA_RECYCLED_TARGET)) {
789 :
790 10 : if (state->op->more_flags & DRSUAPI_DRS_GET_TGT) {
791 0 : DEBUG(1,("Missing target object despite setting DRSUAPI_DRS_GET_TGT flag\n"));
792 0 : nt_status = NT_STATUS_INVALID_NETWORK_RESPONSE;
793 : } else {
794 10 : state->op->more_flags |= DRSUAPI_DRS_GET_TGT;
795 10 : DEBUG(1,("Missing target object when we didn't set the DRSUAPI_DRS_GET_TGT flag, retrying\n"));
796 10 : dreplsrv_op_pull_source_get_changes_trigger(req);
797 : }
798 33 : } else if (W_ERROR_EQUAL(error_code, WERR_DS_DRA_MISSING_PARENT)) {
799 :
800 33 : if (state->op->options & DRSUAPI_DRS_GET_ANC) {
801 0 : DEBUG(1,("Missing parent object despite setting DRSUAPI_DRS_GET_ANC flag\n"));
802 0 : nt_status = NT_STATUS_INVALID_NETWORK_RESPONSE;
803 : } else {
804 33 : state->op->options |= DRSUAPI_DRS_GET_ANC;
805 33 : DEBUG(4,("Missing parent object when we didn't set the DRSUAPI_DRS_GET_ANC flag, retrying\n"));
806 33 : dreplsrv_op_pull_source_get_changes_trigger(req);
807 : }
808 : } else {
809 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
810 : }
811 :
812 43 : return nt_status;
813 : }
814 :
815 :
816 : static void dreplsrv_update_refs_trigger(struct tevent_req *req);
817 :
818 2414 : static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
819 : struct drsuapi_DsGetNCChanges *r,
820 : uint32_t ctr_level,
821 : struct drsuapi_DsGetNCChangesCtr1 *ctr1,
822 : struct drsuapi_DsGetNCChangesCtr6 *ctr6)
823 : {
824 2414 : struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
825 : struct dreplsrv_op_pull_source_state);
826 2414 : struct repsFromTo1 rf1 = *state->op->source_dsa->repsFrom1;
827 2414 : struct dreplsrv_service *service = state->op->service;
828 2414 : struct dreplsrv_partition *partition = state->op->source_dsa->partition;
829 2414 : struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
830 2414 : struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
831 2414 : struct dreplsrv_op_pull_source_schema_cycle *sc = NULL;
832 0 : struct dsdb_schema *schema;
833 2414 : struct dsdb_schema *working_schema = NULL;
834 0 : const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
835 0 : uint32_t object_count;
836 0 : struct drsuapi_DsReplicaObjectListItemEx *first_object;
837 0 : uint32_t linked_attributes_count;
838 0 : struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
839 0 : const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
840 0 : struct dsdb_extended_replicated_objects *objects;
841 2414 : bool more_data = false;
842 0 : WERROR status;
843 0 : NTSTATUS nt_status;
844 2414 : uint32_t dsdb_repl_flags = 0;
845 2414 : struct ldb_dn *nc_root = NULL;
846 2414 : bool was_schema = false;
847 0 : int ret;
848 :
849 2414 : switch (ctr_level) {
850 0 : case 1:
851 0 : mapping_ctr = &ctr1->mapping_ctr;
852 0 : object_count = ctr1->object_count;
853 0 : first_object = ctr1->first_object;
854 0 : linked_attributes_count = 0;
855 0 : linked_attributes = NULL;
856 0 : rf1.source_dsa_obj_guid = ctr1->source_dsa_guid;
857 0 : rf1.source_dsa_invocation_id = ctr1->source_dsa_invocation_id;
858 0 : rf1.highwatermark = ctr1->new_highwatermark;
859 0 : uptodateness_vector = NULL; /* TODO: map it */
860 0 : more_data = ctr1->more_data;
861 0 : break;
862 2414 : case 6:
863 2414 : mapping_ctr = &ctr6->mapping_ctr;
864 2414 : object_count = ctr6->object_count;
865 2414 : first_object = ctr6->first_object;
866 2414 : linked_attributes_count = ctr6->linked_attributes_count;
867 2414 : linked_attributes = ctr6->linked_attributes;
868 2414 : rf1.source_dsa_obj_guid = ctr6->source_dsa_guid;
869 2414 : rf1.source_dsa_invocation_id = ctr6->source_dsa_invocation_id;
870 2414 : rf1.highwatermark = ctr6->new_highwatermark;
871 2414 : uptodateness_vector = ctr6->uptodateness_vector;
872 2414 : more_data = ctr6->more_data;
873 2414 : break;
874 0 : default:
875 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
876 0 : tevent_req_nterror(req, nt_status);
877 0 : return;
878 : }
879 :
880 : /*
881 : * We need to cache the schema changes until we replicated
882 : * everything before we can apply the new schema.
883 : */
884 2414 : if (state->schema_cycle != NULL) {
885 123 : TALLOC_CTX *mem = NULL;
886 123 : struct drsuapi_DsReplicaObjectListItemEx **ptr = NULL;
887 123 : struct drsuapi_DsReplicaObjectListItemEx *l = NULL;
888 :
889 123 : was_schema = true;
890 123 : sc = state->schema_cycle;
891 :
892 123 : sc->repsFrom1 = rf1;
893 :
894 123 : if (sc->first_object == NULL) {
895 117 : mem = sc;
896 117 : ptr = &sc->first_object;
897 : } else {
898 6 : mem = sc->last_object;
899 6 : ptr = &sc->last_object->next_object;
900 : }
901 123 : *ptr = talloc_move(mem, &first_object);
902 660 : for (l = *ptr; l != NULL; l = l->next_object) {
903 600 : sc->object_count++;
904 600 : if (l->next_object == NULL) {
905 63 : sc->last_object = l;
906 63 : break;
907 : }
908 : }
909 :
910 123 : if (sc->linked_attributes_count == 0) {
911 119 : sc->linked_attributes = talloc_move(sc, &linked_attributes);
912 119 : sc->linked_attributes_count = linked_attributes_count;
913 119 : linked_attributes_count = 0;
914 4 : } else if (linked_attributes_count > 0) {
915 4 : struct drsuapi_DsReplicaLinkedAttribute *new_las = NULL;
916 4 : struct drsuapi_DsReplicaLinkedAttribute *tmp_las = NULL;
917 0 : uint64_t new_count;
918 0 : uint64_t add_size;
919 0 : uint32_t add_idx;
920 :
921 4 : new_count = sc->linked_attributes_count;
922 4 : new_count += linked_attributes_count;
923 4 : if (new_count > UINT32_MAX) {
924 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
925 0 : tevent_req_nterror(req, nt_status);
926 0 : return;
927 : }
928 4 : add_size = linked_attributes_count;
929 4 : add_size *= sizeof(linked_attributes[0]);
930 0 : if (add_size > SIZE_MAX) {
931 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
932 : tevent_req_nterror(req, nt_status);
933 : return;
934 : }
935 4 : add_idx = sc->linked_attributes_count;
936 :
937 4 : tmp_las = talloc_realloc(sc,
938 : sc->linked_attributes,
939 : struct drsuapi_DsReplicaLinkedAttribute,
940 : new_count);
941 4 : if (tevent_req_nomem(tmp_las, req)) {
942 0 : return;
943 : }
944 4 : new_las = talloc_move(tmp_las, &linked_attributes);
945 4 : memcpy(&tmp_las[add_idx], new_las, add_size);
946 4 : sc->linked_attributes = tmp_las;
947 4 : sc->linked_attributes_count = new_count;
948 4 : linked_attributes_count = 0;
949 : }
950 :
951 123 : if (more_data) {
952 : /* we don't need this structure anymore */
953 6 : TALLOC_FREE(r);
954 :
955 6 : dreplsrv_op_pull_source_get_changes_trigger(req);
956 6 : return;
957 : }
958 :
959 : /* detach sc from state */
960 117 : state->schema_cycle = NULL;
961 : }
962 :
963 2408 : schema = dsdb_get_schema(service->samdb, state);
964 2408 : if (!schema) {
965 0 : DEBUG(0,(__location__ ": Schema is not loaded yet!\n"));
966 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
967 0 : return;
968 : }
969 :
970 : /*
971 : * Decide what working schema to use for object conversion.
972 : * We won't need a working schema for empty replicas sent.
973 : */
974 2408 : if (sc != NULL) {
975 117 : first_object = talloc_move(r, &sc->first_object);
976 117 : object_count = sc->object_count;
977 117 : linked_attributes = talloc_move(r, &sc->linked_attributes);
978 117 : linked_attributes_count = sc->linked_attributes_count;
979 117 : TALLOC_FREE(sc);
980 :
981 117 : if (first_object != NULL) {
982 : /* create working schema to convert objects with */
983 61 : status = dsdb_repl_make_working_schema(service->samdb,
984 : schema,
985 : mapping_ctr,
986 : object_count,
987 : first_object,
988 61 : &drsuapi->gensec_skey,
989 : state, &working_schema);
990 61 : if (!W_ERROR_IS_OK(status)) {
991 0 : DEBUG(0,("Failed to create working schema: %s\n",
992 : win_errstr(status)));
993 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
994 0 : return;
995 : }
996 : }
997 : }
998 :
999 2408 : if (partition->partial_replica || partition->rodc_replica) {
1000 474 : dsdb_repl_flags |= DSDB_REPL_FLAG_PARTIAL_REPLICA;
1001 : }
1002 2408 : if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
1003 161 : dsdb_repl_flags |= DSDB_REPL_FLAG_PRIORITISE_INCOMING;
1004 : }
1005 2408 : if (state->op->options & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
1006 0 : dsdb_repl_flags |= DSDB_REPL_FLAG_EXPECT_NO_SECRETS;
1007 : }
1008 2408 : if (state->op->options & DRSUAPI_DRS_CRITICAL_ONLY ||
1009 2408 : state->op->extended_op != DRSUAPI_EXOP_NONE) {
1010 24 : dsdb_repl_flags |= DSDB_REPL_FLAG_OBJECT_SUBSET;
1011 : }
1012 :
1013 2408 : if (state->op->more_flags & DRSUAPI_DRS_GET_TGT) {
1014 22 : dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
1015 : }
1016 :
1017 2408 : if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
1018 24 : ret = dsdb_find_nc_root(service->samdb, partition,
1019 : partition->dn, &nc_root);
1020 24 : if (ret != LDB_SUCCESS) {
1021 0 : DEBUG(0,(__location__ ": Failed to find nc_root for %s\n",
1022 : ldb_dn_get_linearized(partition->dn)));
1023 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1024 0 : return;
1025 : }
1026 : } else {
1027 2384 : nc_root = partition->dn;
1028 : }
1029 :
1030 2408 : status = dsdb_replicated_objects_convert(service->samdb,
1031 2408 : working_schema ? working_schema : schema,
1032 : nc_root,
1033 : mapping_ctr,
1034 : object_count,
1035 : first_object,
1036 : linked_attributes_count,
1037 : linked_attributes,
1038 : &rf1,
1039 : uptodateness_vector,
1040 2408 : &drsuapi->gensec_skey,
1041 : dsdb_repl_flags,
1042 : state, &objects);
1043 :
1044 2408 : if (W_ERROR_EQUAL(status, WERR_DS_DRA_SCHEMA_MISMATCH)) {
1045 0 : struct dreplsrv_partition *p;
1046 0 : bool ok;
1047 :
1048 6 : if (was_schema) {
1049 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
1050 0 : DBG_ERR("Got mismatch for schema partition: %s/%s\n",
1051 : win_errstr(status), nt_errstr(nt_status));
1052 0 : tevent_req_nterror(req, nt_status);
1053 0 : return;
1054 : }
1055 :
1056 6 : if (state->retry_started) {
1057 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
1058 0 : DEBUG(0,("Failed to convert objects after retry: %s/%s\n",
1059 : win_errstr(status), nt_errstr(nt_status)));
1060 0 : tevent_req_nterror(req, nt_status);
1061 0 : return;
1062 : }
1063 :
1064 : /*
1065 : * Change info sync or extended operation into a fetch
1066 : * of the schema partition, so we get all the schema
1067 : * objects we need.
1068 : *
1069 : * We don't want to re-do the remote exop,
1070 : * unless it was REPL_SECRET so we set the
1071 : * fallback operation to just be a fetch of
1072 : * the relevant partition.
1073 : */
1074 :
1075 :
1076 6 : if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
1077 0 : state->extended_op_retry = state->op->extended_op;
1078 : } else {
1079 6 : state->extended_op_retry = DRSUAPI_EXOP_NONE;
1080 : }
1081 6 : state->op->extended_op = DRSUAPI_EXOP_NONE;
1082 :
1083 6 : if (ldb_dn_compare(nc_root, partition->dn) == 0) {
1084 6 : state->source_dsa_retry = state->op->source_dsa;
1085 : } else {
1086 0 : status = dreplsrv_partition_find_for_nc(service,
1087 : NULL, NULL,
1088 : ldb_dn_get_linearized(nc_root),
1089 : &p);
1090 0 : if (!W_ERROR_IS_OK(status)) {
1091 0 : DEBUG(2, ("Failed to find requested Naming Context for %s: %s\n",
1092 : ldb_dn_get_linearized(nc_root),
1093 : win_errstr(status)));
1094 0 : nt_status = werror_to_ntstatus(status);
1095 0 : tevent_req_nterror(req, nt_status);
1096 0 : return;
1097 : }
1098 0 : status = dreplsrv_partition_source_dsa_by_guid(p,
1099 0 : &state->op->source_dsa->repsFrom1->source_dsa_obj_guid,
1100 : &state->source_dsa_retry);
1101 :
1102 0 : if (!W_ERROR_IS_OK(status)) {
1103 0 : struct GUID_txt_buf str;
1104 0 : DEBUG(2, ("Failed to find requested source DSA for %s and %s: %s\n",
1105 : ldb_dn_get_linearized(nc_root),
1106 : GUID_buf_string(&state->op->source_dsa->repsFrom1->source_dsa_obj_guid, &str),
1107 : win_errstr(status)));
1108 0 : nt_status = werror_to_ntstatus(status);
1109 0 : tevent_req_nterror(req, nt_status);
1110 0 : return;
1111 : }
1112 : }
1113 :
1114 : /* Find schema naming context to be synchronized first */
1115 6 : status = dreplsrv_partition_find_for_nc(service,
1116 : NULL, NULL,
1117 : ldb_dn_get_linearized(schema_dn),
1118 : &p);
1119 6 : if (!W_ERROR_IS_OK(status)) {
1120 0 : DEBUG(2, ("Failed to find requested Naming Context for schema: %s\n",
1121 : win_errstr(status)));
1122 0 : nt_status = werror_to_ntstatus(status);
1123 0 : tevent_req_nterror(req, nt_status);
1124 0 : return;
1125 : }
1126 :
1127 6 : status = dreplsrv_partition_source_dsa_by_guid(p,
1128 6 : &state->op->source_dsa->repsFrom1->source_dsa_obj_guid,
1129 6 : &state->op->source_dsa);
1130 6 : if (!W_ERROR_IS_OK(status)) {
1131 0 : struct GUID_txt_buf str;
1132 0 : DEBUG(2, ("Failed to find requested source DSA for %s and %s: %s\n",
1133 : ldb_dn_get_linearized(schema_dn),
1134 : GUID_buf_string(&state->op->source_dsa->repsFrom1->source_dsa_obj_guid, &str),
1135 : win_errstr(status)));
1136 0 : nt_status = werror_to_ntstatus(status);
1137 0 : tevent_req_nterror(req, nt_status);
1138 0 : return;
1139 : }
1140 6 : DEBUG(4,("Wrong schema when applying reply GetNCChanges, retrying\n"));
1141 :
1142 6 : state->retry_started = true;
1143 :
1144 6 : ok = dreplsrv_op_pull_source_detect_schema_cycle(req);
1145 6 : if (!ok) {
1146 0 : return;
1147 : }
1148 :
1149 6 : dreplsrv_op_pull_source_get_changes_trigger(req);
1150 6 : return;
1151 :
1152 2402 : } else if (!W_ERROR_IS_OK(status)) {
1153 0 : nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
1154 0 : DEBUG(0,("Failed to convert objects: %s/%s\n",
1155 : win_errstr(status), nt_errstr(nt_status)));
1156 0 : tevent_req_nterror(req, nt_status);
1157 0 : return;
1158 : }
1159 :
1160 2402 : status = dsdb_replicated_objects_commit(service->samdb,
1161 : working_schema,
1162 : objects,
1163 2402 : &state->op->source_dsa->notify_uSN);
1164 2402 : talloc_free(objects);
1165 :
1166 2402 : if (!W_ERROR_IS_OK(status)) {
1167 :
1168 : /*
1169 : * Check if this error can be fixed by resending the GetNCChanges
1170 : * request with extra flags set (i.e. GET_ANC/GET_TGT)
1171 : */
1172 43 : nt_status = dreplsrv_op_pull_retry_with_flags(req, status);
1173 :
1174 43 : if (NT_STATUS_IS_OK(nt_status)) {
1175 :
1176 : /*
1177 : * We resent the request. Don't update the highwatermark,
1178 : * we'll start this part of the cycle again.
1179 : */
1180 43 : return;
1181 : }
1182 :
1183 0 : DEBUG(0,("Failed to commit objects: %s/%s\n",
1184 : win_errstr(status), nt_errstr(nt_status)));
1185 0 : tevent_req_nterror(req, nt_status);
1186 0 : return;
1187 : }
1188 :
1189 2359 : if (state->op->extended_op == DRSUAPI_EXOP_NONE) {
1190 : /* if it applied fine, we need to update the highwatermark */
1191 2335 : *state->op->source_dsa->repsFrom1 = rf1;
1192 : }
1193 :
1194 : /* we don't need this maybe very large structure anymore */
1195 2359 : TALLOC_FREE(r);
1196 :
1197 2359 : if (more_data) {
1198 449 : dreplsrv_op_pull_source_get_changes_trigger(req);
1199 449 : return;
1200 : }
1201 :
1202 : /*
1203 : * If we had to divert via doing some other thing, such as
1204 : * pulling the schema, then go back and do the original
1205 : * operation once we are done.
1206 : */
1207 1910 : if (state->source_dsa_retry != NULL) {
1208 6 : state->op->source_dsa = state->source_dsa_retry;
1209 6 : state->op->extended_op = state->extended_op_retry;
1210 6 : state->source_dsa_retry = NULL;
1211 6 : dreplsrv_op_pull_source_get_changes_trigger(req);
1212 6 : return;
1213 : }
1214 :
1215 1904 : if (state->op->extended_op != DRSUAPI_EXOP_NONE ||
1216 1880 : state->op->service->am_rodc) {
1217 : /*
1218 : we don't do the UpdateRefs for extended ops or if we
1219 : are a RODC
1220 : */
1221 418 : tevent_req_done(req);
1222 418 : return;
1223 : }
1224 :
1225 : /* now we need to update the repsTo record for this partition
1226 : on the server. These records are initially established when
1227 : we join the domain, but they quickly expire. We do it here
1228 : so we can use the already established DRSUAPI pipe
1229 : */
1230 1486 : dreplsrv_update_refs_trigger(req);
1231 : }
1232 :
1233 : static void dreplsrv_update_refs_done(struct tevent_req *subreq);
1234 :
1235 : /*
1236 : send a UpdateRefs request to refresh our repsTo record on the server
1237 : */
1238 1486 : static void dreplsrv_update_refs_trigger(struct tevent_req *req)
1239 : {
1240 1486 : struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
1241 : struct dreplsrv_op_pull_source_state);
1242 1486 : struct dreplsrv_service *service = state->op->service;
1243 1486 : struct dreplsrv_partition *partition = state->op->source_dsa->partition;
1244 1486 : struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
1245 0 : struct drsuapi_DsReplicaUpdateRefs *r;
1246 0 : char *ntds_dns_name;
1247 0 : struct tevent_req *subreq;
1248 :
1249 1486 : r = talloc(state, struct drsuapi_DsReplicaUpdateRefs);
1250 1486 : if (tevent_req_nomem(r, req)) {
1251 0 : return;
1252 : }
1253 :
1254 1486 : ntds_dns_name = samdb_ntds_msdcs_dns_name(service->samdb, r, &service->ntds_guid);
1255 1486 : if (tevent_req_nomem(ntds_dns_name, req)) {
1256 0 : talloc_free(r);
1257 0 : return;
1258 : }
1259 :
1260 1486 : r->in.bind_handle = &drsuapi->bind_handle;
1261 1486 : r->in.level = 1;
1262 1486 : r->in.req.req1.naming_context = &partition->nc;
1263 1486 : r->in.req.req1.dest_dsa_dns_name = ntds_dns_name;
1264 1486 : r->in.req.req1.dest_dsa_guid = service->ntds_guid;
1265 1486 : r->in.req.req1.options = DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_DEL_REF;
1266 1486 : if (!service->am_rodc) {
1267 1486 : r->in.req.req1.options |= DRSUAPI_DRS_WRIT_REP;
1268 : }
1269 :
1270 1486 : state->ndr_struct_ptr = r;
1271 1486 : subreq = dcerpc_drsuapi_DsReplicaUpdateRefs_r_send(state,
1272 : state->ev,
1273 : drsuapi->drsuapi_handle,
1274 : r);
1275 1486 : if (tevent_req_nomem(subreq, req)) {
1276 0 : talloc_free(r);
1277 0 : return;
1278 : }
1279 1486 : tevent_req_set_callback(subreq, dreplsrv_update_refs_done, req);
1280 : }
1281 :
1282 : /*
1283 : receive a UpdateRefs reply
1284 : */
1285 1486 : static void dreplsrv_update_refs_done(struct tevent_req *subreq)
1286 : {
1287 1486 : struct tevent_req *req = tevent_req_callback_data(subreq,
1288 : struct tevent_req);
1289 1486 : struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
1290 : struct dreplsrv_op_pull_source_state);
1291 1486 : struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(state->ndr_struct_ptr,
1292 : struct drsuapi_DsReplicaUpdateRefs);
1293 0 : NTSTATUS status;
1294 :
1295 1486 : state->ndr_struct_ptr = NULL;
1296 :
1297 1486 : status = dcerpc_drsuapi_DsReplicaUpdateRefs_r_recv(subreq, r);
1298 1486 : TALLOC_FREE(subreq);
1299 1486 : if (!NT_STATUS_IS_OK(status)) {
1300 0 : DEBUG(0,("UpdateRefs failed with %s\n",
1301 : nt_errstr(status)));
1302 0 : tevent_req_nterror(req, status);
1303 0 : return;
1304 : }
1305 :
1306 1486 : if (!W_ERROR_IS_OK(r->out.result)) {
1307 0 : status = werror_to_ntstatus(r->out.result);
1308 0 : DEBUG(0,("UpdateRefs failed with %s/%s for %s %s\n",
1309 : win_errstr(r->out.result),
1310 : nt_errstr(status),
1311 : r->in.req.req1.dest_dsa_dns_name,
1312 : r->in.req.req1.naming_context->dn));
1313 : /*
1314 : * TODO we are currently not sending the
1315 : * DsReplicaUpdateRefs at the correct moment,
1316 : * we do it just after a GetNcChanges which is
1317 : * not always correct.
1318 : * Especially when another DC is trying to demote
1319 : * it will sends us a DsReplicaSync that will trigger a getNcChanges
1320 : * this call will succeed but the DsRecplicaUpdateRefs that we send
1321 : * just after will not because the DC is in a demote state and
1322 : * will reply us a WERR_DS_DRA_BUSY, this error will cause us to
1323 : * answer to the DsReplicaSync with a non OK status, the other DC
1324 : * will stop the demote due to this error.
1325 : * In order to cope with this we will for the moment consider
1326 : * a DS_DRA_BUSY not as an error.
1327 : * It's not ideal but it should not have a too huge impact for
1328 : * running production as this error otherwise never happen and
1329 : * due to the fact the send a DsReplicaUpdateRefs after each getNcChanges
1330 : */
1331 0 : if (!W_ERROR_EQUAL(r->out.result, WERR_DS_DRA_BUSY)) {
1332 0 : tevent_req_nterror(req, status);
1333 0 : return;
1334 : }
1335 : }
1336 :
1337 1486 : DEBUG(4,("UpdateRefs OK for %s %s\n",
1338 : r->in.req.req1.dest_dsa_dns_name,
1339 : r->in.req.req1.naming_context->dn));
1340 :
1341 1486 : tevent_req_done(req);
1342 : }
1343 :
1344 3945 : WERROR dreplsrv_op_pull_source_recv(struct tevent_req *req)
1345 : {
1346 0 : NTSTATUS status;
1347 :
1348 3945 : if (tevent_req_is_nterror(req, &status)) {
1349 2041 : tevent_req_received(req);
1350 2041 : return ntstatus_to_werror(status);
1351 : }
1352 :
1353 1904 : tevent_req_received(req);
1354 1904 : return WERR_OK;
1355 : }
1356 :
|