summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-10-01 19:07:01 -0700
committerAndrew Tridgell <tridge@samba.org>2010-10-01 22:31:58 -0700
commiteadd28233d8df31cddc5c8dd888b768f3ac19730 (patch)
treee2260904556627e8b9ecada294e208988f86c916
parent9bae4cd3d967f43c32796d03b1c2ee8ae5119e00 (diff)
downloadsamba-eadd28233d8df31cddc5c8dd888b768f3ac19730.tar.gz
samba-eadd28233d8df31cddc5c8dd888b768f3ac19730.tar.bz2
samba-eadd28233d8df31cddc5c8dd888b768f3ac19730.zip
s4-repl: use the GC principal name for DRS replication connection
this is required when talking to RODCs (for notify calls), and is good practice for all DCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/repl/drepl_notify.c16
-rw-r--r--source4/dsdb/repl/drepl_partitions.c62
-rw-r--r--source4/dsdb/repl/drepl_service.h4
3 files changed, 76 insertions, 6 deletions
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index 6b8190173e..5d4ed6a59b 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -292,7 +292,8 @@ static WERROR dreplsrv_schedule_notify_sync(struct dreplsrv_service *service,
struct repsFromToBlob *reps,
TALLOC_CTX *mem_ctx,
uint64_t uSN,
- bool is_urgent)
+ bool is_urgent,
+ uint32_t replica_flags)
{
struct dreplsrv_notify_operation *op;
struct dreplsrv_partition_source_dsa *s;
@@ -307,10 +308,11 @@ static WERROR dreplsrv_schedule_notify_sync(struct dreplsrv_service *service,
op = talloc_zero(mem_ctx, struct dreplsrv_notify_operation);
W_ERROR_HAVE_NO_MEMORY(op);
- op->service = service;
- op->source_dsa = s;
- op->uSN = uSN;
- op->is_urgent = is_urgent;
+ op->service = service;
+ op->source_dsa = s;
+ op->uSN = uSN;
+ op->is_urgent = is_urgent;
+ op->replica_flags = replica_flags;
DLIST_ADD_END(service->ops.notifies, op, struct dreplsrv_notify_operation *);
talloc_steal(service, op);
@@ -350,7 +352,9 @@ static WERROR dreplsrv_notify_check(struct dreplsrv_service *s,
/* see if any of our partners need some of our objects */
for (i=0; i<count; i++) {
struct dreplsrv_partition_source_dsa *sdsa;
+ uint32_t replica_flags;
sdsa = dreplsrv_find_source_dsa(p, &reps[i].ctr.ctr1.source_dsa_obj_guid);
+ replica_flags = reps[i].ctr.ctr1.replica_flags;
if (sdsa == NULL) continue;
if (sdsa->notify_uSN < uSNHighest) {
/* we need to tell this partner to replicate
@@ -359,7 +363,7 @@ static WERROR dreplsrv_notify_check(struct dreplsrv_service *s,
/* check if urgent replication is needed */
werr = dreplsrv_schedule_notify_sync(s, p, &reps[i], mem_ctx,
- uSNHighest, is_urgent);
+ uSNHighest, is_urgent, replica_flags);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,(__location__ ": Failed to setup notify to %s for %s\n",
reps[i].ctr.ctr1.other_info->dns_name,
diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
index 1e787c122a..fd0ffd954a 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -94,6 +94,61 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
return WERR_OK;
}
+/*
+ work out the principal to use for DRS replication connections
+ */
+NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
+ TALLOC_CTX *mem_ctx,
+ const struct repsFromTo1 *rft,
+ const char **target_principal)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_result *res;
+ const char *attrs[] = { "dNSHostName", NULL };
+ int ret;
+ const char *hostname;
+ struct ldb_dn *dn;
+
+ *target_principal = NULL;
+
+ tmp_ctx = talloc_new(mem_ctx);
+
+ /* we need to find their hostname */
+ ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, &dn);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ /* its OK for their NTDSDSA DN not to be in our database */
+ return NT_STATUS_OK;
+ }
+
+ /* strip off the NTDS Settings */
+ if (!ldb_dn_remove_child_components(dn, 1)) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+ }
+
+ ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, dn, attrs, 0);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ /* its OK for their account DN not to be in our database */
+ return NT_STATUS_OK;
+ }
+
+ hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+ if (hostname == NULL) {
+ talloc_free(tmp_ctx);
+ /* its OK to not have a dnshostname */
+ return NT_STATUS_OK;
+ }
+
+ *target_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
+ hostname,
+ lpcfg_dnsdomain(s->task->lp_ctx));
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+}
+
+
WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
const struct repsFromTo1 *rft,
struct dreplsrv_out_connection **_conn)
@@ -136,6 +191,13 @@ WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
return ntstatus_to_werror(nt_status);
}
+ /* use the GC principal for DRS replication */
+ nt_status = dreplsrv_get_target_principal(s, conn->binding,
+ rft, &conn->binding->target_principal);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return ntstatus_to_werror(nt_status);
+ }
+
DLIST_ADD_END(s->connections, conn, struct dreplsrv_out_connection *);
DEBUG(2,("dreplsrv_out_connection_attach(%s): create\n", conn->binding->host));
diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h
index 7aeb7633b1..ba1f1950ef 100644
--- a/source4/dsdb/repl/drepl_service.h
+++ b/source4/dsdb/repl/drepl_service.h
@@ -52,6 +52,9 @@ struct dreplsrv_out_connection {
/* the out going connection to the source dsa */
struct dreplsrv_drsuapi_connection *drsuapi;
+
+ /* used to force the GC principal name */
+ const char *principal_name;
};
struct dreplsrv_partition_source_dsa {
@@ -130,6 +133,7 @@ struct dreplsrv_notify_operation {
struct dreplsrv_partition_source_dsa *source_dsa;
bool is_urgent;
+ uint32_t replica_flags;
};
struct dreplsrv_service {