summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-04-01 19:53:23 +1100
committerAndrew Tridgell <tridge@samba.org>2011-04-04 03:27:06 +0200
commitf00d258a44073e5758c1b1785d98c79e75ba528b (patch)
tree3b47ba9811bad319486ec2408f5c7cec5d146466 /source4/dsdb/samdb/ldb_modules
parentbf3a75cf82f7ccdde14108d0d300b08d764277a3 (diff)
downloadsamba-f00d258a44073e5758c1b1785d98c79e75ba528b.tar.gz
samba-f00d258a44073e5758c1b1785d98c79e75ba528b.tar.bz2
samba-f00d258a44073e5758c1b1785d98c79e75ba528b.zip
s4-dsdb: implemented creation of conflict records
when a record with the same DN gets created on two DCs at the same time, this creates a replication conflict. To resolve this conflict one of the DCs needs to create a conflict record, which is a rename of one of the two DNs, based on which one is newer. This prevents replication from failing when DCs are temporarily disconnected and then have conflicts when they next replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Apr 4 03:27:07 CEST 2011 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c404
1 files changed, 356 insertions, 48 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index b38f45fa13..6180dfc09a 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2884,6 +2884,361 @@ static int replmd_replicated_request_werror(struct replmd_replicated_request *ar
return ret;
}
+
+static struct replPropertyMetaData1 *
+replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob *md_blob,
+ enum drsuapi_DsAttributeId attid)
+{
+ uint32_t i;
+ struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
+
+ for (i = 0; i < rpmd_ctr->count; i++) {
+ if (rpmd_ctr->array[i].attid == attid) {
+ return &rpmd_ctr->array[i];
+ }
+ }
+ return NULL;
+}
+
+
+/*
+ return true if an update is newer than an existing entry
+ see section 5.11 of MS-ADTS
+*/
+static bool replmd_update_is_newer(const struct GUID *current_invocation_id,
+ const struct GUID *update_invocation_id,
+ uint32_t current_version,
+ uint32_t update_version,
+ NTTIME current_change_time,
+ NTTIME update_change_time)
+{
+ if (update_version != current_version) {
+ return update_version > current_version;
+ }
+ if (update_change_time != current_change_time) {
+ return update_change_time > current_change_time;
+ }
+ return GUID_compare(update_invocation_id, current_invocation_id) > 0;
+}
+
+static bool replmd_replPropertyMetaData1_is_newer(struct replPropertyMetaData1 *cur_m,
+ struct replPropertyMetaData1 *new_m)
+{
+ return replmd_update_is_newer(&cur_m->originating_invocation_id,
+ &new_m->originating_invocation_id,
+ cur_m->version,
+ new_m->version,
+ cur_m->originating_change_time,
+ new_m->originating_change_time);
+}
+
+
+/*
+ form a conflict DN
+ */
+static struct ldb_dn *replmd_conflict_dn(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct GUID *guid)
+{
+ const struct ldb_val *rdn_val;
+ const char *rdn_name;
+ struct ldb_dn *new_dn;
+
+ rdn_val = ldb_dn_get_rdn_val(dn);
+ rdn_name = ldb_dn_get_rdn_name(dn);
+ if (!rdn_val || !rdn_name) {
+ return NULL;
+ }
+
+ new_dn = ldb_dn_copy(mem_ctx, dn);
+ if (!new_dn) {
+ return NULL;
+ }
+
+ if (!ldb_dn_remove_child_components(new_dn, 1)) {
+ return NULL;
+ }
+
+ if (!ldb_dn_add_child_fmt(new_dn, "%s=%s\\0ACNF:%s",
+ rdn_name,
+ ldb_dn_escape_value(new_dn, *rdn_val),
+ GUID_string(new_dn, guid))) {
+ return NULL;
+ }
+
+ return new_dn;
+}
+
+
+/*
+ perform a modify operation which sets the rDN and name attributes to
+ their current values. This has the effect of changing these
+ attributes to have been last updated by the current DC. This is
+ needed to ensure that renames performed as part of conflict
+ resolution are propogated to other DCs
+ */
+static int replmd_name_modify(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
+{
+ struct ldb_message *msg;
+ const char *rdn_name;
+ const struct ldb_val *rdn_val;
+ int ret;
+
+ msg = ldb_msg_new(req);
+ if (msg == NULL) {
+ goto failed;
+ }
+ msg->dn = dn;
+
+ rdn_name = ldb_dn_get_rdn_name(dn);
+ if (rdn_name == NULL) {
+ goto failed;
+ }
+
+ rdn_val = ldb_dn_get_rdn_val(dn);
+ if (rdn_val == NULL) {
+ goto failed;
+ }
+
+ if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) {
+ goto failed;
+ }
+ if (ldb_msg_add_value(msg, rdn_name, rdn_val, NULL) != 0) {
+ goto failed;
+ }
+ if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) {
+ goto failed;
+ }
+ if (ldb_msg_add_value(msg, "name", rdn_val, NULL) != 0) {
+ goto failed;
+ }
+
+ ret = dsdb_module_modify(module, msg, DSDB_FLAG_OWN_MODULE, req);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to modify rDN/name of conflict DN '%s' - %s",
+ ldb_dn_get_linearized(dn), ldb_errstring(ldb_module_get_ctx(module))));
+ return ret;
+ }
+
+ talloc_free(msg);
+
+ return LDB_SUCCESS;
+
+failed:
+ talloc_free(msg);
+ DEBUG(0,(__location__ ": Failed to setup modify rDN/name of conflict DN '%s'",
+ ldb_dn_get_linearized(dn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+}
+
+
+/*
+ callback for conflict DN handling where we have renamed the incoming
+ record. After renaming it, we need to ensure the change of name and
+ rDN for the incoming record is seen as an originating update by this DC.
+ */
+static int replmd_op_name_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+ struct replmd_replicated_request *ar =
+ talloc_get_type_abort(req->context, struct replmd_replicated_request);
+ int ret;
+
+ if (ares->error != LDB_SUCCESS) {
+ /* call the normal callback for everything except success */
+ return replmd_op_callback(req, ares);
+ }
+
+ /* perform a modify of the rDN and name of the record */
+ ret = replmd_name_modify(ar->module, req, req->op.add.message->dn);
+ if (ret != LDB_SUCCESS) {
+ ares->error = ret;
+ return replmd_op_callback(req, ares);
+ }
+
+ return replmd_op_callback(req, ares);
+}
+
+/*
+ callback for replmd_replicated_apply_add()
+ This copes with the creation of conflict records in the case where
+ the DN exists, but with a different objectGUID
+ */
+static int replmd_op_add_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+ struct ldb_dn *conflict_dn;
+ struct replmd_replicated_request *ar =
+ talloc_get_type_abort(req->context, struct replmd_replicated_request);
+ struct ldb_result *res;
+ const char *attrs[] = { "replPropertyMetaData", "objectGUID", NULL };
+ int ret;
+ const struct ldb_val *rmd_value, *omd_value;
+ struct replPropertyMetaDataBlob omd, rmd;
+ enum ndr_err_code ndr_err;
+ bool rename_incoming_record;
+ struct replPropertyMetaData1 *rmd_name, *omd_name;
+
+ if (ares->error != LDB_ERR_ENTRY_ALREADY_EXISTS) {
+ /* call the normal callback for everything except
+ conflicts */
+ return replmd_op_callback(req, ares);
+ }
+
+ /*
+ * we have a conflict, and need to decide if we will keep the
+ * new record or the old record
+ */
+ conflict_dn = req->op.add.message->dn;
+
+ /*
+ * first we need the replPropertyMetaData attribute from the
+ * old record
+ */
+ ret = dsdb_module_search_dn(ar->module, req, &res, conflict_dn,
+ attrs,
+ DSDB_FLAG_NEXT_MODULE |
+ DSDB_SEARCH_SHOW_DELETED |
+ DSDB_SEARCH_SHOW_RECYCLED, req);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Unable to find object for conflicting record '%s'\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
+ if (omd_value == NULL) {
+ DEBUG(0,(__location__ ": Unable to find replPropertyMetaData for conflicting record '%s'\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ ndr_err = ndr_pull_struct_blob(omd_value, res->msgs[0], &omd,
+ (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,(__location__ ": Failed to parse old replPropertyMetaData for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ /*
+ * and the replPropertyMetaData attribute from the
+ * new record
+ */
+ rmd_value = ldb_msg_find_ldb_val(req->op.add.message, "replPropertyMetaData");
+ if (rmd_value == NULL) {
+ DEBUG(0,(__location__ ": Unable to find replPropertyMetaData for new record '%s'\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ ndr_err = ndr_pull_struct_blob(rmd_value, req, &rmd,
+ (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,(__location__ ": Failed to parse new replPropertyMetaData for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ /* we decide which is newer based on the RPMD on the name
+ attribute. See [MS-DRSR] ResolveNameConflict */
+ rmd_name = replmd_replPropertyMetaData1_find_attid(&rmd, DRSUAPI_ATTID_name);
+ omd_name = replmd_replPropertyMetaData1_find_attid(&omd, DRSUAPI_ATTID_name);
+ if (!rmd_name || !omd_name) {
+ DEBUG(0,(__location__ ": Failed to find name attribute in replPropertyMetaData for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ rename_incoming_record = !replmd_replPropertyMetaData1_is_newer(omd_name, rmd_name);
+
+ if (rename_incoming_record) {
+ struct GUID guid;
+ struct ldb_dn *new_dn;
+ struct ldb_message *new_msg;
+
+ guid = samdb_result_guid(req->op.add.message, "objectGUID");
+ if (GUID_all_zero(&guid)) {
+ DEBUG(0,(__location__ ": Failed to find objectGUID for conflicting incoming record %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+ new_dn = replmd_conflict_dn(req, conflict_dn, &guid);
+ if (new_dn == NULL) {
+ DEBUG(0,(__location__ ": Failed to form conflict DN for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ DEBUG(1,(__location__ ": Resolving conflict record via incoming rename '%s' -> '%s'\n",
+ ldb_dn_get_linearized(conflict_dn), ldb_dn_get_linearized(new_dn)));
+
+ /* re-submit the request, but with a different
+ callback, so we don't loop forever. */
+ new_msg = ldb_msg_copy_shallow(req, req->op.add.message);
+ if (!new_msg) {
+ goto failed;
+ DEBUG(0,(__location__ ": Failed to copy conflict DN message for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ }
+ new_msg->dn = new_dn;
+ req->op.add.message = new_msg;
+ req->callback = replmd_op_name_modify_callback;
+
+ return ldb_next_request(ar->module, req);
+ } else {
+ /* we are renaming the existing record */
+ struct GUID guid;
+ struct ldb_dn *new_dn;
+
+ guid = samdb_result_guid(res->msgs[0], "objectGUID");
+ if (GUID_all_zero(&guid)) {
+ DEBUG(0,(__location__ ": Failed to find objectGUID for existing conflict record %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ new_dn = replmd_conflict_dn(req, conflict_dn, &guid);
+ if (new_dn == NULL) {
+ DEBUG(0,(__location__ ": Failed to form conflict DN for %s\n",
+ ldb_dn_get_linearized(conflict_dn)));
+ goto failed;
+ }
+
+ DEBUG(1,(__location__ ": Resolving conflict record via existing rename '%s' -> '%s'\n",
+ ldb_dn_get_linearized(conflict_dn), ldb_dn_get_linearized(new_dn)));
+
+ ret = dsdb_module_rename(ar->module, conflict_dn, new_dn,
+ DSDB_FLAG_OWN_MODULE, req);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to rename conflict dn '%s' to '%s' - %s\n",
+ ldb_dn_get_linearized(conflict_dn),
+ ldb_dn_get_linearized(new_dn),
+ ldb_errstring(ldb_module_get_ctx(ar->module))));
+ goto failed;
+ }
+
+ /*
+ * now we need to ensure that the rename is seen as an
+ * originating update. We do that with a modify.
+ */
+ ret = replmd_name_modify(ar->module, req, new_dn);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
+
+ req->callback = replmd_op_callback;
+
+ return ldb_next_request(ar->module, req);
+ }
+
+failed:
+ /* on failure do the original callback. This means replication
+ * will stop with an error, but there is not much else we can
+ * do
+ */
+ return replmd_op_callback(req, ares);
+}
+
+/*
+ this is called when a new object comes in over DRS
+ */
static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
{
struct ldb_context *ldb;
@@ -2978,7 +3333,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
msg,
ar->controls,
ar,
- replmd_op_callback,
+ replmd_op_add_callback,
ar->req);
LDB_REQ_SET_LOCATION(change_req);
if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
@@ -2993,53 +3348,6 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
}
/*
- return true if an update is newer than an existing entry
- see section 5.11 of MS-ADTS
-*/
-static bool replmd_update_is_newer(const struct GUID *current_invocation_id,
- const struct GUID *update_invocation_id,
- uint32_t current_version,
- uint32_t update_version,
- NTTIME current_change_time,
- NTTIME update_change_time)
-{
- if (update_version != current_version) {
- return update_version > current_version;
- }
- if (update_change_time != current_change_time) {
- return update_change_time > current_change_time;
- }
- return GUID_compare(update_invocation_id, current_invocation_id) > 0;
-}
-
-static bool replmd_replPropertyMetaData1_is_newer(struct replPropertyMetaData1 *cur_m,
- struct replPropertyMetaData1 *new_m)
-{
- return replmd_update_is_newer(&cur_m->originating_invocation_id,
- &new_m->originating_invocation_id,
- cur_m->version,
- new_m->version,
- cur_m->originating_change_time,
- new_m->originating_change_time);
-}
-
-static struct replPropertyMetaData1 *
-replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob *md_blob,
- enum drsuapi_DsAttributeId attid)
-{
- uint32_t i;
- struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
-
- for (i = 0; i < rpmd_ctr->count; i++) {
- if (rpmd_ctr->array[i].attid == attid) {
- return &rpmd_ctr->array[i];
- }
- }
- return NULL;
-}
-
-
-/*
handle renames that come in over DRS replication
*/
static int replmd_replicated_handle_rename(struct replmd_replicated_request *ar,