summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-08-11 15:40:53 +1000
committerAndrew Tridgell <tridge@samba.org>2011-08-12 04:00:07 +0200
commitf9d10a304d0197cc1ef5b14ab523d6462040088a (patch)
tree2ef9553fd900277d7787b54435c476dfab99c367 /source4/dsdb/samdb
parentce93b4f4645b15e204590633a8047c2bfec13154 (diff)
downloadsamba-f9d10a304d0197cc1ef5b14ab523d6462040088a.tar.gz
samba-f9d10a304d0197cc1ef5b14ab523d6462040088a.tar.bz2
samba-f9d10a304d0197cc1ef5b14ab523d6462040088a.zip
s4-dsdb: calculate validFSMOs at runtime instead of pre-computing
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/naming_fsmo.c108
-rw-r--r--source4/dsdb/samdb/ldb_modules/pdc_fsmo.c113
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c75
3 files changed, 45 insertions, 251 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c
deleted file mode 100644
index f59919ca1a..0000000000
--- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- Unix SMB/CIFS mplementation.
-
- The module that handles the Domain Naming FSMO Role Owner
- checkings
-
- Copyright (C) Stefan Metzmacher 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "ldb_module.h"
-#include "dsdb/samdb/samdb.h"
-#include "librpc/gen_ndr/ndr_misc.h"
-#include "librpc/gen_ndr/ndr_drsuapi.h"
-#include "librpc/gen_ndr/ndr_drsblobs.h"
-#include "../lib/util/dlinklist.h"
-#include "dsdb/samdb/ldb_modules/util.h"
-
-static int naming_fsmo_init(struct ldb_module *module)
-{
- struct ldb_context *ldb;
- TALLOC_CTX *mem_ctx;
- struct ldb_dn *naming_dn;
- struct dsdb_naming_fsmo *naming_fsmo;
- struct ldb_result *naming_res;
- int ret;
- static const char *naming_attrs[] = {
- "fSMORoleOwner",
- NULL
- };
-
- ldb = ldb_module_get_ctx(module);
-
- mem_ctx = talloc_new(module);
- if (!mem_ctx) {
- return ldb_oom(ldb);
- }
-
- naming_dn = samdb_partitions_dn(ldb, mem_ctx);
- if (!naming_dn) {
- ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "naming_fsmo_init: unable to determine partitions dn");
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- naming_fsmo = talloc_zero(mem_ctx, struct dsdb_naming_fsmo);
- if (!naming_fsmo) {
- return ldb_oom(ldb);
- }
- ldb_module_set_private(module, naming_fsmo);
-
- ret = dsdb_module_search_dn(module, mem_ctx, &naming_res,
- naming_dn,
- naming_attrs,
- DSDB_FLAG_NEXT_MODULE, NULL);
- if (ret == LDB_ERR_NO_SUCH_OBJECT) {
- ldb_debug(ldb, LDB_DEBUG_TRACE,
- "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)");
- talloc_free(mem_ctx);
- return ldb_next_init(module);
- }
-
- naming_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, naming_fsmo, naming_res->msgs[0], "fSMORoleOwner");
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), naming_fsmo->master_dn) == 0) {
- naming_fsmo->we_are_master = true;
- } else {
- naming_fsmo->we_are_master = false;
- }
-
- if (ldb_set_opaque(ldb, "dsdb_naming_fsmo", naming_fsmo) != LDB_SUCCESS) {
- return ldb_oom(ldb);
- }
-
- talloc_steal(module, naming_fsmo);
-
- ldb_debug(ldb, LDB_DEBUG_TRACE,
- "naming_fsmo_init: we are master: %s\n",
- (naming_fsmo->we_are_master?"yes":"no"));
-
- talloc_free(mem_ctx);
- return ldb_next_init(module);
-}
-
-static const struct ldb_module_ops ldb_naming_fsmo_module_ops = {
- .name = "naming_fsmo",
- .init_context = naming_fsmo_init
-};
-
-int ldb_naming_fsmo_module_init(const char *version)
-{
- LDB_MODULE_CHECK_VERSION(version);
- return ldb_register_module(&ldb_naming_fsmo_module_ops);
-}
diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
deleted file mode 100644
index 68f181581c..0000000000
--- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- Unix SMB/CIFS mplementation.
-
- The module that handles the PDC FSMO Role Owner checkings
-
- Copyright (C) Stefan Metzmacher 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "ldb_module.h"
-#include "dsdb/samdb/samdb.h"
-#include "librpc/gen_ndr/ndr_misc.h"
-#include "librpc/gen_ndr/ndr_drsuapi.h"
-#include "librpc/gen_ndr/ndr_drsblobs.h"
-#include "../lib/util/dlinklist.h"
-#include "dsdb/samdb/ldb_modules/util.h"
-
-static int pdc_fsmo_init(struct ldb_module *module)
-{
- struct ldb_context *ldb;
- TALLOC_CTX *mem_ctx;
- struct ldb_dn *pdc_dn;
- struct dsdb_pdc_fsmo *pdc_fsmo;
- struct ldb_result *pdc_res;
- int ret;
- static const char *pdc_attrs[] = {
- "fSMORoleOwner",
- NULL
- };
-
- ldb = ldb_module_get_ctx(module);
-
- mem_ctx = talloc_new(module);
- if (!mem_ctx) {
- return ldb_oom(ldb);
- }
-
- pdc_dn = ldb_get_default_basedn(ldb);
- if (!pdc_dn) {
- ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "pdc_fsmo_init: could not determine default basedn");
- talloc_free(mem_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo);
- if (!pdc_fsmo) {
- return ldb_oom(ldb);
- }
- ldb_module_set_private(module, pdc_fsmo);
-
- ret = dsdb_module_search_dn(module, mem_ctx, &pdc_res,
- pdc_dn,
- pdc_attrs,
- DSDB_FLAG_NEXT_MODULE, NULL);
- if (ret == LDB_ERR_NO_SUCH_OBJECT) {
- ldb_debug(ldb, LDB_DEBUG_TRACE,
- "pdc_fsmo_init: no domain object present: (skip loading of domain details)");
- talloc_free(mem_ctx);
- return ldb_next_init(module);
- } else if (ret != LDB_SUCCESS) {
- ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "pdc_fsmo_init: failed to search the domain object: %d:%s: %s",
- ret, ldb_strerror(ret), ldb_errstring(ldb));
- talloc_free(mem_ctx);
- return ret;
- }
-
- pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner");
- if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), pdc_fsmo->master_dn) == 0) {
- pdc_fsmo->we_are_master = true;
- } else {
- pdc_fsmo->we_are_master = false;
- }
-
- if (ldb_set_opaque(ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) {
- return ldb_oom(ldb);
- }
-
- talloc_steal(module, pdc_fsmo);
-
- ldb_debug(ldb, LDB_DEBUG_TRACE,
- "pdc_fsmo_init: we are master: %s\n",
- (pdc_fsmo->we_are_master?"yes":"no"));
-
- talloc_free(mem_ctx);
- return ldb_next_init(module);
-}
-
-static const struct ldb_module_ops ldb_pdc_fsmo_module_ops = {
- .name = "pdc_fsmo",
- .init_context = pdc_fsmo_init
-};
-
-int ldb_pdc_fsmo_module_init(const char *version)
-{
- LDB_MODULE_CHECK_VERSION(version);
- return ldb_register_module(&ldb_pdc_fsmo_module_ops);
-}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 2499e82ad3..cfd75e8c43 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -170,6 +170,37 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m
return LDB_SUCCESS;
}
+/*
+ see if we are master for a FSMO role
+ */
+static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *dn, bool *master,
+ struct ldb_request *parent)
+{
+ const char *attrs[] = { "fSMORoleOwner", NULL };
+ TALLOC_CTX *tmp_ctx = talloc_new(parent);
+ struct ldb_result *res;
+ int ret;
+ struct ldb_dn *owner_dn;
+
+ ret = dsdb_module_search_dn(module, tmp_ctx, &res,
+ dn, attrs, DSDB_FLAG_NEXT_MODULE, parent);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ owner_dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
+ tmp_ctx, res->msgs[0], "fSMORoleOwner");
+ if (!owner_dn) {
+ *master = false;
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+
+ *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module))) == 0);
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
/*
add dynamically generated attributes to rootDSE result
@@ -190,6 +221,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
"rootDomainNamingContext",
"schemaNamingContext",
"serverName",
+ "validFSMOs",
NULL
};
@@ -346,38 +378,21 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
if (do_attribute_explicit(attrs, "validFSMOs")) {
- const struct dsdb_naming_fsmo *naming_fsmo;
- const struct dsdb_pdc_fsmo *pdc_fsmo;
- const char *dn_str;
-
- if (schema && schema->fsmo.we_are_master) {
- dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(ldb));
- if (dn_str && dn_str[0]) {
- if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) {
- goto failed;
- }
- }
- }
+ struct ldb_dn *dns[3];
- naming_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_naming_fsmo"),
- struct dsdb_naming_fsmo);
- if (naming_fsmo && naming_fsmo->we_are_master) {
- dn_str = ldb_dn_get_linearized(samdb_partitions_dn(ldb, msg));
- if (dn_str && dn_str[0]) {
- if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) {
- goto failed;
- }
- }
- }
+ dns[0] = ldb_get_schema_basedn(ldb);
+ dns[1] = samdb_partitions_dn(ldb, msg);
+ dns[2] = ldb_get_default_basedn(ldb);
- pdc_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_pdc_fsmo"),
- struct dsdb_pdc_fsmo);
- if (pdc_fsmo && pdc_fsmo->we_are_master) {
- dn_str = ldb_dn_get_linearized(ldb_get_default_basedn(ldb));
- if (dn_str && dn_str[0]) {
- if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) {
- goto failed;
- }
+ for (i=0; i<3; i++) {
+ bool master;
+ int ret = dsdb_module_we_are_master(module, dns[i], &master, req);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
+ if (master && ldb_msg_add_fmt(msg, "validFSMOs", "%s",
+ ldb_dn_get_linearized(dns[i])) != LDB_SUCCESS) {
+ goto failed;
}
}
}