summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-11 21:46:58 +1000
committerAndrew Tridgell <tridge@samba.org>2009-09-11 22:13:45 +1000
commit61facf426691cc896ec61fde1c4cb7d947adb07b (patch)
tree8e44d7aa5e879a1ab6b69e0d1c4c8bb09a387330 /source4/dsdb
parentfd3a77839cf747ce884cbd4e1cc212f22c4836a2 (diff)
downloadsamba-61facf426691cc896ec61fde1c4cb7d947adb07b.tar.gz
samba-61facf426691cc896ec61fde1c4cb7d947adb07b.tar.bz2
samba-61facf426691cc896ec61fde1c4cb7d947adb07b.zip
s4-kcc: add a very simple KCC
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon that works out who will replicate with who in a AD domain. This implements an extremely simple KCC task that just wants to replicate with everyone :-)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/config.mk18
-rw-r--r--source4/dsdb/kcc/kcc_periodic.c209
-rw-r--r--source4/dsdb/kcc/kcc_service.c221
-rw-r--r--source4/dsdb/kcc/kcc_service.h85
4 files changed, 533 insertions, 0 deletions
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index 2a9f70fdb5..eb26f5b433 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -65,3 +65,21 @@ DREPL_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/repl/, \
drepl_out_helpers.o)
$(eval $(call proto_header_template,$(dsdbsrcdir)/repl/drepl_service_proto.h,$(DREPL_SRV_OBJ_FILES:.o=.c)))
+
+#######################
+# Start SUBSYSTEM KCC_SRV
+[MODULE::KCC_SRV]
+INIT_FUNCTION = server_service_kcc_init
+SUBSYSTEM = service
+PRIVATE_DEPENDENCIES = \
+ SAMDB \
+ process_model \
+ RPC_NDR_DRSUAPI
+# End SUBSYSTEM KCC_SRV
+#######################
+
+KCC_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/kcc/, \
+ kcc_service.o \
+ kcc_periodic.o)
+
+$(eval $(call proto_header_template,$(dsdbsrcdir)/kcc/kcc_service_proto.h,$(KCC_SRV_OBJ_FILES:.o=.c)))
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
new file mode 100644
index 0000000000..649efd51ca
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -0,0 +1,209 @@
+/*
+ Unix SMB/CIFS mplementation.
+ KCC service periodic handling
+
+ Copyright (C) Andrew Tridgell 2009
+ based on repl service code
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "smbd/service.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_service.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+/*
+ * add a repsFrom to all our partitions
+ */
+
+
+/*
+ this is the core of our initial simple KCC
+ We just add a repsFrom entry for all DCs we find that have nTDSDSA
+ objects, except for ourselves
+ */
+static NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+ struct ldb_result *res;
+ int ret, i;
+ const char *attrs[] = { "objectGUID", "invocationID", NULL };
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+ struct kccsrv_partition *p;
+
+ ret = ldb_search(s->samdb, mem_ctx, &res, s->config_dn, LDB_SCOPE_SUBTREE,
+ attrs, "objectClass=nTDSDSA");
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed nTDSDSA search - %s\n", ldb_errstring(s->samdb)));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(msg);
+
+ ret = ldb_msg_add_empty(msg, "repsFrom", LDB_FLAG_MOD_REPLACE, &el);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<res->count; i++) {
+ struct repsFromToBlob r;
+ struct repsFromTo1 *r1;
+ struct repsFromTo1OtherInfo oi;
+ struct GUID ntds_guid, invocation_id;
+ struct ldb_val v;
+ enum ndr_err_code ndr_err;
+
+ ntds_guid = samdb_result_guid(res->msgs[i], "objectGUID");
+ if (GUID_compare(&ntds_guid, &s->ntds_guid) == 0) {
+ /* don't replicate with ourselves */
+ continue;
+ }
+
+ invocation_id = samdb_result_guid(res->msgs[i], "invocationID");
+
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(oi);
+ r.version = 1;
+ r1 = &r.ctr.ctr1;
+
+ oi.dns_name = talloc_asprintf(mem_ctx, "%s._msdcs.%s",
+ GUID_string(mem_ctx, &ntds_guid),
+ lp_realm(s->task->lp_ctx));
+ r1->other_info = &oi;
+ r1->source_dsa_obj_guid = ntds_guid;
+ r1->source_dsa_invocation_id = invocation_id;
+ r1->replica_flags =
+ DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE |
+ DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP |
+ DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS;
+ memset(r1->schedule, 0x11, sizeof(r1->schedule));
+
+
+ ndr_err = ndr_push_struct_blob(&v, mem_ctx,
+ lp_iconv_convenience(s->task->lp_ctx),
+ &r,
+ (ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,(__location__ ": Failed tp push repsFrom blob\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ el->values = talloc_realloc(msg, el->values, struct ldb_val, el->num_values+1);
+ NT_STATUS_HAVE_NO_MEMORY(el->values);
+ el->values[el->num_values] = v;
+ el->num_values++;
+ }
+
+ /* replace the repsFrom on all partitions */
+ for (p=s->partitions; p; p=p->next) {
+ msg->dn = p->dn;
+ ret = ldb_modify(s->samdb, msg);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to store repsFrom for %s - %s\n",
+ ldb_dn_get_linearized(msg->dn), ldb_errstring(s->samdb)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+static void kccsrv_periodic_run(struct kccsrv_service *service);
+
+static void kccsrv_periodic_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+ struct timeval t, void *ptr)
+{
+ struct kccsrv_service *service = talloc_get_type(ptr, struct kccsrv_service);
+ WERROR status;
+
+ service->periodic.te = NULL;
+
+ kccsrv_periodic_run(service);
+
+ status = kccsrv_periodic_schedule(service, service->periodic.interval);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(service->task, win_errstr(status));
+ return;
+ }
+}
+
+WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_interval)
+{
+ TALLOC_CTX *tmp_mem;
+ struct tevent_timer *new_te;
+ struct timeval next_time;
+
+ /* prevent looping */
+ if (next_interval == 0) next_interval = 1;
+
+ next_time = timeval_current_ofs(next_interval, 50);
+
+ if (service->periodic.te) {
+ /*
+ * if the timestamp of the new event is higher,
+ * as current next we don't need to reschedule
+ */
+ if (timeval_compare(&next_time, &service->periodic.next_event) > 0) {
+ return WERR_OK;
+ }
+ }
+
+ /* reset the next scheduled timestamp */
+ service->periodic.next_event = next_time;
+
+ new_te = event_add_timed(service->task->event_ctx, service,
+ service->periodic.next_event,
+ kccsrv_periodic_handler_te, service);
+ W_ERROR_HAVE_NO_MEMORY(new_te);
+
+ tmp_mem = talloc_new(service);
+ DEBUG(2,("kccsrv_periodic_schedule(%u) %sscheduled for: %s\n",
+ next_interval,
+ (service->periodic.te?"re":""),
+ nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
+ talloc_free(tmp_mem);
+
+ talloc_free(service->periodic.te);
+ service->periodic.te = new_te;
+
+ return WERR_OK;
+}
+
+static void kccsrv_periodic_run(struct kccsrv_service *service)
+{
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+
+ DEBUG(2,("kccsrv_periodic_run(): simple update\n"));
+
+ mem_ctx = talloc_new(service);
+ status = kccsrv_simple_update(service, mem_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("kccsrv_simple_update failed - %s\n", nt_errstr(status)));
+ }
+ talloc_free(mem_ctx);
+}
diff --git a/source4/dsdb/kcc/kcc_service.c b/source4/dsdb/kcc/kcc_service.c
new file mode 100644
index 0000000000..2279879000
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_service.c
@@ -0,0 +1,221 @@
+/*
+ Unix SMB/CIFS mplementation.
+
+ KCC service
+
+ Copyright (C) Andrew Tridgell 2009
+ based on repl service code
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "smbd/service.h"
+#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_service.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+/*
+ establish system creds
+ */
+static WERROR kccsrv_init_creds(struct kccsrv_service *service)
+{
+ NTSTATUS status;
+
+ status = auth_system_session_info(service, service->task->lp_ctx,
+ &service->system_session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
+ return WERR_OK;
+}
+
+/*
+ connect to the local SAM
+ */
+static WERROR kccsrv_connect_samdb(struct kccsrv_service *service, struct loadparm_context *lp_ctx)
+{
+ const struct GUID *ntds_guid;
+
+ service->samdb = samdb_connect(service, service->task->event_ctx, lp_ctx, service->system_session_info);
+ if (!service->samdb) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ ntds_guid = samdb_ntds_objectGUID(service->samdb);
+ if (!ntds_guid) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ service->ntds_guid = *ntds_guid;
+
+ return WERR_OK;
+}
+
+
+/*
+ load our local partition list
+ */
+static WERROR kccsrv_load_partitions(struct kccsrv_service *s)
+{
+ struct ldb_dn *basedn;
+ struct ldb_result *r;
+ struct ldb_message_element *el;
+ static const char *attrs[] = { "namingContexts", "configurationNamingContext", NULL };
+ uint32_t i;
+ int ret;
+
+ basedn = ldb_dn_new(s, s->samdb, NULL);
+ W_ERROR_HAVE_NO_MEMORY(basedn);
+
+ ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+ "(objectClass=*)");
+ talloc_free(basedn);
+ if (ret != LDB_SUCCESS) {
+ return WERR_FOOBAR;
+ } else if (r->count != 1) {
+ talloc_free(r);
+ return WERR_FOOBAR;
+ }
+
+ el = ldb_msg_find_element(r->msgs[0], "namingContexts");
+ if (!el) {
+ return WERR_FOOBAR;
+ }
+
+ for (i=0; el && i < el->num_values; i++) {
+ const char *v = (const char *)el->values[i].data;
+ struct ldb_dn *pdn;
+ struct kccsrv_partition *p;
+
+ pdn = ldb_dn_new(s, s->samdb, v);
+ if (!ldb_dn_validate(pdn)) {
+ return WERR_FOOBAR;
+ }
+
+ p = talloc_zero(s, struct kccsrv_partition);
+ W_ERROR_HAVE_NO_MEMORY(p);
+
+ p->dn = talloc_steal(p, pdn);
+ p->service = s;
+
+ DLIST_ADD(s->partitions, p);
+
+ DEBUG(2, ("kccsrv_partition[%s] loaded\n", v));
+ }
+
+ el = ldb_msg_find_element(r->msgs[0], "configurationNamingContext");
+ if (!el) {
+ return WERR_FOOBAR;
+ }
+ s->config_dn = ldb_dn_new(s, s->samdb, (const char *)el->values[0].data);
+ if (!ldb_dn_validate(s->config_dn)) {
+ return WERR_FOOBAR;
+ }
+
+ talloc_free(r);
+
+ return WERR_OK;
+}
+
+
+/*
+ startup the kcc service task
+*/
+static void kccsrv_task_init(struct task_server *task)
+{
+ WERROR status;
+ struct kccsrv_service *service;
+ uint32_t periodic_startup_interval;
+
+ switch (lp_server_role(task->lp_ctx)) {
+ case ROLE_STANDALONE:
+ task_server_terminate(task, "kccsrv: no KCC required in standalone configuration");
+ return;
+ case ROLE_DOMAIN_MEMBER:
+ task_server_terminate(task, "kccsrv: no KCC required in domain member configuration");
+ return;
+ case ROLE_DOMAIN_CONTROLLER:
+ /* Yes, we want a KCC */
+ break;
+ }
+
+ task_server_set_title(task, "task[kccsrv]");
+
+ service = talloc_zero(task, struct kccsrv_service);
+ if (!service) {
+ task_server_terminate(task, "kccsrv_task_init: out of memory");
+ return;
+ }
+ service->task = task;
+ service->startup_time = timeval_current();
+ task->private_data = service;
+
+ status = kccsrv_init_creds(service);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(task, talloc_asprintf(task,
+ "kccsrv: Failed to obtain server credentials: %s\n",
+ win_errstr(status)));
+ return;
+ }
+
+ status = kccsrv_connect_samdb(service, task->lp_ctx);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(task, talloc_asprintf(task,
+ "kccsrv: Failed to connect to local samdb: %s\n",
+ win_errstr(status)));
+ return;
+ }
+
+ status = kccsrv_load_partitions(service);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(task, talloc_asprintf(task,
+ "kccsrv: Failed to load partitions: %s\n",
+ win_errstr(status)));
+ return;
+ }
+
+ periodic_startup_interval = lp_parm_int(task->lp_ctx, NULL, "kccsrv",
+ "periodic_startup_interval", 15); /* in seconds */
+ service->periodic.interval = lp_parm_int(task->lp_ctx, NULL, "kccsrv",
+ "periodic_interval", 300); /* in seconds */
+
+ status = kccsrv_periodic_schedule(service, periodic_startup_interval);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(task, talloc_asprintf(task,
+ "kccsrv: Failed to periodic schedule: %s\n",
+ win_errstr(status)));
+ return;
+ }
+
+ irpc_add_name(task->msg_ctx, "kccsrv");
+}
+
+/*
+ register ourselves as a available server
+*/
+NTSTATUS server_service_kcc_init(void)
+{
+ return register_server_service("kcc", kccsrv_task_init);
+}
diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h
new file mode 100644
index 0000000000..6a78d37a91
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_service.h
@@ -0,0 +1,85 @@
+/*
+ Unix SMB/CIFS mplementation.
+
+ KCC service
+
+ Copyright (C) Andrew Tridgell 2009
+ based on drepl service code
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#ifndef _DSDB_REPL_KCC_SERVICE_H_
+#define _DSDB_REPL_KCC_SERVICE_H_
+
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+
+struct kccsrv_partition {
+ struct kccsrv_partition *prev, *next;
+ struct kccsrv_service *service;
+
+ /* the dn of the partition */
+ struct ldb_dn *dn;
+};
+
+
+struct kccsrv_service {
+ /* the whole kcc service is in one task */
+ struct task_server *task;
+
+ /* the time the service was started */
+ struct timeval startup_time;
+
+ /* dn of our configuration partition */
+ struct ldb_dn *config_dn;
+
+ /*
+ * system session info
+ * with machine account credentials
+ */
+ struct auth_session_info *system_session_info;
+
+ /* list of local partitions */
+ struct kccsrv_partition *partitions;
+
+ /*
+ * a connection to the local samdb
+ */
+ struct ldb_context *samdb;
+
+ /* the guid of our NTDS Settings object, which never changes! */
+ struct GUID ntds_guid;
+
+ /* some stuff for periodic processing */
+ struct {
+ /*
+ * the interval between to periodic runs
+ */
+ uint32_t interval;
+
+ /*
+ * the timestamp for the next event,
+ * this is the timstamp passed to event_add_timed()
+ */
+ struct timeval next_event;
+
+ /* here we have a reference to the timed event the schedules the periodic stuff */
+ struct tevent_timer *te;
+ } periodic;
+};
+
+#include "dsdb/kcc/kcc_service_proto.h"
+
+#endif /* _DSDB_REPL_KCC_SERVICE_H_ */