From 60cbc98051b430fc09358a09866c69a54cc726bc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 Sep 2011 11:04:29 +1000 Subject: s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/common/util.c | 66 +++++++++++++++++++++++++ source4/dsdb/common/util.h | 1 + source4/dsdb/repl/replicated_objects.c | 63 ++--------------------- source4/dsdb/samdb/ldb_modules/new_partition.c | 12 +++++ source4/dsdb/samdb/ldb_modules/partition_init.c | 12 +++++ source4/dsdb/samdb/samdb.h | 3 ++ source4/setup/schema_samba4.ldif | 1 + 7 files changed, 98 insertions(+), 60 deletions(-) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index cf28f1dd01..3a55a55306 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -3751,6 +3751,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags) } } + if (dsdb_flags & DSDB_MODIFY_PARTIAL_REPLICA) { + ret = ldb_request_add_control(req, DSDB_CONTROL_PARTIAL_REPLICA, false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; } @@ -4467,3 +4474,62 @@ NTSTATUS dsdb_ldb_err_to_ntstatus(int err) } return NT_STATUS_UNSUCCESSFUL; } + + +/* + create a new naming context that will hold a partial replica + */ +int dsdb_create_partial_replica_NC(struct ldb_context *ldb, struct ldb_dn *dn) +{ + TALLOC_CTX *tmp_ctx = talloc_new(ldb); + struct ldb_message *msg; + int ret; + + msg = ldb_msg_new(tmp_ctx); + if (msg == NULL) { + talloc_free(tmp_ctx); + return ldb_oom(ldb); + } + + msg->dn = dn; + ret = ldb_msg_add_string(msg, "objectClass", "top"); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ldb_oom(ldb); + } + + /* [MS-DRSR] implies that we should only add the 'top' + * objectclass, but that would cause lots of problems with our + * objectclass code as top is not structural, so we add + * 'domainDNS' as well to keep things sane. We're expecting + * this new NC to be of objectclass domainDNS after + * replication anyway + */ + ret = ldb_msg_add_string(msg, "objectClass", "domainDNS"); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ldb_oom(ldb); + } + + ret = ldb_msg_add_fmt(msg, "instanceType", "%u", + INSTANCE_TYPE_IS_NC_HEAD| + INSTANCE_TYPE_NC_ABOVE| + INSTANCE_TYPE_UNINSTANT); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ldb_oom(ldb); + } + + ret = dsdb_add(ldb, msg, DSDB_MODIFY_PARTIAL_REPLICA); + if (ret != LDB_SUCCESS) { + DEBUG(0,("Failed to create new NC for %s - %s\n", + ldb_dn_get_linearized(dn), ldb_errstring(ldb))); + talloc_free(tmp_ctx); + return ret; + } + + DEBUG(1,("Created new NC for %s\n", ldb_dn_get_linearized(dn))); + + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h index 75ef49e1c3..b2f7aa5b32 100644 --- a/source4/dsdb/common/util.h +++ b/source4/dsdb/common/util.h @@ -37,6 +37,7 @@ #define DSDB_PROVISION 0x0800 #define DSDB_BYPASS_PASSWORD_HASH 0x1000 #define DSDB_SEARCH_NO_GLOBAL_CATALOG 0x2000 +#define DSDB_MODIFY_PARTIAL_REPLICA 0x4000 bool is_attr_in_list(const char * const * attrs, const char *attr); diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index e1e6b0c926..5ccf052554 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -686,64 +686,6 @@ static WERROR dsdb_origin_object_convert(struct ldb_context *ldb, return WERR_OK; } -/* - create a new naming context via a DsAddEntry() with a nCName in a - crossRef object - */ -static WERROR dsdb_origin_create_NC(struct ldb_context *ldb, - struct ldb_dn *dn) -{ - TALLOC_CTX *tmp_ctx = talloc_new(ldb); - struct ldb_message *msg; - int ret; - - msg = ldb_msg_new(tmp_ctx); - W_ERROR_HAVE_NO_MEMORY_AND_FREE(msg, tmp_ctx); - - msg->dn = dn; - ret = ldb_msg_add_string(msg, "objectClass", "top"); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return WERR_NOMEM; - } - - /* [MS-DRSR] implies that we should only add the 'top' - * objectclass, but that would cause lots of problems with our - * objectclass code as top is not structural, so we add - * 'domainDNS' as well to keep things sane. We're expecting - * this new NC to be of objectclass domainDNS after - * replication anyway - */ - ret = ldb_msg_add_string(msg, "objectClass", "domainDNS"); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return WERR_NOMEM; - } - - ret = ldb_msg_add_fmt(msg, "instanceType", "%u", - INSTANCE_TYPE_IS_NC_HEAD| - INSTANCE_TYPE_NC_ABOVE| - INSTANCE_TYPE_UNINSTANT); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return WERR_NOMEM; - } - - ret = dsdb_add(ldb, msg, 0); - if (ret != LDB_SUCCESS) { - DEBUG(0,("Failed to create new NC for %s - %s\n", - ldb_dn_get_linearized(dn), ldb_errstring(ldb))); - talloc_free(tmp_ctx); - return WERR_NOMEM; - } - - DEBUG(1,("Created new NC for %s\n", ldb_dn_get_linearized(dn))); - - talloc_free(tmp_ctx); - return WERR_OK; -} - - WERROR dsdb_origin_objects_commit(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct drsuapi_DsReplicaObjectListItem *first_object, @@ -825,8 +767,9 @@ WERROR dsdb_origin_objects_commit(struct ldb_context *ldb, if (!ldb_dn_validate(nc_dn)) { continue; } - status = dsdb_origin_create_NC(ldb, nc_dn); - if (!W_ERROR_IS_OK(status)) { + ret = dsdb_create_partial_replica_NC(ldb, nc_dn); + if (ret != LDB_SUCCESS) { + status = WERR_DS_INTERNAL_FAILURE; goto cancel; } } diff --git a/source4/dsdb/samdb/ldb_modules/new_partition.c b/source4/dsdb/samdb/ldb_modules/new_partition.c index 87983f41c8..3f730f97db 100644 --- a/source4/dsdb/samdb/ldb_modules/new_partition.c +++ b/source4/dsdb/samdb/ldb_modules/new_partition.c @@ -36,6 +36,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" #include "../libds/common/flags.h" +#include "dsdb/common/util.h" struct np_context { struct ldb_module *module; @@ -122,6 +123,17 @@ static int np_part_search_callback(struct ldb_request *req, struct ldb_reply *ar ret = ldb_build_extended_req(&ac->part_add, ldb, ac, DSDB_EXTENDED_CREATE_PARTITION_OID, ex_op, NULL, ac, np_part_mod_callback, req); + + /* if the parent was asking for a partial replica, then we + * need the extended operation to also ask for a partial + * replica */ + if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) { + ret = dsdb_request_add_controls(ac->part_add, DSDB_MODIFY_PARTIAL_REPLICA); + if (ret != LDB_SUCCESS) { + return ret; + } + } + LDB_REQ_SET_LOCATION(ac->part_add); if (ret != LDB_SUCCESS) { diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c b/source4/dsdb/samdb/ldb_modules/partition_init.c index 0dd3a472c2..030f592d3a 100644 --- a/source4/dsdb/samdb/ldb_modules/partition_init.c +++ b/source4/dsdb/samdb/ldb_modules/partition_init.c @@ -770,6 +770,18 @@ int partition_create(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ret; } + + if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) { + /* this new partition is a partial replica */ + ret = ldb_msg_add_empty(mod_msg, "partialReplica", LDB_FLAG_MOD_ADD, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_msg_add_fmt(mod_msg, "partialReplica", "%s", ldb_dn_get_linearized(dn)); + if (ret != LDB_SUCCESS) { + return ret; + } + } /* Perform modify on @PARTITION record */ ret = ldb_build_mod_req(&mod_req, ldb, req, mod_msg, NULL, NULL, diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 601b6765d1..4c89f24247 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -96,6 +96,9 @@ struct dsdb_control_password_change_status { /* passed when we want to get the behaviour of the non-global catalog port */ #define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17" +/* passed when we want special behaviour for partial replicas */ +#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18" + struct dsdb_control_password_change { const struct samr_Password *old_nt_pwd_hash; const struct samr_Password *old_lm_pwd_hash; diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index aa3426dbf8..496a73296e 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -192,6 +192,7 @@ #Allocated: (not used anymore) DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15 #Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16 #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17 +#Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18 # Extended 1.3.6.1.4.1.7165.4.4.x #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 -- cgit