From f9d10a304d0197cc1ef5b14ab523d6462040088a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 11 Aug 2011 15:40:53 +1000 Subject: s4-dsdb: calculate validFSMOs at runtime instead of pre-computing this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 108 ------------------------- source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 113 --------------------------- source4/dsdb/samdb/ldb_modules/rootdse.c | 75 +++++++++++------- 3 files changed, 45 insertions(+), 251 deletions(-) delete mode 100644 source4/dsdb/samdb/ldb_modules/naming_fsmo.c delete mode 100644 source4/dsdb/samdb/ldb_modules/pdc_fsmo.c (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c deleted file mode 100644 index f59919ca1a..0000000000 --- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - - The module that handles the Domain Naming FSMO Role Owner - checkings - - Copyright (C) Stefan Metzmacher 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "includes.h" -#include "ldb_module.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/gen_ndr/ndr_misc.h" -#include "librpc/gen_ndr/ndr_drsuapi.h" -#include "librpc/gen_ndr/ndr_drsblobs.h" -#include "../lib/util/dlinklist.h" -#include "dsdb/samdb/ldb_modules/util.h" - -static int naming_fsmo_init(struct ldb_module *module) -{ - struct ldb_context *ldb; - TALLOC_CTX *mem_ctx; - struct ldb_dn *naming_dn; - struct dsdb_naming_fsmo *naming_fsmo; - struct ldb_result *naming_res; - int ret; - static const char *naming_attrs[] = { - "fSMORoleOwner", - NULL - }; - - ldb = ldb_module_get_ctx(module); - - mem_ctx = talloc_new(module); - if (!mem_ctx) { - return ldb_oom(ldb); - } - - naming_dn = samdb_partitions_dn(ldb, mem_ctx); - if (!naming_dn) { - ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "naming_fsmo_init: unable to determine partitions dn"); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - naming_fsmo = talloc_zero(mem_ctx, struct dsdb_naming_fsmo); - if (!naming_fsmo) { - return ldb_oom(ldb); - } - ldb_module_set_private(module, naming_fsmo); - - ret = dsdb_module_search_dn(module, mem_ctx, &naming_res, - naming_dn, - naming_attrs, - DSDB_FLAG_NEXT_MODULE, NULL); - if (ret == LDB_ERR_NO_SUCH_OBJECT) { - ldb_debug(ldb, LDB_DEBUG_TRACE, - "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)"); - talloc_free(mem_ctx); - return ldb_next_init(module); - } - - naming_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, naming_fsmo, naming_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), naming_fsmo->master_dn) == 0) { - naming_fsmo->we_are_master = true; - } else { - naming_fsmo->we_are_master = false; - } - - if (ldb_set_opaque(ldb, "dsdb_naming_fsmo", naming_fsmo) != LDB_SUCCESS) { - return ldb_oom(ldb); - } - - talloc_steal(module, naming_fsmo); - - ldb_debug(ldb, LDB_DEBUG_TRACE, - "naming_fsmo_init: we are master: %s\n", - (naming_fsmo->we_are_master?"yes":"no")); - - talloc_free(mem_ctx); - return ldb_next_init(module); -} - -static const struct ldb_module_ops ldb_naming_fsmo_module_ops = { - .name = "naming_fsmo", - .init_context = naming_fsmo_init -}; - -int ldb_naming_fsmo_module_init(const char *version) -{ - LDB_MODULE_CHECK_VERSION(version); - return ldb_register_module(&ldb_naming_fsmo_module_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c deleted file mode 100644 index 68f181581c..0000000000 --- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - - The module that handles the PDC FSMO Role Owner checkings - - Copyright (C) Stefan Metzmacher 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "includes.h" -#include "ldb_module.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/gen_ndr/ndr_misc.h" -#include "librpc/gen_ndr/ndr_drsuapi.h" -#include "librpc/gen_ndr/ndr_drsblobs.h" -#include "../lib/util/dlinklist.h" -#include "dsdb/samdb/ldb_modules/util.h" - -static int pdc_fsmo_init(struct ldb_module *module) -{ - struct ldb_context *ldb; - TALLOC_CTX *mem_ctx; - struct ldb_dn *pdc_dn; - struct dsdb_pdc_fsmo *pdc_fsmo; - struct ldb_result *pdc_res; - int ret; - static const char *pdc_attrs[] = { - "fSMORoleOwner", - NULL - }; - - ldb = ldb_module_get_ctx(module); - - mem_ctx = talloc_new(module); - if (!mem_ctx) { - return ldb_oom(ldb); - } - - pdc_dn = ldb_get_default_basedn(ldb); - if (!pdc_dn) { - ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "pdc_fsmo_init: could not determine default basedn"); - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - - pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo); - if (!pdc_fsmo) { - return ldb_oom(ldb); - } - ldb_module_set_private(module, pdc_fsmo); - - ret = dsdb_module_search_dn(module, mem_ctx, &pdc_res, - pdc_dn, - pdc_attrs, - DSDB_FLAG_NEXT_MODULE, NULL); - if (ret == LDB_ERR_NO_SUCH_OBJECT) { - ldb_debug(ldb, LDB_DEBUG_TRACE, - "pdc_fsmo_init: no domain object present: (skip loading of domain details)"); - talloc_free(mem_ctx); - return ldb_next_init(module); - } else if (ret != LDB_SUCCESS) { - ldb_debug_set(ldb, LDB_DEBUG_FATAL, - "pdc_fsmo_init: failed to search the domain object: %d:%s: %s", - ret, ldb_strerror(ret), ldb_errstring(ldb)); - talloc_free(mem_ctx); - return ret; - } - - pdc_fsmo->master_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, pdc_res->msgs[0], "fSMORoleOwner"); - if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), pdc_fsmo->master_dn) == 0) { - pdc_fsmo->we_are_master = true; - } else { - pdc_fsmo->we_are_master = false; - } - - if (ldb_set_opaque(ldb, "dsdb_pdc_fsmo", pdc_fsmo) != LDB_SUCCESS) { - return ldb_oom(ldb); - } - - talloc_steal(module, pdc_fsmo); - - ldb_debug(ldb, LDB_DEBUG_TRACE, - "pdc_fsmo_init: we are master: %s\n", - (pdc_fsmo->we_are_master?"yes":"no")); - - talloc_free(mem_ctx); - return ldb_next_init(module); -} - -static const struct ldb_module_ops ldb_pdc_fsmo_module_ops = { - .name = "pdc_fsmo", - .init_context = pdc_fsmo_init -}; - -int ldb_pdc_fsmo_module_init(const char *version) -{ - LDB_MODULE_CHECK_VERSION(version); - return ldb_register_module(&ldb_pdc_fsmo_module_ops); -} diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 2499e82ad3..cfd75e8c43 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -170,6 +170,37 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m return LDB_SUCCESS; } +/* + see if we are master for a FSMO role + */ +static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *dn, bool *master, + struct ldb_request *parent) +{ + const char *attrs[] = { "fSMORoleOwner", NULL }; + TALLOC_CTX *tmp_ctx = talloc_new(parent); + struct ldb_result *res; + int ret; + struct ldb_dn *owner_dn; + + ret = dsdb_module_search_dn(module, tmp_ctx, &res, + dn, attrs, DSDB_FLAG_NEXT_MODULE, parent); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + owner_dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module), + tmp_ctx, res->msgs[0], "fSMORoleOwner"); + if (!owner_dn) { + *master = false; + talloc_free(tmp_ctx); + return LDB_SUCCESS; + } + + *master = (ldb_dn_compare(owner_dn, samdb_ntds_settings_dn(ldb_module_get_ctx(module))) == 0); + talloc_free(tmp_ctx); + return LDB_SUCCESS; +} /* add dynamically generated attributes to rootDSE result @@ -190,6 +221,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms "rootDomainNamingContext", "schemaNamingContext", "serverName", + "validFSMOs", NULL }; @@ -346,38 +378,21 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } if (do_attribute_explicit(attrs, "validFSMOs")) { - const struct dsdb_naming_fsmo *naming_fsmo; - const struct dsdb_pdc_fsmo *pdc_fsmo; - const char *dn_str; - - if (schema && schema->fsmo.we_are_master) { - dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(ldb)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } - } - } + struct ldb_dn *dns[3]; - naming_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_naming_fsmo"), - struct dsdb_naming_fsmo); - if (naming_fsmo && naming_fsmo->we_are_master) { - dn_str = ldb_dn_get_linearized(samdb_partitions_dn(ldb, msg)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } - } - } + dns[0] = ldb_get_schema_basedn(ldb); + dns[1] = samdb_partitions_dn(ldb, msg); + dns[2] = ldb_get_default_basedn(ldb); - pdc_fsmo = talloc_get_type(ldb_get_opaque(ldb, "dsdb_pdc_fsmo"), - struct dsdb_pdc_fsmo); - if (pdc_fsmo && pdc_fsmo->we_are_master) { - dn_str = ldb_dn_get_linearized(ldb_get_default_basedn(ldb)); - if (dn_str && dn_str[0]) { - if (ldb_msg_add_fmt(msg, "validFSMOs", "%s", dn_str) != LDB_SUCCESS) { - goto failed; - } + for (i=0; i<3; i++) { + bool master; + int ret = dsdb_module_we_are_master(module, dns[i], &master, req); + if (ret != LDB_SUCCESS) { + goto failed; + } + if (master && ldb_msg_add_fmt(msg, "validFSMOs", "%s", + ldb_dn_get_linearized(dns[i])) != LDB_SUCCESS) { + goto failed; } } } -- cgit