#include "libnet/libnet.h"
#include "lib/events/events.h"
#include "dsdb/samdb/samdb.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "librpc/ndr/libndr.h"
#include "auth/auth.h"
#include "param/param.h"
#include "param/provision.h"
+#include "libcli/security/dom_sid.h"
/*
List of tasks vampire.py must perform:
const char *targetdir;
struct loadparm_context *lp_ctx;
+ struct tevent_context *event_ctx;
+ unsigned total_objects;
+ char *last_partition;
};
static NTSTATUS vampire_prepare_db(void *private_data,
{
struct vampire_state *s = talloc_get_type(private_data, struct vampire_state);
struct provision_settings settings;
+ struct provision_result result;
NTSTATUS status;
- bool ok;
- struct loadparm_context *lp_ctx = loadparm_init(s);
- char *smbconf;
-
- if (!lp_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
+ ZERO_STRUCT(settings);
settings.site_name = p->dest_dsa->site_name;
settings.root_dn_str = p->forest->root_dn_str;
settings.domain_dn_str = p->domain->dn_str;
settings.realm = s->join->out.realm;
settings.domain = s->join->out.domain_name;
settings.server_dn_str = p->dest_dsa->server_dn_str;
- settings.machine_password = generate_random_str(s, 16);
+ settings.machine_password = generate_random_password(s, 16, 255);
settings.targetdir = s->targetdir;
- status = provision_bare(s, s->lp_ctx, &settings);
-
- smbconf = talloc_asprintf(lp_ctx, "%s/%s", s->targetdir, "/etc/smb.conf");
+ status = provision_bare(s, s->lp_ctx, &settings, &result);
- ok = lp_load(lp_ctx, smbconf);
- if (!ok) {
- DEBUG(0,("Failed load freshly generated smb.conf '%s'\n", smbconf));
- return NT_STATUS_INVALID_PARAMETER;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- s->ldb = samdb_connect(s, lp_ctx,
- system_session(s, lp_ctx));
- if (!s->ldb) {
- DEBUG(0,("Failed to open '%s'\n", lp_sam_url(lp_ctx)));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- /* We must set these up to ensure the replMetaData is written correctly,
- before our NTDS Settings entry is replicated */
- ok = samdb_set_ntds_invocation_id(s->ldb, &p->dest_dsa->invocation_id);
- if (!ok) {
- DEBUG(0,("Failed to set cached ntds invocationId\n"));
+ s->ldb = result.samdb;
+ s->lp_ctx = result.lp_ctx;
+
+ /* wrap the entire vapire operation in a transaction. This
+ isn't just cosmetic - we use this to ensure that linked
+ attribute back links are added at the end by relying on a
+ transaction commit hook in the linked attributes module. We
+ need to do this as the order of objects coming from the
+ server is not sufficiently deterministic to know that the
+ record that a backlink needs to be created in has itself
+ been created before the object containing the forward link
+ has come over the wire */
+ if (ldb_transaction_start(s->ldb) != LDB_SUCCESS) {
return NT_STATUS_FOOBAR;
}
- s->lp_ctx = lp_ctx;
return NT_STATUS_OK;
{
WERROR status;
const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
- uint32_t total_object_count;
uint32_t object_count;
struct drsuapi_DsReplicaObjectListItemEx *first_object;
struct drsuapi_DsReplicaObjectListItemEx *cur;
uint32_t i;
int ret;
bool ok;
+ uint64_t seq_num;
DEBUG(0,("Analyze and apply schema objects\n"));
switch (c->ctr_level) {
case 1:
mapping_ctr = &c->ctr1->mapping_ctr;
- total_object_count = c->ctr1->total_object_count;
object_count = s->schema_part.object_count;
first_object = s->schema_part.first_object;
linked_attributes_count = 0;
break;
case 6:
mapping_ctr = &c->ctr6->mapping_ctr;
- total_object_count = c->ctr6->total_object_count;
object_count = s->schema_part.object_count;
first_object = s->schema_part.first_object;
- linked_attributes_count = 0; /* TODO: ! */
- linked_attributes = NULL; /* TODO: ! */;
+ linked_attributes_count = c->ctr6->linked_attributes_count;
+ linked_attributes = c->ctr6->linked_attributes;
s_dsa->highwatermark = c->ctr6->new_highwatermark;
s_dsa->source_dsa_obj_guid = c->ctr6->source_dsa_guid;
s_dsa->source_dsa_invocation_id = c->ctr6->source_dsa_invocation_id;
return NT_STATUS_INVALID_PARAMETER;
}
- s_dsa->replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS;
+ s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
+ | DRSUAPI_DRS_INIT_SYNC
+ | DRSUAPI_DRS_PER_SYNC;
memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
const char *oid = NULL;
a = &cur->object.attribute_ctr.attributes[i];
- status = dsdb_map_int2oid(s->self_made_schema, a->attid, s, &oid);
+ status = dsdb_schema_pfm_oid_from_attid(s->self_made_schema->prefixmap,
+ a->attid, s, &oid);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
for (j=0; j < a->value_ctr.num_values; j++) {
uint32_t val = 0xFFFFFFFF;
- if (a->value_ctr.values[i].blob
- && a->value_ctr.values[i].blob->length == 4) {
- val = IVAL(a->value_ctr.values[i].blob->data,0);
+ if (a->value_ctr.values[j].blob
+ && a->value_ctr.values[j].blob->length == 4) {
+ val = IVAL(a->value_ctr.values[j].blob->data,0);
}
if (val == DRSUAPI_OBJECTCLASS_attributeSchema) {
sa = talloc_zero(s->self_made_schema, struct dsdb_attribute);
NT_STATUS_HAVE_NO_MEMORY(sa);
- status = dsdb_attribute_from_drsuapi(s->self_made_schema, &cur->object, s, sa);
+ status = dsdb_attribute_from_drsuapi(s->ldb, s->self_made_schema, &cur->object, s, sa);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
sc = talloc_zero(s->self_made_schema, struct dsdb_class);
NT_STATUS_HAVE_NO_MEMORY(sc);
- status = dsdb_class_from_drsuapi(s->self_made_schema, &cur->object, s, sc);
+ status = dsdb_class_from_drsuapi(s->ldb, s->self_made_schema, &cur->object, s, sc);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
-
DLIST_ADD_END(s->self_made_schema->classes, sc, struct dsdb_class *);
}
}
return NT_STATUS_FOOBAR;
}
/* we don't want to access the self made schema anymore */
+ s->schema = s->self_made_schema;
s->self_made_schema = NULL;
- s->schema = dsdb_get_schema(s->ldb);
- status = dsdb_extended_replicated_objects_commit(s->ldb,
- c->partition->nc.dn,
- mapping_ctr,
- object_count,
- first_object,
- linked_attributes_count,
- linked_attributes,
- s_dsa,
- uptodateness_vector,
- c->gensec_skey,
- s, &objs);
+ /* Now convert the schema elements again, using the schema we just imported */
+ status = dsdb_extended_replicated_objects_convert(s->ldb,
+ c->partition->nc.dn,
+ mapping_ctr,
+ object_count,
+ first_object,
+ linked_attributes_count,
+ linked_attributes,
+ s_dsa,
+ uptodateness_vector,
+ c->gensec_skey,
+ s, &objs);
if (!W_ERROR_IS_OK(status)) {
DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
}
+ status = dsdb_extended_replicated_objects_commit(s->ldb, objs, &seq_num);
+ if (!W_ERROR_IS_OK(status)) {
+ DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ return werror_to_ntstatus(status);
+ }
+
msg = ldb_msg_new(objs);
NT_STATUS_HAVE_NO_MEMORY(msg);
msg->dn = objs->partition_dn;
talloc_free(s_dsa);
talloc_free(objs);
- /* reopen the ldb */
- talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
- s->schema = NULL;
-
- DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema\n"));
- s->ldb = samdb_connect(s, s->lp_ctx,
- system_session(s, s->lp_ctx));
- if (!s->ldb) {
- DEBUG(0,("Failed to reopen sam.ldb\n"));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- /* We must set these up to ensure the replMetaData is written correctly, before our NTDS Settings entry is replicated */
+ /* We must set these up to ensure the replMetaData is written
+ * correctly, before our NTDS Settings entry is replicated */
ok = samdb_set_ntds_invocation_id(s->ldb, &c->dest_dsa->invocation_id);
if (!ok) {
DEBUG(0,("Failed to set cached ntds invocationId\n"));
return NT_STATUS_FOOBAR;
}
- s->schema = dsdb_get_schema(s->ldb);
+ s->schema = dsdb_get_schema(s->ldb, s);
if (!s->schema) {
DEBUG(0,("Failed to get loaded dsdb_schema\n"));
return NT_STATUS_FOOBAR;
struct vampire_state *s = talloc_get_type(private_data, struct vampire_state);
WERROR status;
const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
- uint32_t total_object_count;
+ uint32_t nc_object_count;
uint32_t object_count;
struct drsuapi_DsReplicaObjectListItemEx *first_object;
struct drsuapi_DsReplicaObjectListItemEx *cur;
+ uint32_t nc_linked_attributes_count;
+ uint32_t linked_attributes_count;
+ struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
switch (c->ctr_level) {
case 1:
- mapping_ctr = &c->ctr1->mapping_ctr;
- total_object_count = c->ctr1->total_object_count;
- object_count = c->ctr1->object_count;
- first_object = c->ctr1->first_object;
+ mapping_ctr = &c->ctr1->mapping_ctr;
+ nc_object_count = c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
+ object_count = c->ctr1->object_count;
+ first_object = c->ctr1->first_object;
+ nc_linked_attributes_count = 0;
+ linked_attributes_count = 0;
+ linked_attributes = NULL;
break;
case 6:
- mapping_ctr = &c->ctr6->mapping_ctr;
- total_object_count = c->ctr6->total_object_count;
- object_count = c->ctr6->object_count;
- first_object = c->ctr6->first_object;
+ mapping_ctr = &c->ctr6->mapping_ctr;
+ nc_object_count = c->ctr6->nc_object_count;
+ object_count = c->ctr6->object_count;
+ first_object = c->ctr6->first_object;
+ nc_linked_attributes_count = c->ctr6->nc_linked_attributes_count;
+ linked_attributes_count = c->ctr6->linked_attributes_count;
+ linked_attributes = c->ctr6->linked_attributes;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
}
- if (total_object_count) {
- DEBUG(0,("Schema-DN[%s] objects[%u/%u]\n",
- c->partition->nc.dn, object_count, total_object_count));
+ if (nc_object_count) {
+ DEBUG(0,("Schema-DN[%s] objects[%u/%u] linked_values[%u/%u]\n",
+ c->partition->nc.dn, object_count, nc_object_count,
+ linked_attributes_count, nc_linked_attributes_count));
} else {
- DEBUG(0,("Schema-DN[%s] objects[%u]\n",
- c->partition->nc.dn, object_count));
+ DEBUG(0,("Schema-DN[%s] objects[%u] linked_values[%u]\n",
+ c->partition->nc.dn, object_count, linked_attributes_count));
}
if (!s->schema) {
NT_STATUS_HAVE_NO_MEMORY(s->self_made_schema);
- status = dsdb_load_oid_mappings_drsuapi(s->self_made_schema, mapping_ctr);
+ status = dsdb_load_prefixmap_from_drsuapi(s->self_made_schema, mapping_ctr);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
s->schema = s->self_made_schema;
} else {
- status = dsdb_verify_oid_mappings_drsuapi(s->schema, mapping_ctr);
+ status = dsdb_schema_pfm_contains_drsuapi_pfm(s->schema->prefixmap, mapping_ctr);
if (!W_ERROR_IS_OK(status)) {
return werror_to_ntstatus(status);
}
for (cur = first_object; cur->next_object; cur = cur->next_object) {}
s->schema_part.last_object = cur;
- if (c->partition->highwatermark.tmp_highest_usn == c->partition->highwatermark.highest_usn) {
+ if (!c->partition->more_data) {
return vampire_apply_schema(s, c);
}
struct vampire_state *s = talloc_get_type(private_data, struct vampire_state);
WERROR status;
const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
- uint32_t total_object_count;
+ uint32_t nc_object_count;
uint32_t object_count;
struct drsuapi_DsReplicaObjectListItemEx *first_object;
+ uint32_t nc_linked_attributes_count;
uint32_t linked_attributes_count;
struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
struct repsFromTo1 *s_dsa;
char *tmp_dns_name;
uint32_t i;
+ uint64_t seq_num;
s_dsa = talloc_zero(s, struct repsFromTo1);
NT_STATUS_HAVE_NO_MEMORY(s_dsa);
switch (c->ctr_level) {
case 1:
mapping_ctr = &c->ctr1->mapping_ctr;
- total_object_count = c->ctr1->total_object_count;
+ nc_object_count = c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
object_count = c->ctr1->object_count;
first_object = c->ctr1->first_object;
+ nc_linked_attributes_count = 0;
linked_attributes_count = 0;
linked_attributes = NULL;
s_dsa->highwatermark = c->ctr1->new_highwatermark;
break;
case 6:
mapping_ctr = &c->ctr6->mapping_ctr;
- total_object_count = c->ctr6->total_object_count;
+ nc_object_count = c->ctr6->nc_object_count;
object_count = c->ctr6->object_count;
first_object = c->ctr6->first_object;
+ nc_linked_attributes_count = c->ctr6->nc_linked_attributes_count;
linked_attributes_count = c->ctr6->linked_attributes_count;
linked_attributes = c->ctr6->linked_attributes;
s_dsa->highwatermark = c->ctr6->new_highwatermark;
return NT_STATUS_INVALID_PARAMETER;
}
- s_dsa->replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
- | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS;
+ s_dsa->replica_flags = DRSUAPI_DRS_WRIT_REP
+ | DRSUAPI_DRS_INIT_SYNC
+ | DRSUAPI_DRS_PER_SYNC;
memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
NT_STATUS_HAVE_NO_MEMORY(tmp_dns_name);
s_dsa->other_info->dns_name = tmp_dns_name;
- if (total_object_count) {
- DEBUG(0,("Partition[%s] objects[%u/%u]\n",
- c->partition->nc.dn, object_count, total_object_count));
- } else {
- DEBUG(0,("Partition[%s] objects[%u]\n",
- c->partition->nc.dn, object_count));
+ /* we want to show a count per partition */
+ if (!s->last_partition || strcmp(s->last_partition, c->partition->nc.dn) != 0) {
+ s->total_objects = 0;
+ talloc_free(s->last_partition);
+ s->last_partition = talloc_strdup(s, c->partition->nc.dn);
}
+ s->total_objects += object_count;
- status = dsdb_extended_replicated_objects_commit(s->ldb,
- c->partition->nc.dn,
- mapping_ctr,
- object_count,
- first_object,
- linked_attributes_count,
- linked_attributes,
- s_dsa,
- uptodateness_vector,
- c->gensec_skey,
- s, &objs);
+ if (nc_object_count) {
+ DEBUG(0,("Partition[%s] objects[%u/%u] linked_values[%u/%u]\n",
+ c->partition->nc.dn, s->total_objects, nc_object_count,
+ linked_attributes_count, nc_linked_attributes_count));
+ } else {
+ DEBUG(0,("Partition[%s] objects[%u] linked_values[%u]\n",
+ c->partition->nc.dn, s->total_objects, linked_attributes_count));
+ }
+
+
+ status = dsdb_extended_replicated_objects_convert(s->ldb,
+ c->partition->nc.dn,
+ mapping_ctr,
+ object_count,
+ first_object,
+ linked_attributes_count,
+ linked_attributes,
+ s_dsa,
+ uptodateness_vector,
+ c->gensec_skey,
+ s, &objs);
if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
NDR_PRINT_DEBUG(replPropertyMetaDataBlob, objs->objects[i].meta_data);
}
}
+ status = dsdb_extended_replicated_objects_commit(s->ldb,
+ objs, &seq_num);
+ if (!W_ERROR_IS_OK(status)) {
+ DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+ return werror_to_ntstatus(status);
+ }
+
talloc_free(s_dsa);
talloc_free(objs);
struct libnet_Vampire *r)
{
struct libnet_JoinDomain *join;
- struct libnet_set_join_secrets *set_secrets;
+ struct provision_store_self_join_settings *set_secrets;
struct libnet_BecomeDC b;
- struct libnet_UnbecomeDC u;
struct vampire_state *s;
struct ldb_message *msg;
+ const char *error_string;
int ldb_ret;
uint32_t i;
NTSTATUS status;
r->out.error_string = NULL;
- s = talloc_zero(mem_ctx , struct vampire_state);
+ s = talloc_zero(mem_ctx, struct vampire_state);
if (!s) {
return NT_STATUS_NO_MEMORY;
}
+ s->lp_ctx = ctx->lp_ctx;
+ s->event_ctx = ctx->event_ctx;
+
join = talloc_zero(s, struct libnet_JoinDomain);
if (!join) {
return NT_STATUS_NO_MEMORY;
join->in.account_name = account_name;
join->in.netbios_name = netbios_name;
join->in.level = LIBNET_JOINDOMAIN_AUTOMATIC;
- join->in.acct_type = ACB_WSTRUST;
+ join->in.acct_type = ACB_SVRTRUST;
join->in.recreate_account = false;
status = libnet_JoinDomain(ctx, join, join);
if (!NT_STATUS_IS_OK(status)) {
b.in.callbacks.config_chunk = vampire_store_chunk;
b.in.callbacks.domain_chunk = vampire_store_chunk;
+ b.in.rodc_join = lp_parm_bool(s->lp_ctx, NULL, "repl", "RODC", false);
+
status = libnet_BecomeDC(ctx, s, &b);
if (!NT_STATUS_IS_OK(status)) {
printf("libnet_BecomeDC() failed - %s\n", nt_errstr(status));
printf("mark ROOTDSE with isSynchronized=TRUE\n");
ldb_ret = ldb_modify(s->ldb, msg);
if (ldb_ret != LDB_SUCCESS) {
- printf("ldb_modify() failed: %d\n", ldb_ret);
+ printf("ldb_modify() failed: %d : %s\n", ldb_ret, ldb_errstring(s->ldb));
talloc_free(s);
return NT_STATUS_INTERNAL_DB_ERROR;
}
- set_secrets = talloc_zero(s, struct libnet_set_join_secrets);
+ /* prepare the transaction - this prepares to commit all the changes in
+ the ldb from the whole vampire. Note that this
+ triggers the writing of the linked attribute backlinks.
+ */
+ if (ldb_transaction_prepare_commit(s->ldb) != LDB_SUCCESS) {
+ printf("Failed to prepare_commit vampire transaction: %s\n", ldb_errstring(s->ldb));
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ set_secrets = talloc(s, struct provision_store_self_join_settings);
if (!set_secrets) {
+ r->out.error_string = NULL;
+ talloc_free(s);
return NT_STATUS_NO_MEMORY;
}
-
- set_secrets->in.domain_name = join->out.domain_name;
- set_secrets->in.realm = join->out.realm;
- set_secrets->in.account_name = account_name;
- set_secrets->in.netbios_name = netbios_name;
- set_secrets->in.join_type = SEC_CHAN_BDC;
- set_secrets->in.join_password = join->out.join_password;
- set_secrets->in.kvno = join->out.kvno;
- set_secrets->in.domain_sid = join->out.domain_sid;
- status = libnet_set_join_secrets(ctx, set_secrets, set_secrets);
+ ZERO_STRUCTP(set_secrets);
+ set_secrets->domain_name = join->out.domain_name;
+ set_secrets->realm = join->out.realm;
+ set_secrets->account_name = account_name;
+ set_secrets->netbios_name = netbios_name;
+ set_secrets->secure_channel_type = SEC_CHAN_BDC;
+ set_secrets->machine_password = join->out.join_password;
+ set_secrets->key_version_number = join->out.kvno;
+ set_secrets->domain_sid = join->out.domain_sid;
+
+ status = provision_store_self_join(ctx, ctx->lp_ctx, ctx->event_ctx, set_secrets, &error_string);
if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_steal(mem_ctx, set_secrets->out.error_string);
+ r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(s);
return status;
}
- r->out.domain_name = talloc_steal(r, join->out.domain_name);
- r->out.domain_sid = talloc_steal(r, join->out.domain_sid);
- talloc_free(s);
+ r->out.domain_name = talloc_steal(mem_ctx, join->out.domain_name);
+ r->out.domain_sid = dom_sid_dup(mem_ctx, join->out.domain_sid);
+ /* commit the transaction now we know the secrets were written
+ * out properly
+ */
+ if (ldb_transaction_commit(s->ldb) != LDB_SUCCESS) {
+ printf("Failed to commit vampire transaction\n");
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ talloc_free(s);
+
return NT_STATUS_OK;
}
git.samba.org / kamenim / samba.git / blobdiff