4 Copyright (C) Simo Sorce 2004-2008
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
8 Copyright (C) Matthieu Patou <mat@samba.org> 2010
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb repl_meta_data module
29 * Description: - add a unique objectGUID onto every new record,
30 * - handle whenCreated, whenChanged timestamps
31 * - handle uSNCreated, uSNChanged numbers
32 * - handle replPropertyMetaData attribute
35 * Author: Stefan Metzmacher
39 #include "ldb_module.h"
40 #include "dsdb/samdb/samdb.h"
41 #include "dsdb/common/proto.h"
42 #include "../libds/common/flags.h"
43 #include "librpc/gen_ndr/ndr_misc.h"
44 #include "librpc/gen_ndr/ndr_drsuapi.h"
45 #include "librpc/gen_ndr/ndr_drsblobs.h"
46 #include "param/param.h"
47 #include "libcli/security/security.h"
48 #include "lib/util/dlinklist.h"
49 #include "dsdb/samdb/ldb_modules/util.h"
50 #include "lib/util/binsearch.h"
51 #include "libcli/security/session.h"
52 #include "lib/util/tsort.h"
54 struct replmd_private {
56 struct la_entry *la_list;
58 struct la_backlink *la_backlinks;
60 struct nc_entry *prev, *next;
63 uint64_t mod_usn_urgent;
68 struct la_entry *next, *prev;
69 struct drsuapi_DsReplicaLinkedAttribute *la;
72 struct replmd_replicated_request {
73 struct ldb_module *module;
74 struct ldb_request *req;
76 const struct dsdb_schema *schema;
78 /* the controls we pass down */
79 struct ldb_control **controls;
81 /* details for the mode where we apply a bunch of inbound replication meessages */
83 uint32_t index_current;
84 struct dsdb_extended_replicated_objects *objs;
86 struct ldb_message *search_msg;
92 enum urgent_situation {
93 REPL_URGENT_ON_CREATE = 1,
94 REPL_URGENT_ON_UPDATE = 2,
95 REPL_URGENT_ON_DELETE = 4
100 const char *update_name;
101 enum urgent_situation repl_situation;
102 } urgent_objects[] = {
103 {"nTDSDSA", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
104 {"crossRef", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
105 {"attributeSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
106 {"classSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
107 {"secret", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
108 {"rIDManager", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
112 /* Attributes looked for when updating or deleting, to check for a urgent replication needed */
113 static const char *urgent_attrs[] = {
116 "userAccountControl",
121 static bool replmd_check_urgent_objectclass(const struct ldb_message_element *objectclass_el,
122 enum urgent_situation situation)
125 for (i=0; urgent_objects[i].update_name; i++) {
127 if ((situation & urgent_objects[i].repl_situation) == 0) {
131 for (j=0; j<objectclass_el->num_values; j++) {
132 const struct ldb_val *v = &objectclass_el->values[j];
133 if (ldb_attr_cmp((const char *)v->data, urgent_objects[i].update_name) == 0) {
141 static bool replmd_check_urgent_attribute(const struct ldb_message_element *el)
143 if (ldb_attr_in_list(urgent_attrs, el->name)) {
150 static int replmd_replicated_apply_next(struct replmd_replicated_request *ar);
153 initialise the module
154 allocate the private structure and build the list
155 of partition DNs for use by replmd_notify()
157 static int replmd_init(struct ldb_module *module)
159 struct replmd_private *replmd_private;
160 struct ldb_context *ldb = ldb_module_get_ctx(module);
162 replmd_private = talloc_zero(module, struct replmd_private);
163 if (replmd_private == NULL) {
165 return LDB_ERR_OPERATIONS_ERROR;
167 ldb_module_set_private(module, replmd_private);
169 return ldb_next_init(module);
173 cleanup our per-transaction contexts
175 static void replmd_txn_cleanup(struct replmd_private *replmd_private)
177 talloc_free(replmd_private->la_ctx);
178 replmd_private->la_list = NULL;
179 replmd_private->la_ctx = NULL;
181 talloc_free(replmd_private->bl_ctx);
182 replmd_private->la_backlinks = NULL;
183 replmd_private->bl_ctx = NULL;
188 struct la_backlink *next, *prev;
189 const char *attr_name;
190 struct GUID forward_guid, target_guid;
195 process a backlinks we accumulated during a transaction, adding and
196 deleting the backlinks from the target objects
198 static int replmd_process_backlink(struct ldb_module *module, struct la_backlink *bl)
200 struct ldb_dn *target_dn, *source_dn;
202 struct ldb_context *ldb = ldb_module_get_ctx(module);
203 struct ldb_message *msg;
204 TALLOC_CTX *tmp_ctx = talloc_new(bl);
210 - construct ldb_message
211 - either an add or a delete
213 ret = dsdb_module_dn_by_guid(module, tmp_ctx, &bl->target_guid, &target_dn);
214 if (ret != LDB_SUCCESS) {
215 DEBUG(2,(__location__ ": WARNING: Failed to find target DN for linked attribute with GUID %s\n",
216 GUID_string(bl, &bl->target_guid)));
220 ret = dsdb_module_dn_by_guid(module, tmp_ctx, &bl->forward_guid, &source_dn);
221 if (ret != LDB_SUCCESS) {
222 ldb_asprintf_errstring(ldb, "Failed to find source DN for linked attribute with GUID %s\n",
223 GUID_string(bl, &bl->forward_guid));
224 talloc_free(tmp_ctx);
228 msg = ldb_msg_new(tmp_ctx);
230 ldb_module_oom(module);
231 talloc_free(tmp_ctx);
232 return LDB_ERR_OPERATIONS_ERROR;
235 /* construct a ldb_message for adding/deleting the backlink */
237 dn_string = ldb_dn_get_extended_linearized(tmp_ctx, source_dn, 1);
239 ldb_module_oom(module);
240 talloc_free(tmp_ctx);
241 return LDB_ERR_OPERATIONS_ERROR;
243 ret = ldb_msg_add_steal_string(msg, bl->attr_name, dn_string);
244 if (ret != LDB_SUCCESS) {
245 talloc_free(tmp_ctx);
248 msg->elements[0].flags = bl->active?LDB_FLAG_MOD_ADD:LDB_FLAG_MOD_DELETE;
250 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE);
251 if (ret != LDB_SUCCESS) {
252 ldb_asprintf_errstring(ldb, "Failed to %s backlink from %s to %s - %s",
253 bl->active?"add":"remove",
254 ldb_dn_get_linearized(source_dn),
255 ldb_dn_get_linearized(target_dn),
257 talloc_free(tmp_ctx);
260 talloc_free(tmp_ctx);
265 add a backlink to the list of backlinks to add/delete in the prepare
268 static int replmd_add_backlink(struct ldb_module *module, const struct dsdb_schema *schema,
269 struct GUID *forward_guid, struct GUID *target_guid,
270 bool active, const struct dsdb_attribute *schema_attr, bool immediate)
272 const struct dsdb_attribute *target_attr;
273 struct la_backlink *bl;
274 struct replmd_private *replmd_private =
275 talloc_get_type_abort(ldb_module_get_private(module), struct replmd_private);
277 target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID ^ 1);
280 * windows 2003 has a broken schema where the
281 * definition of msDS-IsDomainFor is missing (which is
282 * supposed to be the backlink of the
283 * msDS-HasDomainNCs attribute
288 /* see if its already in the list */
289 for (bl=replmd_private->la_backlinks; bl; bl=bl->next) {
290 if (GUID_equal(forward_guid, &bl->forward_guid) &&
291 GUID_equal(target_guid, &bl->target_guid) &&
292 (target_attr->lDAPDisplayName == bl->attr_name ||
293 strcmp(target_attr->lDAPDisplayName, bl->attr_name) == 0)) {
299 /* we found an existing one */
300 if (bl->active == active) {
303 DLIST_REMOVE(replmd_private->la_backlinks, bl);
308 if (replmd_private->bl_ctx == NULL) {
309 replmd_private->bl_ctx = talloc_new(replmd_private);
310 if (replmd_private->bl_ctx == NULL) {
311 ldb_module_oom(module);
312 return LDB_ERR_OPERATIONS_ERROR;
317 bl = talloc(replmd_private->bl_ctx, struct la_backlink);
319 ldb_module_oom(module);
320 return LDB_ERR_OPERATIONS_ERROR;
323 /* Ensure the schema does not go away before the bl->attr_name is used */
324 if (!talloc_reference(bl, schema)) {
326 ldb_module_oom(module);
327 return LDB_ERR_OPERATIONS_ERROR;
330 bl->attr_name = target_attr->lDAPDisplayName;
331 bl->forward_guid = *forward_guid;
332 bl->target_guid = *target_guid;
335 /* the caller may ask for this backlink to be processed
338 int ret = replmd_process_backlink(module, bl);
343 DLIST_ADD(replmd_private->la_backlinks, bl);
350 * Callback for most write operations in this module:
352 * notify the repl task that a object has changed. The notifies are
353 * gathered up in the replmd_private structure then written to the
354 * @REPLCHANGED object in each partition during the prepare_commit
356 static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
359 struct replmd_replicated_request *ac =
360 talloc_get_type_abort(req->context, struct replmd_replicated_request);
361 struct replmd_private *replmd_private =
362 talloc_get_type_abort(ldb_module_get_private(ac->module), struct replmd_private);
363 struct nc_entry *modified_partition;
364 struct ldb_control *partition_ctrl;
365 const struct dsdb_control_current_partition *partition;
367 struct ldb_control **controls;
369 partition_ctrl = ldb_reply_get_control(ares, DSDB_CONTROL_CURRENT_PARTITION_OID);
371 /* Remove the 'partition' control from what we pass up the chain */
372 controls = controls_except_specified(ares->controls, ares, partition_ctrl);
374 if (ares->error != LDB_SUCCESS) {
375 return ldb_module_done(ac->req, controls,
376 ares->response, ares->error);
379 if (ares->type != LDB_REPLY_DONE) {
380 ldb_set_errstring(ldb_module_get_ctx(ac->module), "Invalid reply type for notify\n!");
381 return ldb_module_done(ac->req, NULL,
382 NULL, LDB_ERR_OPERATIONS_ERROR);
385 if (!partition_ctrl) {
386 ldb_set_errstring(ldb_module_get_ctx(ac->module),"No partition control on reply");
387 return ldb_module_done(ac->req, NULL,
388 NULL, LDB_ERR_OPERATIONS_ERROR);
391 partition = talloc_get_type_abort(partition_ctrl->data,
392 struct dsdb_control_current_partition);
394 if (ac->seq_num > 0) {
395 for (modified_partition = replmd_private->ncs; modified_partition;
396 modified_partition = modified_partition->next) {
397 if (ldb_dn_compare(modified_partition->dn, partition->dn) == 0) {
402 if (modified_partition == NULL) {
403 modified_partition = talloc_zero(replmd_private, struct nc_entry);
404 if (!modified_partition) {
405 ldb_oom(ldb_module_get_ctx(ac->module));
406 return ldb_module_done(ac->req, NULL,
407 NULL, LDB_ERR_OPERATIONS_ERROR);
409 modified_partition->dn = ldb_dn_copy(modified_partition, partition->dn);
410 if (!modified_partition->dn) {
411 ldb_oom(ldb_module_get_ctx(ac->module));
412 return ldb_module_done(ac->req, NULL,
413 NULL, LDB_ERR_OPERATIONS_ERROR);
415 DLIST_ADD(replmd_private->ncs, modified_partition);
418 if (ac->seq_num > modified_partition->mod_usn) {
419 modified_partition->mod_usn = ac->seq_num;
421 modified_partition->mod_usn_urgent = ac->seq_num;
426 if (ac->apply_mode) {
430 ret = replmd_replicated_apply_next(ac);
431 if (ret != LDB_SUCCESS) {
432 return ldb_module_done(ac->req, NULL, NULL, ret);
436 /* free the partition control container here, for the
437 * common path. Other cases will have it cleaned up
438 * eventually with the ares */
439 talloc_free(partition_ctrl);
440 return ldb_module_done(ac->req,
441 controls_except_specified(controls, ares, partition_ctrl),
442 ares->response, LDB_SUCCESS);
448 * update a @REPLCHANGED record in each partition if there have been
449 * any writes of replicated data in the partition
451 static int replmd_notify_store(struct ldb_module *module)
453 struct replmd_private *replmd_private =
454 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
456 while (replmd_private->ncs) {
458 struct nc_entry *modified_partition = replmd_private->ncs;
460 ret = dsdb_module_save_partition_usn(module, modified_partition->dn,
461 modified_partition->mod_usn,
462 modified_partition->mod_usn_urgent);
463 if (ret != LDB_SUCCESS) {
464 DEBUG(0,(__location__ ": Failed to save partition uSN for %s\n",
465 ldb_dn_get_linearized(modified_partition->dn)));
468 DLIST_REMOVE(replmd_private->ncs, modified_partition);
469 talloc_free(modified_partition);
477 created a replmd_replicated_request context
479 static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module,
480 struct ldb_request *req)
482 struct ldb_context *ldb;
483 struct replmd_replicated_request *ac;
485 ldb = ldb_module_get_ctx(module);
487 ac = talloc_zero(req, struct replmd_replicated_request);
496 ac->schema = dsdb_get_schema(ldb, ac);
498 ldb_debug_set(ldb, LDB_DEBUG_FATAL,
499 "replmd_modify: no dsdb_schema loaded");
500 DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
508 add a time element to a record
510 static int add_time_element(struct ldb_message *msg, const char *attr, time_t t)
512 struct ldb_message_element *el;
515 if (ldb_msg_find_element(msg, attr) != NULL) {
519 s = ldb_timestring(msg, t);
521 return LDB_ERR_OPERATIONS_ERROR;
524 if (ldb_msg_add_string(msg, attr, s) != LDB_SUCCESS) {
525 return LDB_ERR_OPERATIONS_ERROR;
528 el = ldb_msg_find_element(msg, attr);
529 /* always set as replace. This works because on add ops, the flag
531 el->flags = LDB_FLAG_MOD_REPLACE;
537 add a uint64_t element to a record
539 static int add_uint64_element(struct ldb_context *ldb, struct ldb_message *msg,
540 const char *attr, uint64_t v)
542 struct ldb_message_element *el;
545 if (ldb_msg_find_element(msg, attr) != NULL) {
549 ret = samdb_msg_add_uint64(ldb, msg, msg, attr, v);
550 if (ret != LDB_SUCCESS) {
554 el = ldb_msg_find_element(msg, attr);
555 /* always set as replace. This works because on add ops, the flag
557 el->flags = LDB_FLAG_MOD_REPLACE;
562 static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1,
563 const struct replPropertyMetaData1 *m2,
564 const uint32_t *rdn_attid)
566 if (m1->attid == m2->attid) {
571 * the rdn attribute should be at the end!
572 * so we need to return a value greater than zero
573 * which means m1 is greater than m2
575 if (m1->attid == *rdn_attid) {
580 * the rdn attribute should be at the end!
581 * so we need to return a value less than zero
582 * which means m2 is greater than m1
584 if (m2->attid == *rdn_attid) {
588 return m1->attid > m2->attid ? 1 : -1;
591 static int replmd_replPropertyMetaDataCtr1_sort(struct replPropertyMetaDataCtr1 *ctr1,
592 const struct dsdb_schema *schema,
595 const char *rdn_name;
596 const struct dsdb_attribute *rdn_sa;
598 rdn_name = ldb_dn_get_rdn_name(dn);
600 DEBUG(0,(__location__ ": No rDN for %s?\n", ldb_dn_get_linearized(dn)));
601 return LDB_ERR_OPERATIONS_ERROR;
604 rdn_sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
605 if (rdn_sa == NULL) {
606 DEBUG(0,(__location__ ": No sa found for rDN %s for %s\n", rdn_name, ldb_dn_get_linearized(dn)));
607 return LDB_ERR_OPERATIONS_ERROR;
610 DEBUG(6,("Sorting rpmd with attid exception %u rDN=%s DN=%s\n",
611 rdn_sa->attributeID_id, rdn_name, ldb_dn_get_linearized(dn)));
613 LDB_TYPESAFE_QSORT(ctr1->array, ctr1->count, &rdn_sa->attributeID_id, replmd_replPropertyMetaData1_attid_sort);
618 static int replmd_ldb_message_element_attid_sort(const struct ldb_message_element *e1,
619 const struct ldb_message_element *e2,
620 const struct dsdb_schema *schema)
622 const struct dsdb_attribute *a1;
623 const struct dsdb_attribute *a2;
626 * TODO: make this faster by caching the dsdb_attribute pointer
627 * on the ldb_messag_element
630 a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1->name);
631 a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2->name);
634 * TODO: remove this check, we should rely on e1 and e2 having valid attribute names
638 return strcasecmp(e1->name, e2->name);
640 if (a1->attributeID_id == a2->attributeID_id) {
643 return a1->attributeID_id > a2->attributeID_id ? 1 : -1;
646 static void replmd_ldb_message_sort(struct ldb_message *msg,
647 const struct dsdb_schema *schema)
649 LDB_TYPESAFE_QSORT(msg->elements, msg->num_elements, schema, replmd_ldb_message_element_attid_sort);
652 static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
653 const struct GUID *invocation_id, uint64_t seq_num,
654 uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted);
658 fix up linked attributes in replmd_add.
659 This involves setting up the right meta-data in extended DN
660 components, and creating backlinks to the object
662 static int replmd_add_fix_la(struct ldb_module *module, struct ldb_message_element *el,
663 uint64_t seq_num, const struct GUID *invocationId, time_t t,
664 struct GUID *guid, const struct dsdb_attribute *sa)
667 TALLOC_CTX *tmp_ctx = talloc_new(el->values);
668 struct ldb_context *ldb = ldb_module_get_ctx(module);
670 /* We will take a reference to the schema in replmd_add_backlink */
671 const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
674 unix_to_nt_time(&now, t);
676 for (i=0; i<el->num_values; i++) {
677 struct ldb_val *v = &el->values[i];
678 struct dsdb_dn *dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, v, sa->syntax->ldap_oid);
679 struct GUID target_guid;
683 /* note that the DN already has the extended
684 components from the extended_dn_store module */
685 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
686 if (!NT_STATUS_IS_OK(status) || GUID_all_zero(&target_guid)) {
687 ret = dsdb_module_guid_by_dn(module, dsdb_dn->dn, &target_guid);
688 if (ret != LDB_SUCCESS) {
689 talloc_free(tmp_ctx);
692 ret = dsdb_set_extended_dn_guid(dsdb_dn->dn, &target_guid, "GUID");
693 if (ret != LDB_SUCCESS) {
694 talloc_free(tmp_ctx);
699 ret = replmd_build_la_val(el->values, v, dsdb_dn, invocationId,
700 seq_num, seq_num, now, 0, false);
701 if (ret != LDB_SUCCESS) {
702 talloc_free(tmp_ctx);
706 ret = replmd_add_backlink(module, schema, guid, &target_guid, true, sa, false);
707 if (ret != LDB_SUCCESS) {
708 talloc_free(tmp_ctx);
713 talloc_free(tmp_ctx);
719 intercept add requests
721 static int replmd_add(struct ldb_module *module, struct ldb_request *req)
723 struct ldb_context *ldb;
724 struct ldb_control *control;
725 struct replmd_replicated_request *ac;
726 enum ndr_err_code ndr_err;
727 struct ldb_request *down_req;
728 struct ldb_message *msg;
729 const DATA_BLOB *guid_blob;
731 struct replPropertyMetaDataBlob nmd;
732 struct ldb_val nmd_value;
733 const struct GUID *our_invocation_id;
734 time_t t = time(NULL);
739 unsigned int functional_level;
741 bool allow_add_guid = false;
742 bool remove_current_guid = false;
743 bool is_urgent = false;
744 struct ldb_message_element *objectclass_el;
746 /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
747 control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
749 allow_add_guid = true;
752 /* do not manipulate our control entries */
753 if (ldb_dn_is_special(req->op.add.message->dn)) {
754 return ldb_next_request(module, req);
757 ldb = ldb_module_get_ctx(module);
759 functional_level = dsdb_functional_level(ldb);
761 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_add\n");
763 ac = replmd_ctx_init(module, req);
765 return LDB_ERR_OPERATIONS_ERROR;
768 guid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectGUID");
769 if ( guid_blob != NULL ) {
770 if( !allow_add_guid ) {
771 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
772 "replmd_add: it's not allowed to add an object with objectGUID\n");
774 return LDB_ERR_UNWILLING_TO_PERFORM;
776 NTSTATUS status = GUID_from_data_blob(guid_blob,&guid);
777 if ( !NT_STATUS_IS_OK(status)) {
778 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
779 "replmd_add: Unable to parse as a GUID the attribute objectGUID\n");
781 return LDB_ERR_UNWILLING_TO_PERFORM;
783 /* we remove this attribute as it can be a string and will not be treated
784 correctly and then we will readd it latter on in the good format*/
785 remove_current_guid = true;
789 guid = GUID_random();
792 /* Get a sequence number from the backend */
793 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
794 if (ret != LDB_SUCCESS) {
799 /* get our invocationId */
800 our_invocation_id = samdb_ntds_invocation_id(ldb);
801 if (!our_invocation_id) {
802 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
803 "replmd_add: unable to find invocationId\n");
805 return LDB_ERR_OPERATIONS_ERROR;
808 /* we have to copy the message as the caller might have it as a const */
809 msg = ldb_msg_copy_shallow(ac, req->op.add.message);
813 return LDB_ERR_OPERATIONS_ERROR;
816 /* generated times */
817 unix_to_nt_time(&now, t);
818 time_str = ldb_timestring(msg, t);
822 return LDB_ERR_OPERATIONS_ERROR;
824 if (remove_current_guid) {
825 ldb_msg_remove_attr(msg,"objectGUID");
829 * remove autogenerated attributes
831 ldb_msg_remove_attr(msg, "whenCreated");
832 ldb_msg_remove_attr(msg, "whenChanged");
833 ldb_msg_remove_attr(msg, "uSNCreated");
834 ldb_msg_remove_attr(msg, "uSNChanged");
835 ldb_msg_remove_attr(msg, "replPropertyMetaData");
838 * readd replicated attributes
840 ret = ldb_msg_add_string(msg, "whenCreated", time_str);
841 if (ret != LDB_SUCCESS) {
847 /* build the replication meta_data */
850 nmd.ctr.ctr1.count = msg->num_elements;
851 nmd.ctr.ctr1.array = talloc_array(msg,
852 struct replPropertyMetaData1,
854 if (!nmd.ctr.ctr1.array) {
857 return LDB_ERR_OPERATIONS_ERROR;
860 for (i=0; i < msg->num_elements; i++) {
861 struct ldb_message_element *e = &msg->elements[i];
862 struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni];
863 const struct dsdb_attribute *sa;
865 if (e->name[0] == '@') continue;
867 sa = dsdb_attribute_by_lDAPDisplayName(ac->schema, e->name);
869 ldb_debug_set(ldb, LDB_DEBUG_ERROR,
870 "replmd_add: attribute '%s' not defined in schema\n",
873 return LDB_ERR_NO_SUCH_ATTRIBUTE;
876 if ((sa->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (sa->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
877 /* if the attribute is not replicated (0x00000001)
878 * or constructed (0x00000004) it has no metadata
883 if (sa->linkID != 0 && functional_level > DS_DOMAIN_FUNCTION_2000) {
884 ret = replmd_add_fix_la(module, e, ac->seq_num, our_invocation_id, t, &guid, sa);
885 if (ret != LDB_SUCCESS) {
889 /* linked attributes are not stored in
890 replPropertyMetaData in FL above w2k */
894 m->attid = sa->attributeID_id;
896 m->originating_change_time = now;
897 m->originating_invocation_id = *our_invocation_id;
898 m->originating_usn = ac->seq_num;
899 m->local_usn = ac->seq_num;
903 /* fix meta data count */
904 nmd.ctr.ctr1.count = ni;
907 * sort meta data array, and move the rdn attribute entry to the end
909 ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, ac->schema, msg->dn);
910 if (ret != LDB_SUCCESS) {
915 /* generated NDR encoded values */
916 ndr_err = ndr_push_struct_blob(&nmd_value, msg,
918 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
919 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
922 return LDB_ERR_OPERATIONS_ERROR;
926 * add the autogenerated values
928 ret = dsdb_msg_add_guid(msg, &guid, "objectGUID");
929 if (ret != LDB_SUCCESS) {
934 ret = ldb_msg_add_string(msg, "whenChanged", time_str);
935 if (ret != LDB_SUCCESS) {
940 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ac->seq_num);
941 if (ret != LDB_SUCCESS) {
946 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ac->seq_num);
947 if (ret != LDB_SUCCESS) {
952 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
953 if (ret != LDB_SUCCESS) {
960 * sort the attributes by attid before storing the object
962 replmd_ldb_message_sort(msg, ac->schema);
964 objectclass_el = ldb_msg_find_element(msg, "objectClass");
965 is_urgent = replmd_check_urgent_objectclass(objectclass_el,
966 REPL_URGENT_ON_CREATE);
968 ac->is_urgent = is_urgent;
969 ret = ldb_build_add_req(&down_req, ldb, ac,
972 ac, replmd_op_callback,
975 LDB_REQ_SET_LOCATION(down_req);
976 if (ret != LDB_SUCCESS) {
981 if (functional_level == DS_DOMAIN_FUNCTION_2000) {
982 ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
983 if (ret != LDB_SUCCESS) {
989 /* mark the control done */
991 control->critical = 0;
994 /* go on with the call chain */
995 return ldb_next_request(module, down_req);
1000 * update the replPropertyMetaData for one element
1002 static int replmd_update_rpmd_element(struct ldb_context *ldb,
1003 struct ldb_message *msg,
1004 struct ldb_message_element *el,
1005 struct ldb_message_element *old_el,
1006 struct replPropertyMetaDataBlob *omd,
1007 const struct dsdb_schema *schema,
1009 const struct GUID *our_invocation_id,
1013 const struct dsdb_attribute *a;
1014 struct replPropertyMetaData1 *md1;
1016 a = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
1018 DEBUG(0,(__location__ ": Unable to find attribute %s in schema\n",
1020 return LDB_ERR_OPERATIONS_ERROR;
1023 if ((a->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (a->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
1027 /* if the attribute's value haven't changed then return LDB_SUCCESS */
1028 if (old_el != NULL && ldb_msg_element_compare(el, old_el) == 0) {
1032 for (i=0; i<omd->ctr.ctr1.count; i++) {
1033 if (a->attributeID_id == omd->ctr.ctr1.array[i].attid) break;
1036 if (a->linkID != 0 && dsdb_functional_level(ldb) > DS_DOMAIN_FUNCTION_2000) {
1037 /* linked attributes are not stored in
1038 replPropertyMetaData in FL above w2k, but we do
1039 raise the seqnum for the object */
1040 if (*seq_num == 0 &&
1041 ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num) != LDB_SUCCESS) {
1042 return LDB_ERR_OPERATIONS_ERROR;
1047 if (i == omd->ctr.ctr1.count) {
1048 /* we need to add a new one */
1049 omd->ctr.ctr1.array = talloc_realloc(msg, omd->ctr.ctr1.array,
1050 struct replPropertyMetaData1, omd->ctr.ctr1.count+1);
1051 if (omd->ctr.ctr1.array == NULL) {
1053 return LDB_ERR_OPERATIONS_ERROR;
1055 omd->ctr.ctr1.count++;
1056 ZERO_STRUCT(omd->ctr.ctr1.array[i]);
1059 /* Get a new sequence number from the backend. We only do this
1060 * if we have a change that requires a new
1061 * replPropertyMetaData element
1063 if (*seq_num == 0) {
1064 int ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num);
1065 if (ret != LDB_SUCCESS) {
1066 return LDB_ERR_OPERATIONS_ERROR;
1070 md1 = &omd->ctr.ctr1.array[i];
1072 md1->attid = a->attributeID_id;
1073 md1->originating_change_time = now;
1074 md1->originating_invocation_id = *our_invocation_id;
1075 md1->originating_usn = *seq_num;
1076 md1->local_usn = *seq_num;
1081 static uint64_t find_max_local_usn(struct replPropertyMetaDataBlob omd)
1083 uint32_t count = omd.ctr.ctr1.count;
1086 for (i=0; i < count; i++) {
1087 struct replPropertyMetaData1 m = omd.ctr.ctr1.array[i];
1088 if (max < m.local_usn) {
1096 * update the replPropertyMetaData object each time we modify an
1097 * object. This is needed for DRS replication, as the merge on the
1098 * client is based on this object
1100 static int replmd_update_rpmd(struct ldb_module *module,
1101 const struct dsdb_schema *schema,
1102 struct ldb_request *req,
1103 struct ldb_message *msg, uint64_t *seq_num,
1107 const struct ldb_val *omd_value;
1108 enum ndr_err_code ndr_err;
1109 struct replPropertyMetaDataBlob omd;
1112 const struct GUID *our_invocation_id;
1114 const char *attrs[] = { "replPropertyMetaData", "*", NULL };
1115 const char *attrs2[] = { "uSNChanged", "objectClass", NULL };
1116 struct ldb_result *res;
1117 struct ldb_context *ldb;
1118 struct ldb_message_element *objectclass_el;
1119 enum urgent_situation situation;
1120 bool rodc, rmd_is_provided;
1122 ldb = ldb_module_get_ctx(module);
1124 our_invocation_id = samdb_ntds_invocation_id(ldb);
1125 if (!our_invocation_id) {
1126 /* this happens during an initial vampire while
1127 updating the schema */
1128 DEBUG(5,("No invocationID - skipping replPropertyMetaData update\n"));
1132 unix_to_nt_time(&now, t);
1134 if (ldb_request_get_control(req, DSDB_CONTROL_CHANGEREPLMETADATA_OID)) {
1135 rmd_is_provided = true;
1137 rmd_is_provided = false;
1140 /* if isDeleted is present and is TRUE, then we consider we are deleting,
1141 * otherwise we consider we are updating */
1142 if (ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")) {
1143 situation = REPL_URGENT_ON_DELETE;
1145 situation = REPL_URGENT_ON_UPDATE;
1148 if (rmd_is_provided) {
1149 /* In this case the change_replmetadata control was supplied */
1150 /* We check that it's the only attribute that is provided
1151 * (it's a rare case so it's better to keep the code simplier)
1152 * We also check that the highest local_usn is bigger than
1155 if( msg->num_elements != 1 ||
1156 strncmp(msg->elements[0].name,
1157 "replPropertyMetaData", 20) ) {
1158 DEBUG(0,(__location__ ": changereplmetada control called without "\
1159 "a specified replPropertyMetaData attribute or with others\n"));
1160 return LDB_ERR_OPERATIONS_ERROR;
1162 if (situation == REPL_URGENT_ON_DELETE) {
1163 DEBUG(0,(__location__ ": changereplmetada control can't be called when deleting an object\n"));
1164 return LDB_ERR_OPERATIONS_ERROR;
1166 omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
1168 DEBUG(0,(__location__ ": replPropertyMetaData was not specified for Object %s\n",
1169 ldb_dn_get_linearized(msg->dn)));
1170 return LDB_ERR_OPERATIONS_ERROR;
1172 ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
1173 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
1174 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1175 DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
1176 ldb_dn_get_linearized(msg->dn)));
1177 return LDB_ERR_OPERATIONS_ERROR;
1179 *seq_num = find_max_local_usn(omd);
1181 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs2,
1182 DSDB_FLAG_NEXT_MODULE |
1183 DSDB_SEARCH_SHOW_RECYCLED |
1184 DSDB_SEARCH_SHOW_EXTENDED_DN |
1185 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
1186 DSDB_SEARCH_REVEAL_INTERNALS);
1188 if (ret != LDB_SUCCESS || res->count != 1) {
1189 DEBUG(0,(__location__ ": Object %s failed to find uSNChanged\n",
1190 ldb_dn_get_linearized(msg->dn)));
1191 return LDB_ERR_OPERATIONS_ERROR;
1194 objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
1195 if (is_urgent && replmd_check_urgent_objectclass(objectclass_el,
1200 db_seq = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNChanged", 0);
1201 if (*seq_num <= db_seq) {
1202 DEBUG(0,(__location__ ": changereplmetada control provided but max(local_usn)"\
1203 " is less or equal to uSNChanged (max = %lld uSNChanged = %lld)\n",
1204 (long long)*seq_num, (long long)db_seq));
1205 return LDB_ERR_OPERATIONS_ERROR;
1209 /* search for the existing replPropertyMetaDataBlob. We need
1210 * to use REVEAL and ask for DNs in storage format to support
1211 * the check for values being the same in
1212 * replmd_update_rpmd_element()
1214 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
1215 DSDB_FLAG_NEXT_MODULE |
1216 DSDB_SEARCH_SHOW_RECYCLED |
1217 DSDB_SEARCH_SHOW_EXTENDED_DN |
1218 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
1219 DSDB_SEARCH_REVEAL_INTERNALS);
1220 if (ret != LDB_SUCCESS || res->count != 1) {
1221 DEBUG(0,(__location__ ": Object %s failed to find replPropertyMetaData\n",
1222 ldb_dn_get_linearized(msg->dn)));
1223 return LDB_ERR_OPERATIONS_ERROR;
1226 objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
1227 if (is_urgent && replmd_check_urgent_objectclass(objectclass_el,
1232 omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
1234 DEBUG(0,(__location__ ": Object %s does not have a replPropertyMetaData attribute\n",
1235 ldb_dn_get_linearized(msg->dn)));
1236 return LDB_ERR_OPERATIONS_ERROR;
1239 ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
1240 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
1241 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1242 DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
1243 ldb_dn_get_linearized(msg->dn)));
1244 return LDB_ERR_OPERATIONS_ERROR;
1247 if (omd.version != 1) {
1248 DEBUG(0,(__location__ ": bad version %u in replPropertyMetaData for %s\n",
1249 omd.version, ldb_dn_get_linearized(msg->dn)));
1250 return LDB_ERR_OPERATIONS_ERROR;
1253 for (i=0; i<msg->num_elements; i++) {
1254 struct ldb_message_element *old_el;
1255 old_el = ldb_msg_find_element(res->msgs[0], msg->elements[i].name);
1256 ret = replmd_update_rpmd_element(ldb, msg, &msg->elements[i], old_el, &omd, schema, seq_num,
1257 our_invocation_id, now);
1258 if (ret != LDB_SUCCESS) {
1262 if (is_urgent && !*is_urgent && (situation == REPL_URGENT_ON_UPDATE)) {
1263 *is_urgent = replmd_check_urgent_attribute(&msg->elements[i]);
1269 * replmd_update_rpmd_element has done an update if the
1272 if (*seq_num != 0) {
1273 struct ldb_val *md_value;
1274 struct ldb_message_element *el;
1276 /*if we are RODC and this is a DRSR update then its ok*/
1277 if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
1278 ret = samdb_rodc(ldb, &rodc);
1279 if (ret != LDB_SUCCESS) {
1280 DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
1282 ldb_asprintf_errstring(ldb, "RODC modify is forbidden\n");
1283 return LDB_ERR_REFERRAL;
1287 md_value = talloc(msg, struct ldb_val);
1288 if (md_value == NULL) {
1290 return LDB_ERR_OPERATIONS_ERROR;
1293 ret = replmd_replPropertyMetaDataCtr1_sort(&omd.ctr.ctr1, schema, msg->dn);
1294 if (ret != LDB_SUCCESS) {
1298 ndr_err = ndr_push_struct_blob(md_value, msg, &omd,
1299 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
1300 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1301 DEBUG(0,(__location__ ": Failed to marshall replPropertyMetaData for %s\n",
1302 ldb_dn_get_linearized(msg->dn)));
1303 return LDB_ERR_OPERATIONS_ERROR;
1306 ret = ldb_msg_add_empty(msg, "replPropertyMetaData", LDB_FLAG_MOD_REPLACE, &el);
1307 if (ret != LDB_SUCCESS) {
1308 DEBUG(0,(__location__ ": Failed to add updated replPropertyMetaData %s\n",
1309 ldb_dn_get_linearized(msg->dn)));
1314 el->values = md_value;
1321 struct dsdb_dn *dsdb_dn;
1326 static int parsed_dn_compare(struct parsed_dn *pdn1, struct parsed_dn *pdn2)
1328 return GUID_compare(pdn1->guid, pdn2->guid);
1331 static struct parsed_dn *parsed_dn_find(struct parsed_dn *pdn, int count, struct GUID *guid, struct ldb_dn *dn)
1333 struct parsed_dn *ret;
1334 if (dn && GUID_all_zero(guid)) {
1335 /* when updating a link using DRS, we sometimes get a
1336 NULL GUID. We then need to try and match by DN */
1338 for (i=0; i<count; i++) {
1339 if (ldb_dn_compare(pdn[i].dsdb_dn->dn, dn) == 0) {
1340 dsdb_get_extended_dn_guid(pdn[i].dsdb_dn->dn, guid, "GUID");
1346 BINARY_ARRAY_SEARCH(pdn, count, guid, guid, GUID_compare, ret);
1351 get a series of message element values as an array of DNs and GUIDs
1352 the result is sorted by GUID
1354 static int get_parsed_dns(struct ldb_module *module, TALLOC_CTX *mem_ctx,
1355 struct ldb_message_element *el, struct parsed_dn **pdn,
1356 const char *ldap_oid)
1359 struct ldb_context *ldb = ldb_module_get_ctx(module);
1366 (*pdn) = talloc_array(mem_ctx, struct parsed_dn, el->num_values);
1368 ldb_module_oom(module);
1369 return LDB_ERR_OPERATIONS_ERROR;
1372 for (i=0; i<el->num_values; i++) {
1373 struct ldb_val *v = &el->values[i];
1376 struct parsed_dn *p;
1380 p->dsdb_dn = dsdb_dn_parse(*pdn, ldb, v, ldap_oid);
1381 if (p->dsdb_dn == NULL) {
1382 return LDB_ERR_INVALID_DN_SYNTAX;
1385 dn = p->dsdb_dn->dn;
1387 p->guid = talloc(*pdn, struct GUID);
1388 if (p->guid == NULL) {
1389 ldb_module_oom(module);
1390 return LDB_ERR_OPERATIONS_ERROR;
1393 status = dsdb_get_extended_dn_guid(dn, p->guid, "GUID");
1394 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1395 /* we got a DN without a GUID - go find the GUID */
1396 int ret = dsdb_module_guid_by_dn(module, dn, p->guid);
1397 if (ret != LDB_SUCCESS) {
1398 ldb_asprintf_errstring(ldb, "Unable to find GUID for DN %s\n",
1399 ldb_dn_get_linearized(dn));
1402 ret = dsdb_set_extended_dn_guid(dn, p->guid, "GUID");
1403 if (ret != LDB_SUCCESS) {
1406 } else if (!NT_STATUS_IS_OK(status)) {
1407 return LDB_ERR_OPERATIONS_ERROR;
1410 /* keep a pointer to the original ldb_val */
1414 TYPESAFE_QSORT(*pdn, el->num_values, parsed_dn_compare);
1420 build a new extended DN, including all meta data fields
1422 RMD_FLAGS = DSDB_RMD_FLAG_* bits
1423 RMD_ADDTIME = originating_add_time
1424 RMD_INVOCID = originating_invocation_id
1425 RMD_CHANGETIME = originating_change_time
1426 RMD_ORIGINATING_USN = originating_usn
1427 RMD_LOCAL_USN = local_usn
1428 RMD_VERSION = version
1430 static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1431 const struct GUID *invocation_id, uint64_t seq_num,
1432 uint64_t local_usn, NTTIME nttime, uint32_t version, bool deleted)
1434 struct ldb_dn *dn = dsdb_dn->dn;
1435 const char *tstring, *usn_string, *flags_string;
1436 struct ldb_val tval;
1438 struct ldb_val usnv, local_usnv;
1439 struct ldb_val vers, flagsv;
1442 const char *dnstring;
1444 uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
1446 tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
1448 return LDB_ERR_OPERATIONS_ERROR;
1450 tval = data_blob_string_const(tstring);
1452 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)seq_num);
1454 return LDB_ERR_OPERATIONS_ERROR;
1456 usnv = data_blob_string_const(usn_string);
1458 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)local_usn);
1460 return LDB_ERR_OPERATIONS_ERROR;
1462 local_usnv = data_blob_string_const(usn_string);
1464 vstring = talloc_asprintf(mem_ctx, "%lu", (unsigned long)version);
1466 return LDB_ERR_OPERATIONS_ERROR;
1468 vers = data_blob_string_const(vstring);
1470 status = GUID_to_ndr_blob(invocation_id, dn, &iid);
1471 if (!NT_STATUS_IS_OK(status)) {
1472 return LDB_ERR_OPERATIONS_ERROR;
1475 flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
1476 if (!flags_string) {
1477 return LDB_ERR_OPERATIONS_ERROR;
1479 flagsv = data_blob_string_const(flags_string);
1481 ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
1482 if (ret != LDB_SUCCESS) return ret;
1483 ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", &tval);
1484 if (ret != LDB_SUCCESS) return ret;
1485 ret = ldb_dn_set_extended_component(dn, "RMD_INVOCID", &iid);
1486 if (ret != LDB_SUCCESS) return ret;
1487 ret = ldb_dn_set_extended_component(dn, "RMD_CHANGETIME", &tval);
1488 if (ret != LDB_SUCCESS) return ret;
1489 ret = ldb_dn_set_extended_component(dn, "RMD_LOCAL_USN", &local_usnv);
1490 if (ret != LDB_SUCCESS) return ret;
1491 ret = ldb_dn_set_extended_component(dn, "RMD_ORIGINATING_USN", &usnv);
1492 if (ret != LDB_SUCCESS) return ret;
1493 ret = ldb_dn_set_extended_component(dn, "RMD_VERSION", &vers);
1494 if (ret != LDB_SUCCESS) return ret;
1496 dnstring = dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1);
1497 if (dnstring == NULL) {
1498 return LDB_ERR_OPERATIONS_ERROR;
1500 *v = data_blob_string_const(dnstring);
1505 static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1506 struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
1507 uint64_t seq_num, uint64_t local_usn, NTTIME nttime,
1508 uint32_t version, bool deleted);
1511 check if any links need upgrading from w2k format
1513 The parent_ctx is the ldb_message_element which contains the values array that dns[i].v points at, and which should be used for allocating any new value.
1515 static int replmd_check_upgrade_links(struct parsed_dn *dns, uint32_t count, struct ldb_message_element *parent_ctx, const struct GUID *invocation_id)
1518 for (i=0; i<count; i++) {
1523 status = dsdb_get_extended_dn_uint32(dns[i].dsdb_dn->dn, &version, "RMD_VERSION");
1524 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1528 /* it's an old one that needs upgrading */
1529 ret = replmd_update_la_val(parent_ctx->values, dns[i].v, dns[i].dsdb_dn, dns[i].dsdb_dn, invocation_id,
1531 if (ret != LDB_SUCCESS) {
1539 update an extended DN, including all meta data fields
1541 see replmd_build_la_val for value names
1543 static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
1544 struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
1545 uint64_t seq_num, uint64_t local_usn, NTTIME nttime,
1546 uint32_t version, bool deleted)
1548 struct ldb_dn *dn = dsdb_dn->dn;
1549 const char *tstring, *usn_string, *flags_string;
1550 struct ldb_val tval;
1552 struct ldb_val usnv, local_usnv;
1553 struct ldb_val vers, flagsv;
1554 const struct ldb_val *old_addtime;
1555 uint32_t old_version;
1558 const char *dnstring;
1560 uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
1562 tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
1564 return LDB_ERR_OPERATIONS_ERROR;
1566 tval = data_blob_string_const(tstring);
1568 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)seq_num);
1570 return LDB_ERR_OPERATIONS_ERROR;
1572 usnv = data_blob_string_const(usn_string);
1574 usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)local_usn);
1576 return LDB_ERR_OPERATIONS_ERROR;
1578 local_usnv = data_blob_string_const(usn_string);
1580 status = GUID_to_ndr_blob(invocation_id, dn, &iid);
1581 if (!NT_STATUS_IS_OK(status)) {
1582 return LDB_ERR_OPERATIONS_ERROR;
1585 flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
1586 if (!flags_string) {
1587 return LDB_ERR_OPERATIONS_ERROR;
1589 flagsv = data_blob_string_const(flags_string);
1591 ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
1592 if (ret != LDB_SUCCESS) return ret;
1594 /* get the ADDTIME from the original */
1595 old_addtime = ldb_dn_get_extended_component(old_dsdb_dn->dn, "RMD_ADDTIME");
1596 if (old_addtime == NULL) {
1597 old_addtime = &tval;
1599 if (dsdb_dn != old_dsdb_dn) {
1600 ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", old_addtime);
1601 if (ret != LDB_SUCCESS) return ret;
1604 /* use our invocation id */
1605 ret = ldb_dn_set_extended_component(dn, "RMD_INVOCID", &iid);
1606 if (ret != LDB_SUCCESS) return ret;
1608 /* changetime is the current time */
1609 ret = ldb_dn_set_extended_component(dn, "RMD_CHANGETIME", &tval);
1610 if (ret != LDB_SUCCESS) return ret;
1612 /* update the USN */
1613 ret = ldb_dn_set_extended_component(dn, "RMD_ORIGINATING_USN", &usnv);
1614 if (ret != LDB_SUCCESS) return ret;
1616 ret = ldb_dn_set_extended_component(dn, "RMD_LOCAL_USN", &local_usnv);
1617 if (ret != LDB_SUCCESS) return ret;
1619 /* increase the version by 1 */
1620 status = dsdb_get_extended_dn_uint32(old_dsdb_dn->dn, &old_version, "RMD_VERSION");
1621 if (NT_STATUS_IS_OK(status) && old_version >= version) {
1622 version = old_version+1;
1624 vstring = talloc_asprintf(dn, "%lu", (unsigned long)version);
1625 vers = data_blob_string_const(vstring);
1626 ret = ldb_dn_set_extended_component(dn, "RMD_VERSION", &vers);
1627 if (ret != LDB_SUCCESS) return ret;
1629 dnstring = dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1);
1630 if (dnstring == NULL) {
1631 return LDB_ERR_OPERATIONS_ERROR;
1633 *v = data_blob_string_const(dnstring);
1639 handle adding a linked attribute
1641 static int replmd_modify_la_add(struct ldb_module *module,
1642 const struct dsdb_schema *schema,
1643 struct ldb_message *msg,
1644 struct ldb_message_element *el,
1645 struct ldb_message_element *old_el,
1646 const struct dsdb_attribute *schema_attr,
1649 struct GUID *msg_guid)
1652 struct parsed_dn *dns, *old_dns;
1653 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1655 struct ldb_val *new_values = NULL;
1656 unsigned int num_new_values = 0;
1657 unsigned old_num_values = old_el?old_el->num_values:0;
1658 const struct GUID *invocation_id;
1659 struct ldb_context *ldb = ldb_module_get_ctx(module);
1662 unix_to_nt_time(&now, t);
1664 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid);
1665 if (ret != LDB_SUCCESS) {
1666 talloc_free(tmp_ctx);
1670 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid);
1671 if (ret != LDB_SUCCESS) {
1672 talloc_free(tmp_ctx);
1676 invocation_id = samdb_ntds_invocation_id(ldb);
1677 if (!invocation_id) {
1678 talloc_free(tmp_ctx);
1679 return LDB_ERR_OPERATIONS_ERROR;
1682 ret = replmd_check_upgrade_links(old_dns, old_num_values, old_el, invocation_id);
1683 if (ret != LDB_SUCCESS) {
1684 talloc_free(tmp_ctx);
1688 /* for each new value, see if it exists already with the same GUID */
1689 for (i=0; i<el->num_values; i++) {
1690 struct parsed_dn *p = parsed_dn_find(old_dns, old_num_values, dns[i].guid, NULL);
1692 /* this is a new linked attribute value */
1693 new_values = talloc_realloc(tmp_ctx, new_values, struct ldb_val, num_new_values+1);
1694 if (new_values == NULL) {
1695 ldb_module_oom(module);
1696 talloc_free(tmp_ctx);
1697 return LDB_ERR_OPERATIONS_ERROR;
1699 ret = replmd_build_la_val(new_values, &new_values[num_new_values], dns[i].dsdb_dn,
1700 invocation_id, seq_num, seq_num, now, 0, false);
1701 if (ret != LDB_SUCCESS) {
1702 talloc_free(tmp_ctx);
1707 /* this is only allowed if the GUID was
1708 previously deleted. */
1709 uint32_t rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
1711 if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
1712 ldb_asprintf_errstring(ldb, "Attribute %s already exists for target GUID %s",
1713 el->name, GUID_string(tmp_ctx, p->guid));
1714 talloc_free(tmp_ctx);
1715 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1717 ret = replmd_update_la_val(old_el->values, p->v, dns[i].dsdb_dn, p->dsdb_dn,
1718 invocation_id, seq_num, seq_num, now, 0, false);
1719 if (ret != LDB_SUCCESS) {
1720 talloc_free(tmp_ctx);
1725 ret = replmd_add_backlink(module, schema, msg_guid, dns[i].guid, true, schema_attr, true);
1726 if (ret != LDB_SUCCESS) {
1727 talloc_free(tmp_ctx);
1732 /* add the new ones on to the end of the old values, constructing a new el->values */
1733 el->values = talloc_realloc(msg->elements, old_el?old_el->values:NULL,
1735 old_num_values+num_new_values);
1736 if (el->values == NULL) {
1737 ldb_module_oom(module);
1738 return LDB_ERR_OPERATIONS_ERROR;
1741 memcpy(&el->values[old_num_values], new_values, num_new_values*sizeof(struct ldb_val));
1742 el->num_values = old_num_values + num_new_values;
1744 talloc_steal(msg->elements, el->values);
1745 talloc_steal(el->values, new_values);
1747 talloc_free(tmp_ctx);
1749 /* we now tell the backend to replace all existing values
1750 with the one we have constructed */
1751 el->flags = LDB_FLAG_MOD_REPLACE;
1758 handle deleting all active linked attributes
1760 static int replmd_modify_la_delete(struct ldb_module *module,
1761 const struct dsdb_schema *schema,
1762 struct ldb_message *msg,
1763 struct ldb_message_element *el,
1764 struct ldb_message_element *old_el,
1765 const struct dsdb_attribute *schema_attr,
1768 struct GUID *msg_guid)
1771 struct parsed_dn *dns, *old_dns;
1772 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1774 const struct GUID *invocation_id;
1775 struct ldb_context *ldb = ldb_module_get_ctx(module);
1778 unix_to_nt_time(&now, t);
1780 /* check if there is nothing to delete */
1781 if ((!old_el || old_el->num_values == 0) &&
1782 el->num_values == 0) {
1786 if (!old_el || old_el->num_values == 0) {
1787 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1790 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid);
1791 if (ret != LDB_SUCCESS) {
1792 talloc_free(tmp_ctx);
1796 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid);
1797 if (ret != LDB_SUCCESS) {
1798 talloc_free(tmp_ctx);
1802 invocation_id = samdb_ntds_invocation_id(ldb);
1803 if (!invocation_id) {
1804 return LDB_ERR_OPERATIONS_ERROR;
1807 ret = replmd_check_upgrade_links(old_dns, old_el->num_values, old_el, invocation_id);
1808 if (ret != LDB_SUCCESS) {
1809 talloc_free(tmp_ctx);
1815 /* see if we are being asked to delete any links that
1816 don't exist or are already deleted */
1817 for (i=0; i<el->num_values; i++) {
1818 struct parsed_dn *p = &dns[i];
1819 struct parsed_dn *p2;
1822 p2 = parsed_dn_find(old_dns, old_el->num_values, p->guid, NULL);
1824 ldb_asprintf_errstring(ldb, "Attribute %s doesn't exist for target GUID %s",
1825 el->name, GUID_string(tmp_ctx, p->guid));
1826 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1828 rmd_flags = dsdb_dn_rmd_flags(p2->dsdb_dn->dn);
1829 if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
1830 ldb_asprintf_errstring(ldb, "Attribute %s already deleted for target GUID %s",
1831 el->name, GUID_string(tmp_ctx, p->guid));
1832 return LDB_ERR_NO_SUCH_ATTRIBUTE;
1836 /* for each new value, see if it exists already with the same GUID
1837 if it is not already deleted and matches the delete list then delete it
1839 for (i=0; i<old_el->num_values; i++) {
1840 struct parsed_dn *p = &old_dns[i];
1843 if (el->num_values && parsed_dn_find(dns, el->num_values, p->guid, NULL) == NULL) {
1847 rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
1848 if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
1850 ret = replmd_update_la_val(old_el->values, p->v, p->dsdb_dn, p->dsdb_dn,
1851 invocation_id, seq_num, seq_num, now, 0, true);
1852 if (ret != LDB_SUCCESS) {
1853 talloc_free(tmp_ctx);
1857 ret = replmd_add_backlink(module, schema, msg_guid, old_dns[i].guid, false, schema_attr, true);
1858 if (ret != LDB_SUCCESS) {
1859 talloc_free(tmp_ctx);
1864 el->values = talloc_steal(msg->elements, old_el->values);
1865 el->num_values = old_el->num_values;
1867 talloc_free(tmp_ctx);
1869 /* we now tell the backend to replace all existing values
1870 with the one we have constructed */
1871 el->flags = LDB_FLAG_MOD_REPLACE;
1877 handle replacing a linked attribute
1879 static int replmd_modify_la_replace(struct ldb_module *module,
1880 const struct dsdb_schema *schema,
1881 struct ldb_message *msg,
1882 struct ldb_message_element *el,
1883 struct ldb_message_element *old_el,
1884 const struct dsdb_attribute *schema_attr,
1887 struct GUID *msg_guid)
1890 struct parsed_dn *dns, *old_dns;
1891 TALLOC_CTX *tmp_ctx = talloc_new(msg);
1893 const struct GUID *invocation_id;
1894 struct ldb_context *ldb = ldb_module_get_ctx(module);
1895 struct ldb_val *new_values = NULL;
1896 unsigned int num_new_values = 0;
1897 unsigned int old_num_values = old_el?old_el->num_values:0;
1900 unix_to_nt_time(&now, t);
1902 /* check if there is nothing to replace */
1903 if ((!old_el || old_el->num_values == 0) &&
1904 el->num_values == 0) {
1908 ret = get_parsed_dns(module, tmp_ctx, el, &dns, schema_attr->syntax->ldap_oid);
1909 if (ret != LDB_SUCCESS) {
1910 talloc_free(tmp_ctx);
1914 ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns, schema_attr->syntax->ldap_oid);
1915 if (ret != LDB_SUCCESS) {
1916 talloc_free(tmp_ctx);
1920 invocation_id = samdb_ntds_invocation_id(ldb);
1921 if (!invocation_id) {
1922 return LDB_ERR_OPERATIONS_ERROR;
1925 ret = replmd_check_upgrade_links(old_dns, old_num_values, old_el, invocation_id);
1926 if (ret != LDB_SUCCESS) {
1927 talloc_free(tmp_ctx);
1931 /* mark all the old ones as deleted */
1932 for (i=0; i<old_num_values; i++) {
1933 struct parsed_dn *old_p = &old_dns[i];
1934 struct parsed_dn *p;
1935 uint32_t rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);
1937 if (rmd_flags & DSDB_RMD_FLAG_DELETED) continue;
1939 ret = replmd_add_backlink(module, schema, msg_guid, old_dns[i].guid, false, schema_attr, false);
1940 if (ret != LDB_SUCCESS) {
1941 talloc_free(tmp_ctx);
1945 p = parsed_dn_find(dns, el->num_values, old_p->guid, NULL);
1947 /* we don't delete it if we are re-adding it */
1951 ret = replmd_update_la_val(old_el->values, old_p->v, old_p->dsdb_dn, old_p->dsdb_dn,
1952 invocation_id, seq_num, seq_num, now, 0, true);
1953 if (ret != LDB_SUCCESS) {
1954 talloc_free(tmp_ctx);
1959 /* for each new value, either update its meta-data, or add it
1962 for (i=0; i<el->num_values; i++) {
1963 struct parsed_dn *p = &dns[i], *old_p;
1966 (old_p = parsed_dn_find(old_dns,
1967 old_num_values, p->guid, NULL)) != NULL) {
1968 /* update in place */
1969 ret = replmd_update_la_val(old_el->values, old_p->v, old_p->dsdb_dn,
1970 old_p->dsdb_dn, invocation_id,
1971 seq_num, seq_num, now, 0, false);
1972 if (ret != LDB_SUCCESS) {
1973 talloc_free(tmp_ctx);
1978 new_values = talloc_realloc(tmp_ctx, new_values, struct ldb_val,
1980 if (new_values == NULL) {
1981 ldb_module_oom(module);
1982 talloc_free(tmp_ctx);
1983 return LDB_ERR_OPERATIONS_ERROR;
1985 ret = replmd_build_la_val(new_values, &new_values[num_new_values], dns[i].dsdb_dn,
1986 invocation_id, seq_num, seq_num, now, 0, false);
1987 if (ret != LDB_SUCCESS) {
1988 talloc_free(tmp_ctx);
1994 ret = replmd_add_backlink(module, schema, msg_guid, dns[i].guid, true, schema_attr, false);
1995 if (ret != LDB_SUCCESS) {
1996 talloc_free(tmp_ctx);
2001 /* add the new values to the end of old_el */
2002 if (num_new_values != 0) {
2003 el->values = talloc_realloc(msg->elements, old_el?old_el->values:NULL,
2004 struct ldb_val, old_num_values+num_new_values);
2005 if (el->values == NULL) {
2006 ldb_module_oom(module);
2007 return LDB_ERR_OPERATIONS_ERROR;
2009 memcpy(&el->values[old_num_values], &new_values[0],
2010 sizeof(struct ldb_val)*num_new_values);
2011 el->num_values = old_num_values + num_new_values;
2012 talloc_steal(msg->elements, new_values);
2014 el->values = old_el->values;
2015 el->num_values = old_el->num_values;
2016 talloc_steal(msg->elements, el->values);
2019 talloc_free(tmp_ctx);
2021 /* we now tell the backend to replace all existing values
2022 with the one we have constructed */
2023 el->flags = LDB_FLAG_MOD_REPLACE;
2030 handle linked attributes in modify requests
2032 static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
2033 struct ldb_message *msg,
2034 uint64_t seq_num, time_t t)
2036 struct ldb_result *res;
2039 struct ldb_context *ldb = ldb_module_get_ctx(module);
2040 struct ldb_message *old_msg;
2042 const struct dsdb_schema *schema;
2043 struct GUID old_guid;
2046 /* there the replmd_update_rpmd code has already
2047 * checked and saw that there are no linked
2052 if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) {
2053 /* don't do anything special for linked attributes */
2057 ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
2058 DSDB_FLAG_NEXT_MODULE |
2059 DSDB_SEARCH_SHOW_RECYCLED |
2060 DSDB_SEARCH_REVEAL_INTERNALS |
2061 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
2062 if (ret != LDB_SUCCESS) {
2065 schema = dsdb_get_schema(ldb, res);
2067 return LDB_ERR_OPERATIONS_ERROR;
2070 old_msg = res->msgs[0];
2072 old_guid = samdb_result_guid(old_msg, "objectGUID");
2074 for (i=0; i<msg->num_elements; i++) {
2075 struct ldb_message_element *el = &msg->elements[i];
2076 struct ldb_message_element *old_el, *new_el;
2077 const struct dsdb_attribute *schema_attr
2078 = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
2080 ldb_asprintf_errstring(ldb,
2081 "attribute %s is not a valid attribute in schema", el->name);
2082 return LDB_ERR_OBJECT_CLASS_VIOLATION;
2084 if (schema_attr->linkID == 0) {
2087 if ((schema_attr->linkID & 1) == 1) {
2088 /* Odd is for the target. Illegal to modify */
2089 ldb_asprintf_errstring(ldb,
2090 "attribute %s must not be modified directly, it is a linked attribute", el->name);
2091 return LDB_ERR_UNWILLING_TO_PERFORM;
2093 old_el = ldb_msg_find_element(old_msg, el->name);
2094 switch (el->flags & LDB_FLAG_MOD_MASK) {
2095 case LDB_FLAG_MOD_REPLACE:
2096 ret = replmd_modify_la_replace(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid);
2098 case LDB_FLAG_MOD_DELETE:
2099 ret = replmd_modify_la_delete(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid);
2101 case LDB_FLAG_MOD_ADD:
2102 ret = replmd_modify_la_add(module, schema, msg, el, old_el, schema_attr, seq_num, t, &old_guid);
2105 ldb_asprintf_errstring(ldb,
2106 "invalid flags 0x%x for %s linked attribute",
2107 el->flags, el->name);
2108 return LDB_ERR_UNWILLING_TO_PERFORM;
2110 if (ret != LDB_SUCCESS) {
2114 ldb_msg_remove_attr(old_msg, el->name);
2116 ldb_msg_add_empty(old_msg, el->name, 0, &new_el);
2117 new_el->num_values = el->num_values;
2118 new_el->values = talloc_steal(msg->elements, el->values);
2120 /* TODO: this relises a bit too heavily on the exact
2121 behaviour of ldb_msg_find_element and
2122 ldb_msg_remove_element */
2123 old_el = ldb_msg_find_element(msg, el->name);
2125 ldb_msg_remove_element(msg, old_el);
2136 static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
2138 struct ldb_context *ldb;
2139 struct replmd_replicated_request *ac;
2140 struct ldb_request *down_req;
2141 struct ldb_message *msg;
2142 time_t t = time(NULL);
2144 bool is_urgent = false;
2145 struct loadparm_context *lp_ctx;
2147 unsigned int functional_level;
2149 /* do not manipulate our control entries */
2150 if (ldb_dn_is_special(req->op.mod.message->dn)) {
2151 return ldb_next_request(module, req);
2154 ldb = ldb_module_get_ctx(module);
2155 functional_level = dsdb_functional_level(ldb);
2157 lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
2158 struct loadparm_context);
2160 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
2162 ac = replmd_ctx_init(module, req);
2164 return LDB_ERR_OPERATIONS_ERROR;
2167 /* we have to copy the message as the caller might have it as a const */
2168 msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
2172 return LDB_ERR_OPERATIONS_ERROR;
2175 ldb_msg_remove_attr(msg, "whenChanged");
2176 ldb_msg_remove_attr(msg, "uSNChanged");
2178 ret = replmd_update_rpmd(module, ac->schema, req, msg, &ac->seq_num, t, &is_urgent);
2179 if (ret == LDB_ERR_REFERRAL) {
2180 referral = talloc_asprintf(req,
2182 lpcfg_dnsdomain(lp_ctx),
2183 ldb_dn_get_linearized(msg->dn));
2184 ret = ldb_module_send_referral(req, referral);
2186 return ldb_module_done(req, NULL, NULL, ret);
2189 if (ret != LDB_SUCCESS) {
2194 ret = replmd_modify_handle_linked_attribs(module, msg, ac->seq_num, t);
2195 if (ret != LDB_SUCCESS) {
2201 * - replace the old object with the newly constructed one
2204 ac->is_urgent = is_urgent;
2206 ret = ldb_build_mod_req(&down_req, ldb, ac,
2209 ac, replmd_op_callback,
2211 LDB_REQ_SET_LOCATION(down_req);
2212 if (ret != LDB_SUCCESS) {
2217 /* If we are in functional level 2000, then
2218 * replmd_modify_handle_linked_attribs will have done
2220 if (functional_level == DS_DOMAIN_FUNCTION_2000) {
2221 ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
2222 if (ret != LDB_SUCCESS) {
2228 talloc_steal(down_req, msg);
2230 /* we only change whenChanged and uSNChanged if the seq_num
2232 if (ac->seq_num != 0) {
2233 if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
2238 if (add_uint64_element(ldb, msg, "uSNChanged",
2239 ac->seq_num) != LDB_SUCCESS) {
2245 /* go on with the call chain */
2246 return ldb_next_request(module, down_req);
2249 static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares);
2252 handle a rename request
2254 On a rename we need to do an extra ldb_modify which sets the
2255 whenChanged and uSNChanged attributes. We do this in a callback after the success.
2257 static int replmd_rename(struct ldb_module *module, struct ldb_request *req)
2259 struct ldb_context *ldb;
2260 struct replmd_replicated_request *ac;
2262 struct ldb_request *down_req;
2264 /* do not manipulate our control entries */
2265 if (ldb_dn_is_special(req->op.mod.message->dn)) {
2266 return ldb_next_request(module, req);
2269 ldb = ldb_module_get_ctx(module);
2271 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_rename\n");
2273 ac = replmd_ctx_init(module, req);
2275 return LDB_ERR_OPERATIONS_ERROR;
2277 ret = ldb_build_rename_req(&down_req, ldb, ac,
2278 ac->req->op.rename.olddn,
2279 ac->req->op.rename.newdn,
2281 ac, replmd_rename_callback,
2283 LDB_REQ_SET_LOCATION(down_req);
2284 if (ret != LDB_SUCCESS) {
2289 /* go on with the call chain */
2290 return ldb_next_request(module, down_req);
2293 /* After the rename is compleated, update the whenchanged etc */
2294 static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
2296 struct ldb_context *ldb;
2297 struct replmd_replicated_request *ac;
2298 struct ldb_request *down_req;
2299 struct ldb_message *msg;
2300 time_t t = time(NULL);
2303 ac = talloc_get_type(req->context, struct replmd_replicated_request);
2304 ldb = ldb_module_get_ctx(ac->module);
2306 if (ares->error != LDB_SUCCESS) {
2307 return ldb_module_done(ac->req, ares->controls,
2308 ares->response, ares->error);
2311 if (ares->type != LDB_REPLY_DONE) {
2312 ldb_set_errstring(ldb,
2313 "invalid ldb_reply_type in callback");
2315 return ldb_module_done(ac->req, NULL, NULL,
2316 LDB_ERR_OPERATIONS_ERROR);
2319 /* Get a sequence number from the backend */
2320 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
2321 if (ret != LDB_SUCCESS) {
2326 * - replace the old object with the newly constructed one
2329 msg = ldb_msg_new(ac);
2332 return LDB_ERR_OPERATIONS_ERROR;
2335 msg->dn = ac->req->op.rename.newdn;
2337 ret = ldb_build_mod_req(&down_req, ldb, ac,
2340 ac, replmd_op_callback,
2342 LDB_REQ_SET_LOCATION(down_req);
2343 if (ret != LDB_SUCCESS) {
2347 talloc_steal(down_req, msg);
2349 if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
2354 if (add_uint64_element(ldb, msg, "uSNChanged",
2355 ac->seq_num) != LDB_SUCCESS) {
2360 /* go on with the call chain - do the modify after the rename */
2361 return ldb_next_request(ac->module, down_req);
2365 remove links from objects that point at this object when an object
2368 static int replmd_delete_remove_link(struct ldb_module *module,
2369 const struct dsdb_schema *schema,
2371 struct ldb_message_element *el,
2372 const struct dsdb_attribute *sa)
2375 TALLOC_CTX *tmp_ctx = talloc_new(module);
2376 struct ldb_context *ldb = ldb_module_get_ctx(module);
2378 for (i=0; i<el->num_values; i++) {
2379 struct dsdb_dn *dsdb_dn;
2383 struct ldb_message *msg;
2384 const struct dsdb_attribute *target_attr;
2385 struct ldb_message_element *el2;
2386 struct ldb_val dn_val;
2388 if (dsdb_dn_is_deleted_val(&el->values[i])) {
2392 dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], sa->syntax->ldap_oid);
2394 talloc_free(tmp_ctx);
2395 return LDB_ERR_OPERATIONS_ERROR;
2398 status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &guid2, "GUID");
2399 if (!NT_STATUS_IS_OK(status)) {
2400 talloc_free(tmp_ctx);
2401 return LDB_ERR_OPERATIONS_ERROR;
2404 /* remove the link */
2405 msg = ldb_msg_new(tmp_ctx);
2407 ldb_module_oom(module);
2408 talloc_free(tmp_ctx);
2409 return LDB_ERR_OPERATIONS_ERROR;
2413 msg->dn = dsdb_dn->dn;
2415 target_attr = dsdb_attribute_by_linkID(schema, sa->linkID ^ 1);
2416 if (target_attr == NULL) {
2420 ret = ldb_msg_add_empty(msg, target_attr->lDAPDisplayName, LDB_FLAG_MOD_DELETE, &el2);
2421 if (ret != LDB_SUCCESS) {
2422 ldb_module_oom(module);
2423 talloc_free(tmp_ctx);
2424 return LDB_ERR_OPERATIONS_ERROR;
2426 dn_val = data_blob_string_const(ldb_dn_get_linearized(dn));
2427 el2->values = &dn_val;
2428 el2->num_values = 1;
2430 ret = dsdb_module_modify(module, msg, DSDB_FLAG_OWN_MODULE);
2431 if (ret != LDB_SUCCESS) {
2432 talloc_free(tmp_ctx);
2436 talloc_free(tmp_ctx);
2442 handle update of replication meta data for deletion of objects
2444 This also handles the mapping of delete to a rename operation
2445 to allow deletes to be replicated.
2447 static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
2449 int ret = LDB_ERR_OTHER;
2450 bool retb, disallow_move_on_delete;
2451 struct ldb_dn *old_dn, *new_dn;
2452 const char *rdn_name;
2453 const struct ldb_val *rdn_value, *new_rdn_value;
2455 struct ldb_context *ldb = ldb_module_get_ctx(module);
2456 const struct dsdb_schema *schema;
2457 struct ldb_message *msg, *old_msg;
2458 struct ldb_message_element *el;
2459 TALLOC_CTX *tmp_ctx;
2460 struct ldb_result *res, *parent_res;
2461 const char *preserved_attrs[] = {
2462 /* yes, this really is a hard coded list. See MS-ADTS
2463 section 3.1.1.5.5.1.1 */
2464 "nTSecurityDescriptor", "attributeID", "attributeSyntax", "dNReferenceUpdate", "dNSHostName",
2465 "flatName", "governsID", "groupType", "instanceType", "lDAPDisplayName", "legacyExchangeDN",
2466 "isDeleted", "isRecycled", "lastKnownParent", "msDS-LastKnownRDN", "mS-DS-CreatorSID",
2467 "mSMQOwnerID", "nCName", "objectClass", "distinguishedName", "objectGUID", "objectSid",
2468 "oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
2469 "securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
2470 "trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated",
2471 "whenChanged", NULL};
2472 unsigned int i, el_count = 0;
2473 enum deletion_state { OBJECT_NOT_DELETED=1, OBJECT_DELETED=2, OBJECT_RECYCLED=3,
2474 OBJECT_TOMBSTONE=4, OBJECT_REMOVED=5 };
2475 enum deletion_state deletion_state, next_deletion_state;
2478 if (ldb_dn_is_special(req->op.del.dn)) {
2479 return ldb_next_request(module, req);
2482 tmp_ctx = talloc_new(ldb);
2485 return LDB_ERR_OPERATIONS_ERROR;
2488 schema = dsdb_get_schema(ldb, tmp_ctx);
2490 return LDB_ERR_OPERATIONS_ERROR;
2493 old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
2495 /* we need the complete msg off disk, so we can work out which
2496 attributes need to be removed */
2497 ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, NULL,
2498 DSDB_FLAG_NEXT_MODULE |
2499 DSDB_SEARCH_SHOW_RECYCLED |
2500 DSDB_SEARCH_REVEAL_INTERNALS |
2501 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
2502 if (ret != LDB_SUCCESS) {
2503 talloc_free(tmp_ctx);
2506 old_msg = res->msgs[0];
2509 ret = dsdb_recyclebin_enabled(module, &enabled);
2510 if (ret != LDB_SUCCESS) {
2511 talloc_free(tmp_ctx);
2515 if (ldb_msg_check_string_attribute(old_msg, "isDeleted", "TRUE")) {
2517 deletion_state = OBJECT_TOMBSTONE;
2518 next_deletion_state = OBJECT_REMOVED;
2519 } else if (ldb_msg_check_string_attribute(old_msg, "isRecycled", "TRUE")) {
2520 deletion_state = OBJECT_RECYCLED;
2521 next_deletion_state = OBJECT_REMOVED;
2523 deletion_state = OBJECT_DELETED;
2524 next_deletion_state = OBJECT_RECYCLED;
2527 deletion_state = OBJECT_NOT_DELETED;
2529 next_deletion_state = OBJECT_DELETED;
2531 next_deletion_state = OBJECT_TOMBSTONE;
2535 if (next_deletion_state == OBJECT_REMOVED) {
2536 struct auth_session_info *session_info =
2537 (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
2538 if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
2539 ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
2540 ldb_dn_get_linearized(old_msg->dn));
2541 return LDB_ERR_UNWILLING_TO_PERFORM;
2544 /* it is already deleted - really remove it this time */
2545 talloc_free(tmp_ctx);
2546 return ldb_next_request(module, req);
2549 rdn_name = ldb_dn_get_rdn_name(old_dn);
2550 rdn_value = ldb_dn_get_rdn_val(old_dn);
2552 msg = ldb_msg_new(tmp_ctx);
2554 ldb_module_oom(module);
2555 talloc_free(tmp_ctx);
2556 return LDB_ERR_OPERATIONS_ERROR;
2561 if (deletion_state == OBJECT_NOT_DELETED){
2562 /* consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag */
2563 disallow_move_on_delete =
2564 (ldb_msg_find_attr_as_int(old_msg, "systemFlags", 0)
2565 & SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
2567 /* work out where we will be renaming this object to */
2568 if (!disallow_move_on_delete) {
2569 ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn,
2571 if (ret != LDB_SUCCESS) {
2572 /* this is probably an attempted delete on a partition
2573 * that doesn't allow delete operations, such as the
2574 * schema partition */
2575 ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
2576 ldb_dn_get_linearized(old_dn));
2577 talloc_free(tmp_ctx);
2578 return LDB_ERR_UNWILLING_TO_PERFORM;
2581 new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
2582 if (new_dn == NULL) {
2583 ldb_module_oom(module);
2584 talloc_free(tmp_ctx);
2585 return LDB_ERR_OPERATIONS_ERROR;
2589 /* get the objects GUID from the search we just did */
2590 guid = samdb_result_guid(old_msg, "objectGUID");
2592 /* Add a formatted child */
2593 retb = ldb_dn_add_child_fmt(new_dn, "%s=%s\\0ADEL:%s",
2596 GUID_string(tmp_ctx, &guid));
2598 DEBUG(0,(__location__ ": Unable to add a formatted child to dn: %s",
2599 ldb_dn_get_linearized(new_dn)));
2600 talloc_free(tmp_ctx);
2601 return LDB_ERR_OPERATIONS_ERROR;
2604 ret = ldb_msg_add_string(msg, "isDeleted", "TRUE");
2605 if (ret != LDB_SUCCESS) {
2606 DEBUG(0,(__location__ ": Failed to add isDeleted string to the msg\n"));
2607 ldb_module_oom(module);
2608 talloc_free(tmp_ctx);
2611 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2615 now we need to modify the object in the following ways:
2617 - add isDeleted=TRUE
2618 - update rDN and name, with new rDN
2619 - remove linked attributes
2620 - remove objectCategory and sAMAccountType
2621 - remove attribs not on the preserved list
2622 - preserved if in above list, or is rDN
2623 - remove all linked attribs from this object
2624 - remove all links from other objects to this object
2625 - add lastKnownParent
2626 - update replPropertyMetaData?
2628 see MS-ADTS "Tombstone Requirements" section 3.1.1.5.5.1.1
2631 /* we need the storage form of the parent GUID */
2632 ret = dsdb_module_search_dn(module, tmp_ctx, &parent_res,
2633 ldb_dn_get_parent(tmp_ctx, old_dn), NULL,
2634 DSDB_FLAG_NEXT_MODULE |
2635 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
2636 DSDB_SEARCH_REVEAL_INTERNALS|
2637 DSDB_SEARCH_SHOW_RECYCLED);
2638 if (ret != LDB_SUCCESS) {
2639 talloc_free(tmp_ctx);
2643 if (deletion_state == OBJECT_NOT_DELETED){
2644 ret = ldb_msg_add_steal_string(msg, "lastKnownParent",
2645 ldb_dn_get_extended_linearized(tmp_ctx, parent_res->msgs[0]->dn, 1));
2646 if (ret != LDB_SUCCESS) {
2647 DEBUG(0,(__location__ ": Failed to add lastKnownParent string to the msg\n"));
2648 ldb_module_oom(module);
2649 talloc_free(tmp_ctx);
2652 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2655 switch (next_deletion_state){
2657 case OBJECT_DELETED:
2659 ret = ldb_msg_add_value(msg, "msDS-LastKnownRDN", rdn_value, NULL);
2660 if (ret != LDB_SUCCESS) {
2661 DEBUG(0,(__location__ ": Failed to add msDS-LastKnownRDN string to the msg\n"));
2662 ldb_module_oom(module);
2663 talloc_free(tmp_ctx);
2666 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2668 ret = ldb_msg_add_empty(msg, "objectCategory", LDB_FLAG_MOD_DELETE, NULL);
2669 if (ret != LDB_SUCCESS) {
2670 talloc_free(tmp_ctx);
2671 ldb_module_oom(module);
2675 ret = ldb_msg_add_empty(msg, "sAMAccountType", LDB_FLAG_MOD_DELETE, NULL);
2676 if (ret != LDB_SUCCESS) {
2677 talloc_free(tmp_ctx);
2678 ldb_module_oom(module);
2684 case OBJECT_RECYCLED:
2685 case OBJECT_TOMBSTONE:
2687 /* we also mark it as recycled, meaning this object can't be
2688 recovered (we are stripping its attributes) */
2689 if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008_R2) {
2690 ret = ldb_msg_add_string(msg, "isRecycled", "TRUE");
2691 if (ret != LDB_SUCCESS) {
2692 DEBUG(0,(__location__ ": Failed to add isRecycled string to the msg\n"));
2693 ldb_module_oom(module);
2694 talloc_free(tmp_ctx);
2697 msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
2700 /* work out which of the old attributes we will be removing */
2701 for (i=0; i<old_msg->num_elements; i++) {
2702 const struct dsdb_attribute *sa;
2703 el = &old_msg->elements[i];
2704 sa = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
2706 talloc_free(tmp_ctx);
2707 return LDB_ERR_OPERATIONS_ERROR;
2709 if (ldb_attr_cmp(el->name, rdn_name) == 0) {
2710 /* don't remove the rDN */
2713 if (sa->linkID && sa->linkID & 1) {
2714 ret = replmd_delete_remove_link(module, schema, old_dn, el, sa);
2715 if (ret != LDB_SUCCESS) {
2716 talloc_free(tmp_ctx);
2717 return LDB_ERR_OPERATIONS_ERROR;
2721 if (!sa->linkID && ldb_attr_in_list(preserved_attrs, el->name)) {
2724 ret = ldb_msg_add_empty(msg, el->name, LDB_FLAG_MOD_DELETE, &el);
2725 if (ret != LDB_SUCCESS) {
2726 talloc_free(tmp_ctx);
2727 ldb_module_oom(module);
2737 if (deletion_state == OBJECT_NOT_DELETED) {
2738 const struct dsdb_attribute *sa;
2740 /* work out what the new rdn value is, for updating the
2741 rDN and name fields */
2742 new_rdn_value = ldb_dn_get_rdn_val(new_dn);
2744 sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
2746 talloc_free(tmp_ctx);
2747 return LDB_ERR_OPERATIONS_ERROR;
2750 ret = ldb_msg_add_value(msg, sa->lDAPDisplayName, new_rdn_value,
2752 if (ret != LDB_SUCCESS) {
2753 talloc_free(tmp_ctx);
2756 el->flags = LDB_FLAG_MOD_REPLACE;
2758 el = ldb_msg_find_element(old_msg, "name");
2760 ret = ldb_msg_add_value(msg, "name", new_rdn_value, &el);
2761 if (ret != LDB_SUCCESS) {
2762 talloc_free(tmp_ctx);
2765 el->flags = LDB_FLAG_MOD_REPLACE;
2769 ret = dsdb_module_modify(module, msg, DSDB_FLAG_OWN_MODULE);
2770 if (ret != LDB_SUCCESS) {
2771 ldb_asprintf_errstring(ldb, "replmd_delete: Failed to modify object %s in delete - %s",
2772 ldb_dn_get_linearized(old_dn), ldb_errstring(ldb));
2773 talloc_free(tmp_ctx);
2777 if (deletion_state == OBJECT_NOT_DELETED) {
2778 /* now rename onto the new DN */
2779 ret = dsdb_module_rename(module, old_dn, new_dn, DSDB_FLAG_NEXT_MODULE);
2780 if (ret != LDB_SUCCESS){
2781 DEBUG(0,(__location__ ": Failed to rename object from '%s' to '%s' - %s\n",
2782 ldb_dn_get_linearized(old_dn),
2783 ldb_dn_get_linearized(new_dn),
2784 ldb_errstring(ldb)));
2785 talloc_free(tmp_ctx);
2790 talloc_free(tmp_ctx);
2792 return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
2797 static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret)
2802 static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status)
2804 int ret = LDB_ERR_OTHER;
2805 /* TODO: do some error mapping */
2809 static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
2811 struct ldb_context *ldb;
2812 struct ldb_request *change_req;
2813 enum ndr_err_code ndr_err;
2814 struct ldb_message *msg;
2815 struct replPropertyMetaDataBlob *md;
2816 struct ldb_val md_value;
2821 * TODO: check if the parent object exist
2825 * TODO: handle the conflict case where an object with the
2829 ldb = ldb_module_get_ctx(ar->module);
2830 msg = ar->objs->objects[ar->index_current].msg;
2831 md = ar->objs->objects[ar->index_current].meta_data;
2833 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
2834 if (ret != LDB_SUCCESS) {
2835 return replmd_replicated_request_error(ar, ret);
2838 ret = ldb_msg_add_value(msg, "objectGUID", &ar->objs->objects[ar->index_current].guid_value, NULL);
2839 if (ret != LDB_SUCCESS) {
2840 return replmd_replicated_request_error(ar, ret);
2843 ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
2844 if (ret != LDB_SUCCESS) {
2845 return replmd_replicated_request_error(ar, ret);
2848 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ar->seq_num);
2849 if (ret != LDB_SUCCESS) {
2850 return replmd_replicated_request_error(ar, ret);
2853 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
2854 if (ret != LDB_SUCCESS) {
2855 return replmd_replicated_request_error(ar, ret);
2858 /* remove any message elements that have zero values */
2859 for (i=0; i<msg->num_elements; i++) {
2860 struct ldb_message_element *el = &msg->elements[i];
2862 if (el->num_values == 0) {
2863 DEBUG(4,(__location__ ": Removing attribute %s with num_values==0\n",
2865 memmove(el, el+1, sizeof(*el)*(msg->num_elements - (i+1)));
2866 msg->num_elements--;
2873 * the meta data array is already sorted by the caller
2875 for (i=0; i < md->ctr.ctr1.count; i++) {
2876 md->ctr.ctr1.array[i].local_usn = ar->seq_num;
2878 ndr_err = ndr_push_struct_blob(&md_value, msg, md,
2879 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
2880 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2881 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
2882 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
2884 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &md_value, NULL);
2885 if (ret != LDB_SUCCESS) {
2886 return replmd_replicated_request_error(ar, ret);
2889 replmd_ldb_message_sort(msg, ar->schema);
2892 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_ADD, msg);
2893 DEBUG(4, ("DRS replication add message:\n%s\n", s));
2897 ret = ldb_build_add_req(&change_req,
2905 LDB_REQ_SET_LOCATION(change_req);
2906 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
2908 return ldb_next_request(ar->module, change_req);
2912 return true if an update is newer than an existing entry
2913 see section 5.11 of MS-ADTS
2915 static bool replmd_update_is_newer(const struct GUID *current_invocation_id,
2916 const struct GUID *update_invocation_id,
2917 uint32_t current_version,
2918 uint32_t update_version,
2919 uint32_t current_usn,
2920 uint32_t update_usn,
2921 NTTIME current_change_time,
2922 NTTIME update_change_time)
2924 if (GUID_compare(update_invocation_id, current_invocation_id) == 0) {
2925 if (update_usn != current_usn) {
2926 return update_usn >= current_usn;
2929 if (update_version != current_version) {
2930 return update_version >= current_version;
2932 if (update_change_time != current_change_time) {
2933 return update_change_time >= current_change_time;
2935 return GUID_compare(update_invocation_id, current_invocation_id) >= 0;
2938 static bool replmd_replPropertyMetaData1_is_newer(struct replPropertyMetaData1 *cur_m,
2939 struct replPropertyMetaData1 *new_m)
2941 return replmd_update_is_newer(&cur_m->originating_invocation_id,
2942 &new_m->originating_invocation_id,
2945 cur_m->originating_usn,
2946 new_m->originating_usn,
2947 cur_m->originating_change_time,
2948 new_m->originating_change_time);
2951 static struct replPropertyMetaData1 *
2952 replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob *md_blob,
2953 enum drsuapi_DsAttributeId attid)
2956 struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
2958 for (i = 0; i < rpmd_ctr->count; i++) {
2959 if (rpmd_ctr->array[i].attid == attid) {
2960 return &rpmd_ctr->array[i];
2968 handle renames that come in over DRS replication
2970 static int replmd_replicated_handle_rename(struct replmd_replicated_request *ar,
2971 struct ldb_message *msg,
2972 struct replPropertyMetaDataBlob *rmd,
2973 struct replPropertyMetaDataBlob *omd)
2975 struct replPropertyMetaData1 *md_remote;
2976 struct replPropertyMetaData1 *md_local;
2978 if (ldb_dn_compare(msg->dn, ar->search_msg->dn) == 0) {
2983 /* now we need to check for double renames. We could have a
2984 * local rename pending which our replication partner hasn't
2985 * received yet. We choose which one wins by looking at the
2986 * attribute stamps on the two objects, the newer one wins
2988 md_remote = replmd_replPropertyMetaData1_find_attid(rmd, DRSUAPI_ATTRIBUTE_name);
2989 md_local = replmd_replPropertyMetaData1_find_attid(omd, DRSUAPI_ATTRIBUTE_name);
2990 /* if there is no name attribute then we have to assume the
2991 object we've received is in fact newer */
2992 if (!md_remote || !md_local ||
2993 replmd_replPropertyMetaData1_is_newer(md_local, md_remote)) {
2994 DEBUG(4,("replmd_replicated_request rename %s => %s\n",
2995 ldb_dn_get_linearized(ar->search_msg->dn),
2996 ldb_dn_get_linearized(msg->dn)));
2997 /* pass rename to the next module
2998 * so it doesn't appear as an originating update */
2999 return dsdb_module_rename(ar->module,
3000 ar->search_msg->dn, msg->dn,
3001 DSDB_FLAG_NEXT_MODULE | DSDB_MODIFY_RELAX);
3004 /* we're going to keep our old object */
3005 DEBUG(4,(__location__ ": Keeping object %s and rejecting older rename to %s\n",
3006 ldb_dn_get_linearized(ar->search_msg->dn),
3007 ldb_dn_get_linearized(msg->dn)));
3012 static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
3014 struct ldb_context *ldb;
3015 struct ldb_request *change_req;
3016 enum ndr_err_code ndr_err;
3017 struct ldb_message *msg;
3018 struct replPropertyMetaDataBlob *rmd;
3019 struct replPropertyMetaDataBlob omd;
3020 const struct ldb_val *omd_value;
3021 struct replPropertyMetaDataBlob nmd;
3022 struct ldb_val nmd_value;
3025 unsigned int removed_attrs = 0;
3028 ldb = ldb_module_get_ctx(ar->module);
3029 msg = ar->objs->objects[ar->index_current].msg;
3030 rmd = ar->objs->objects[ar->index_current].meta_data;
3034 /* find existing meta data */
3035 omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData");
3037 ndr_err = ndr_pull_struct_blob(omd_value, ar, &omd,
3038 (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
3039 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3040 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3041 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3044 if (omd.version != 1) {
3045 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3049 /* handle renames that come in over DRS */
3050 ret = replmd_replicated_handle_rename(ar, msg, rmd, &omd);
3051 if (ret != LDB_SUCCESS) {
3052 ldb_debug(ldb, LDB_DEBUG_FATAL,
3053 "replmd_replicated_request rename %s => %s failed - %s\n",
3054 ldb_dn_get_linearized(ar->search_msg->dn),
3055 ldb_dn_get_linearized(msg->dn),
3056 ldb_errstring(ldb));
3057 return replmd_replicated_request_werror(ar, WERR_DS_DRA_DB_ERROR);
3062 nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count;
3063 nmd.ctr.ctr1.array = talloc_array(ar,
3064 struct replPropertyMetaData1,
3065 nmd.ctr.ctr1.count);
3066 if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3068 /* first copy the old meta data */
3069 for (i=0; i < omd.ctr.ctr1.count; i++) {
3070 nmd.ctr.ctr1.array[ni] = omd.ctr.ctr1.array[i];
3074 /* now merge in the new meta data */
3075 for (i=0; i < rmd->ctr.ctr1.count; i++) {
3078 for (j=0; j < ni; j++) {
3081 if (rmd->ctr.ctr1.array[i].attid != nmd.ctr.ctr1.array[j].attid) {
3085 cmp = replmd_replPropertyMetaData1_is_newer(&nmd.ctr.ctr1.array[j],
3086 &rmd->ctr.ctr1.array[i]);
3088 /* replace the entry */
3089 nmd.ctr.ctr1.array[j] = rmd->ctr.ctr1.array[i];
3094 if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType) {
3095 DEBUG(3,("Discarding older DRS attribute update to %s on %s from %s\n",
3096 msg->elements[i-removed_attrs].name,
3097 ldb_dn_get_linearized(msg->dn),
3098 GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
3101 /* we don't want to apply this change so remove the attribute */
3102 ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]);
3109 if (found) continue;
3111 nmd.ctr.ctr1.array[ni] = rmd->ctr.ctr1.array[i];
3116 * finally correct the size of the meta_data array
3118 nmd.ctr.ctr1.count = ni;
3121 * the rdn attribute (the alias for the name attribute),
3122 * 'cn' for most objects is the last entry in the meta data array
3125 * sort the new meta data array
3127 ret = replmd_replPropertyMetaDataCtr1_sort(&nmd.ctr.ctr1, ar->schema, msg->dn);
3128 if (ret != LDB_SUCCESS) {
3133 * check if some replicated attributes left, otherwise skip the ldb_modify() call
3135 if (msg->num_elements == 0) {
3136 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n",
3139 ar->index_current++;
3140 return replmd_replicated_apply_next(ar);
3143 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n",
3144 ar->index_current, msg->num_elements);
3146 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
3147 if (ret != LDB_SUCCESS) {
3148 return replmd_replicated_request_error(ar, ret);
3151 for (i=0; i<ni; i++) {
3152 nmd.ctr.ctr1.array[i].local_usn = ar->seq_num;
3155 /* create the meta data value */
3156 ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd,
3157 (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
3158 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3159 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3160 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3164 * when we know that we'll modify the record, add the whenChanged, uSNChanged
3165 * and replPopertyMetaData attributes
3167 ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
3168 if (ret != LDB_SUCCESS) {
3169 return replmd_replicated_request_error(ar, ret);
3171 ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
3172 if (ret != LDB_SUCCESS) {
3173 return replmd_replicated_request_error(ar, ret);
3175 ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
3176 if (ret != LDB_SUCCESS) {
3177 return replmd_replicated_request_error(ar, ret);
3180 replmd_ldb_message_sort(msg, ar->schema);
3182 /* we want to replace the old values */
3183 for (i=0; i < msg->num_elements; i++) {
3184 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
3188 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
3189 DEBUG(4, ("DRS replication modify message:\n%s\n", s));
3193 ret = ldb_build_mod_req(&change_req,
3201 LDB_REQ_SET_LOCATION(change_req);
3202 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3204 return ldb_next_request(ar->module, change_req);
3207 static int replmd_replicated_apply_search_callback(struct ldb_request *req,
3208 struct ldb_reply *ares)
3210 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3211 struct replmd_replicated_request);
3215 return ldb_module_done(ar->req, NULL, NULL,
3216 LDB_ERR_OPERATIONS_ERROR);
3218 if (ares->error != LDB_SUCCESS &&
3219 ares->error != LDB_ERR_NO_SUCH_OBJECT) {
3220 return ldb_module_done(ar->req, ares->controls,
3221 ares->response, ares->error);
3224 switch (ares->type) {
3225 case LDB_REPLY_ENTRY:
3226 ar->search_msg = talloc_steal(ar, ares->message);
3229 case LDB_REPLY_REFERRAL:
3230 /* we ignore referrals */
3233 case LDB_REPLY_DONE:
3234 if (ar->search_msg != NULL) {
3235 ret = replmd_replicated_apply_merge(ar);
3237 ret = replmd_replicated_apply_add(ar);
3239 if (ret != LDB_SUCCESS) {
3240 return ldb_module_done(ar->req, NULL, NULL, ret);
3248 static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar);
3250 static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
3252 struct ldb_context *ldb;
3256 struct ldb_request *search_req;
3257 struct ldb_search_options_control *options;
3259 if (ar->index_current >= ar->objs->num_objects) {
3260 /* done with it, go to next stage */
3261 return replmd_replicated_uptodate_vector(ar);
3264 ldb = ldb_module_get_ctx(ar->module);
3265 ar->search_msg = NULL;
3267 tmp_str = ldb_binary_encode(ar, ar->objs->objects[ar->index_current].guid_value);
3268 if (!tmp_str) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3270 filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str);
3271 if (!filter) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3272 talloc_free(tmp_str);
3274 ret = ldb_build_search_req(&search_req,
3283 replmd_replicated_apply_search_callback,
3285 LDB_REQ_SET_LOCATION(search_req);
3287 ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
3289 if (ret != LDB_SUCCESS) {
3293 /* we need to cope with cross-partition links, so search for
3294 the GUID over all partitions */
3295 options = talloc(search_req, struct ldb_search_options_control);
3296 if (options == NULL) {
3297 DEBUG(0, (__location__ ": out of memory\n"));
3298 return LDB_ERR_OPERATIONS_ERROR;
3300 options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
3302 ret = ldb_request_add_control(search_req,
3303 LDB_CONTROL_SEARCH_OPTIONS_OID,
3305 if (ret != LDB_SUCCESS) {
3309 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3311 return ldb_next_request(ar->module, search_req);
3314 static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req,
3315 struct ldb_reply *ares)
3317 struct ldb_context *ldb;
3318 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3319 struct replmd_replicated_request);
3320 ldb = ldb_module_get_ctx(ar->module);
3323 return ldb_module_done(ar->req, NULL, NULL,
3324 LDB_ERR_OPERATIONS_ERROR);
3326 if (ares->error != LDB_SUCCESS) {
3327 return ldb_module_done(ar->req, ares->controls,
3328 ares->response, ares->error);
3331 if (ares->type != LDB_REPLY_DONE) {
3332 ldb_set_errstring(ldb, "Invalid reply type\n!");
3333 return ldb_module_done(ar->req, NULL, NULL,
3334 LDB_ERR_OPERATIONS_ERROR);
3339 return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
3342 static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar)
3344 struct ldb_context *ldb;
3345 struct ldb_request *change_req;
3346 enum ndr_err_code ndr_err;
3347 struct ldb_message *msg;
3348 struct replUpToDateVectorBlob ouv;
3349 const struct ldb_val *ouv_value;
3350 const struct drsuapi_DsReplicaCursor2CtrEx *ruv;
3351 struct replUpToDateVectorBlob nuv;
3352 struct ldb_val nuv_value;
3353 struct ldb_message_element *nuv_el = NULL;
3354 const struct GUID *our_invocation_id;
3355 struct ldb_message_element *orf_el = NULL;
3356 struct repsFromToBlob nrf;
3357 struct ldb_val *nrf_value = NULL;
3358 struct ldb_message_element *nrf_el = NULL;
3362 time_t t = time(NULL);
3365 uint32_t instanceType;
3367 ldb = ldb_module_get_ctx(ar->module);
3368 ruv = ar->objs->uptodateness_vector;
3374 unix_to_nt_time(&now, t);
3376 instanceType = ldb_msg_find_attr_as_uint(ar->search_msg, "instanceType", 0);
3377 if (! (instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
3378 DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as not NC root: %s\n",
3379 ldb_dn_get_linearized(ar->search_msg->dn)));
3380 return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
3384 * first create the new replUpToDateVector
3386 ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector");
3388 ndr_err = ndr_pull_struct_blob(ouv_value, ar, &ouv,
3389 (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
3390 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3391 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3392 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3395 if (ouv.version != 2) {
3396 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3401 * the new uptodateness vector will at least
3402 * contain 1 entry, one for the source_dsa
3404 * plus optional values from our old vector and the one from the source_dsa
3406 nuv.ctr.ctr2.count = 1 + ouv.ctr.ctr2.count;
3407 if (ruv) nuv.ctr.ctr2.count += ruv->count;
3408 nuv.ctr.ctr2.cursors = talloc_array(ar,
3409 struct drsuapi_DsReplicaCursor2,
3410 nuv.ctr.ctr2.count);
3411 if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3413 /* first copy the old vector */
3414 for (i=0; i < ouv.ctr.ctr2.count; i++) {
3415 nuv.ctr.ctr2.cursors[ni] = ouv.ctr.ctr2.cursors[i];
3419 /* get our invocation_id if we have one already attached to the ldb */
3420 our_invocation_id = samdb_ntds_invocation_id(ldb);
3422 /* merge in the source_dsa vector is available */
3423 for (i=0; (ruv && i < ruv->count); i++) {
3426 if (our_invocation_id &&
3427 GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
3428 our_invocation_id)) {
3432 for (j=0; j < ni; j++) {
3433 if (!GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
3434 &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) {
3441 * we update only the highest_usn and not the latest_sync_success time,
3442 * because the last success stands for direct replication
3444 if (ruv->cursors[i].highest_usn > nuv.ctr.ctr2.cursors[j].highest_usn) {
3445 nuv.ctr.ctr2.cursors[j].highest_usn = ruv->cursors[i].highest_usn;
3450 if (found) continue;
3452 /* if it's not there yet, add it */
3453 nuv.ctr.ctr2.cursors[ni] = ruv->cursors[i];
3458 * merge in the current highwatermark for the source_dsa
3461 for (j=0; j < ni; j++) {
3462 if (!GUID_equal(&ar->objs->source_dsa->source_dsa_invocation_id,
3463 &nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) {
3470 * here we update the highest_usn and last_sync_success time
3471 * because we're directly replicating from the source_dsa
3473 * and use the tmp_highest_usn because this is what we have just applied
3476 nuv.ctr.ctr2.cursors[j].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn;
3477 nuv.ctr.ctr2.cursors[j].last_sync_success = now;
3482 * here we update the highest_usn and last_sync_success time
3483 * because we're directly replicating from the source_dsa
3485 * and use the tmp_highest_usn because this is what we have just applied
3488 nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= ar->objs->source_dsa->source_dsa_invocation_id;
3489 nuv.ctr.ctr2.cursors[ni].highest_usn = ar->objs->source_dsa->highwatermark.tmp_highest_usn;
3490 nuv.ctr.ctr2.cursors[ni].last_sync_success = now;
3495 * finally correct the size of the cursors array
3497 nuv.ctr.ctr2.count = ni;
3502 TYPESAFE_QSORT(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, drsuapi_DsReplicaCursor2_compare);
3505 * create the change ldb_message
3507 msg = ldb_msg_new(ar);
3508 if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3509 msg->dn = ar->search_msg->dn;
3511 ndr_err = ndr_push_struct_blob(&nuv_value, msg, &nuv,
3512 (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
3513 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3514 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3515 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3517 ret = ldb_msg_add_value(msg, "replUpToDateVector", &nuv_value, &nuv_el);
3518 if (ret != LDB_SUCCESS) {
3519 return replmd_replicated_request_error(ar, ret);
3521 nuv_el->flags = LDB_FLAG_MOD_REPLACE;
3524 * now create the new repsFrom value from the given repsFromTo1 structure
3528 nrf.ctr.ctr1 = *ar->objs->source_dsa;
3529 /* and fix some values... */
3530 nrf.ctr.ctr1.consecutive_sync_failures = 0;
3531 nrf.ctr.ctr1.last_success = now;
3532 nrf.ctr.ctr1.last_attempt = now;
3533 nrf.ctr.ctr1.result_last_attempt = WERR_OK;
3534 nrf.ctr.ctr1.highwatermark.highest_usn = nrf.ctr.ctr1.highwatermark.tmp_highest_usn;
3537 * first see if we already have a repsFrom value for the current source dsa
3538 * if so we'll later replace this value
3540 orf_el = ldb_msg_find_element(ar->search_msg, "repsFrom");
3542 for (i=0; i < orf_el->num_values; i++) {
3543 struct repsFromToBlob *trf;
3545 trf = talloc(ar, struct repsFromToBlob);
3546 if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3548 ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, trf,
3549 (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
3550 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3551 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3552 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3555 if (trf->version != 1) {
3556 return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3560 * we compare the source dsa objectGUID not the invocation_id
3561 * because we want only one repsFrom value per source dsa
3562 * and when the invocation_id of the source dsa has changed we don't need
3563 * the old repsFrom with the old invocation_id
3565 if (!GUID_equal(&trf->ctr.ctr1.source_dsa_obj_guid,
3566 &ar->objs->source_dsa->source_dsa_obj_guid)) {
3572 nrf_value = &orf_el->values[i];
3577 * copy over all old values to the new ldb_message
3579 ret = ldb_msg_add_empty(msg, "repsFrom", 0, &nrf_el);
3580 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3585 * if we haven't found an old repsFrom value for the current source dsa
3586 * we'll add a new value
3589 struct ldb_val zero_value;
3590 ZERO_STRUCT(zero_value);
3591 ret = ldb_msg_add_value(msg, "repsFrom", &zero_value, &nrf_el);
3592 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3594 nrf_value = &nrf_el->values[nrf_el->num_values - 1];
3597 /* we now fill the value which is already attached to ldb_message */
3598 ndr_err = ndr_push_struct_blob(nrf_value, msg,
3600 (ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
3601 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3602 NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
3603 return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
3607 * the ldb_message_element for the attribute, has all the old values and the new one
3608 * so we'll replace the whole attribute with all values
3610 nrf_el->flags = LDB_FLAG_MOD_REPLACE;
3613 char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
3614 DEBUG(4, ("DRS replication uptodate modify message:\n%s\n", s));
3618 /* prepare the ldb_modify() request */
3619 ret = ldb_build_mod_req(&change_req,
3625 replmd_replicated_uptodate_modify_callback,
3627 LDB_REQ_SET_LOCATION(change_req);
3628 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3630 return ldb_next_request(ar->module, change_req);
3633 static int replmd_replicated_uptodate_search_callback(struct ldb_request *req,
3634 struct ldb_reply *ares)
3636 struct replmd_replicated_request *ar = talloc_get_type(req->context,
3637 struct replmd_replicated_request);
3641 return ldb_module_done(ar->req, NULL, NULL,
3642 LDB_ERR_OPERATIONS_ERROR);
3644 if (ares->error != LDB_SUCCESS &&
3645 ares->error != LDB_ERR_NO_SUCH_OBJECT) {
3646 return ldb_module_done(ar->req, ares->controls,
3647 ares->response, ares->error);
3650 switch (ares->type) {
3651 case LDB_REPLY_ENTRY:
3652 ar->search_msg = talloc_steal(ar, ares->message);
3655 case LDB_REPLY_REFERRAL:
3656 /* we ignore referrals */
3659 case LDB_REPLY_DONE:
3660 if (ar->search_msg == NULL) {
3661 ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
3663 ret = replmd_replicated_uptodate_modify(ar);
3665 if (ret != LDB_SUCCESS) {
3666 return ldb_module_done(ar->req, NULL, NULL, ret);
3675 static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar)
3677 struct ldb_context *ldb;
3679 static const char *attrs[] = {
3680 "replUpToDateVector",
3685 struct ldb_request *search_req;
3687 ldb = ldb_module_get_ctx(ar->module);
3688 ar->search_msg = NULL;
3690 ret = ldb_build_search_req(&search_req,
3693 ar->objs->partition_dn,
3699 replmd_replicated_uptodate_search_callback,
3701 LDB_REQ_SET_LOCATION(search_req);
3702 if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
3704 return ldb_next_request(ar->module, search_req);
3709 static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req)
3711 struct ldb_context *ldb;
3712 struct dsdb_extended_replicated_objects *objs;
3713 struct replmd_replicated_request *ar;
3714 struct ldb_control **ctrls;
3717 struct replmd_private *replmd_private =
3718 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
3720 ldb = ldb_module_get_ctx(module);
3722 ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n");
3724 objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects);
3726 ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n");
3727 return LDB_ERR_PROTOCOL_ERROR;
3730 if (objs->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) {
3731 ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n",
3732 objs->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION);
3733 return LDB_ERR_PROTOCOL_ERROR;
3736 ar = replmd_ctx_init(module, req);
3738 return LDB_ERR_OPERATIONS_ERROR;
3740 /* Set the flags to have the replmd_op_callback run over the full set of objects */
3741 ar->apply_mode = true;
3743 ar->schema = dsdb_get_schema(ldb, ar);
3745 ldb_debug_set(ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n");
3747 DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
3748 return LDB_ERR_CONSTRAINT_VIOLATION;
3751 ctrls = req->controls;
3753 if (req->controls) {
3754 req->controls = talloc_memdup(ar, req->controls,
3755 talloc_get_size(req->controls));
3756 if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOMEM);
3759 /* This allows layers further down to know if a change came in over replication */
3760 ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL);
3761 if (ret != LDB_SUCCESS) {
3765 /* If this change contained linked attributes in the body
3766 * (rather than in the links section) we need to update
3767 * backlinks in linked_attributes */
3768 ret = ldb_request_add_control(req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
3769 if (ret != LDB_SUCCESS) {
3773 ar->controls = req->controls;
3774 req->controls = ctrls;
3776 DEBUG(4,("linked_attributes_count=%u\n", objs->linked_attributes_count));
3778 /* save away the linked attributes for the end of the
3780 for (i=0; i<ar->objs->linked_attributes_count; i++) {
3781 struct la_entry *la_entry;
3783 if (replmd_private->la_ctx == NULL) {
3784 replmd_private->la_ctx = talloc_new(replmd_private);
3786 la_entry = talloc(replmd_private->la_ctx, struct la_entry);
3787 if (la_entry == NULL) {
3789 return LDB_ERR_OPERATIONS_ERROR;
3791 la_entry->la = talloc(la_entry, struct drsuapi_DsReplicaLinkedAttribute);
3792 if (la_entry->la == NULL) {
3793 talloc_free(la_entry);
3795 return LDB_ERR_OPERATIONS_ERROR;
3797 *la_entry->la = ar->objs->linked_attributes[i];
3799 /* we need to steal the non-scalars so they stay
3800 around until the end of the transaction */
3801 talloc_steal(la_entry->la, la_entry->la->identifier);
3802 talloc_steal(la_entry->la, la_entry->la->value.blob);
3804 DLIST_ADD(replmd_private->la_list, la_entry);
3807 return replmd_replicated_apply_next(ar);
3811 process one linked attribute structure
3813 static int replmd_process_linked_attribute(struct ldb_module *module,
3814 struct la_entry *la_entry)
3816 struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
3817 struct ldb_context *ldb = ldb_module_get_ctx(module);
3818 struct ldb_message *msg;
3819 TALLOC_CTX *tmp_ctx = talloc_new(la_entry);
3820 const struct dsdb_schema *schema = dsdb_get_schema(ldb, tmp_ctx);
3822 const struct dsdb_attribute *attr;
3823 struct dsdb_dn *dsdb_dn;
3824 uint64_t seq_num = 0;
3825 struct ldb_message_element *old_el;
3827 time_t t = time(NULL);
3828 struct ldb_result *res;
3829 const char *attrs[2];
3830 struct parsed_dn *pdn_list, *pdn;
3831 struct GUID guid = GUID_zero();
3833 bool active = (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?true:false;
3834 const struct GUID *our_invocation_id;
3837 linked_attributes[0]:
3838 &objs->linked_attributes[i]: struct drsuapi_DsReplicaLinkedAttribute
3840 identifier: struct drsuapi_DsReplicaObjectIdentifier
3841 __ndr_size : 0x0000003a (58)
3842 __ndr_size_sid : 0x00000000 (0)
3843 guid : 8e95b6a9-13dd-4158-89db-3220a5be5cc7
3845 __ndr_size_dn : 0x00000000 (0)
3847 attid : DRSUAPI_ATTRIBUTE_member (0x1F)
3848 value: struct drsuapi_DsAttributeValue
3849 __ndr_size : 0x0000007e (126)
3851 blob : DATA_BLOB length=126
3852 flags : 0x00000001 (1)
3853 1: DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
3854 originating_add_time : Wed Sep 2 22:20:01 2009 EST
3855 meta_data: struct drsuapi_DsReplicaMetaData
3856 version : 0x00000015 (21)
3857 originating_change_time : Wed Sep 2 23:39:07 2009 EST
3858 originating_invocation_id: 794640f3-18cf-40ee-a211-a93992b67a64
3859 originating_usn : 0x000000000001e19c (123292)
3861 (for cases where the link is to a normal DN)
3862 &target: struct drsuapi_DsReplicaObjectIdentifier3
3863 __ndr_size : 0x0000007e (126)
3864 __ndr_size_sid : 0x0000001c (28)
3865 guid : 7639e594-db75-4086-b0d4-67890ae46031
3866 sid : S-1-5-21-2848215498-2472035911-1947525656-19924
3867 __ndr_size_dn : 0x00000022 (34)
3868 dn : 'CN=UOne,OU=TestOU,DC=vsofs8,DC=com'
3871 /* find the attribute being modified */
3872 attr = dsdb_attribute_by_attributeID_id(schema, la->attid);
3874 DEBUG(0, (__location__ ": Unable to find attributeID 0x%x\n", la->attid));
3875 talloc_free(tmp_ctx);
3876 return LDB_ERR_OPERATIONS_ERROR;
3879 attrs[0] = attr->lDAPDisplayName;
3882 /* get the existing message from the db for the object with
3883 this GUID, returning attribute being modified. We will then
3884 use this msg as the basis for a modify call */
3885 ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
3886 DSDB_FLAG_NEXT_MODULE |
3887 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
3888 DSDB_SEARCH_SHOW_RECYCLED |
3889 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
3890 DSDB_SEARCH_REVEAL_INTERNALS,
3891 "objectGUID=%s", GUID_string(tmp_ctx, &la->identifier->guid));
3892 if (ret != LDB_SUCCESS) {
3893 talloc_free(tmp_ctx);
3896 if (res->count != 1) {
3897 ldb_asprintf_errstring(ldb, "DRS linked attribute for GUID %s - DN not found",
3898 GUID_string(tmp_ctx, &la->identifier->guid));
3899 talloc_free(tmp_ctx);
3900 return LDB_ERR_NO_SUCH_OBJECT;
3904 if (msg->num_elements == 0) {
3905 ret = ldb_msg_add_empty(msg, attr->lDAPDisplayName, LDB_FLAG_MOD_REPLACE, &old_el);
3906 if (ret != LDB_SUCCESS) {
3907 ldb_module_oom(module);
3908 talloc_free(tmp_ctx);
3909 return LDB_ERR_OPERATIONS_ERROR;
3912 old_el = &msg->elements[0];
3913 old_el->flags = LDB_FLAG_MOD_REPLACE;
3916 /* parse the existing links */
3917 ret = get_parsed_dns(module, tmp_ctx, old_el, &pdn_list, attr->syntax->ldap_oid);
3918 if (ret != LDB_SUCCESS) {
3919 talloc_free(tmp_ctx);
3923 /* get our invocationId */
3924 our_invocation_id = samdb_ntds_invocation_id(ldb);
3925 if (!our_invocation_id) {
3926 ldb_debug_set(ldb, LDB_DEBUG_ERROR, __location__ ": unable to find invocationId\n");
3927 talloc_free(tmp_ctx);
3928 return LDB_ERR_OPERATIONS_ERROR;
3931 ret = replmd_check_upgrade_links(pdn_list, old_el->num_values, old_el, our_invocation_id);
3932 if (ret != LDB_SUCCESS) {
3933 talloc_free(tmp_ctx);
3937 status = dsdb_dn_la_from_blob(ldb, attr, schema, tmp_ctx, la->value.blob, &dsdb_dn);
3938 if (!W_ERROR_IS_OK(status)) {
3939 ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s - %s\n",
3940 old_el->name, ldb_dn_get_linearized(msg->dn), win_errstr(status));
3941 return LDB_ERR_OPERATIONS_ERROR;
3944 ntstatus = dsdb_get_extended_dn_guid(dsdb_dn->dn, &guid, "GUID");
3945 if (!NT_STATUS_IS_OK(ntstatus) && active) {
3946 ldb_asprintf_errstring(ldb, "Failed to find GUID in linked attribute blob for %s on %s from %s",
3948 ldb_dn_get_linearized(dsdb_dn->dn),
3949 ldb_dn_get_linearized(msg->dn));
3950 return LDB_ERR_OPERATIONS_ERROR;
3953 /* re-resolve the DN by GUID, as the DRS server may give us an
3955 ret = dsdb_module_dn_by_guid(module, dsdb_dn, &guid, &dsdb_dn->dn);
3956 if (ret != LDB_SUCCESS) {
3957 DEBUG(2,(__location__ ": WARNING: Failed to re-resolve GUID %s - using %s",
3958 GUID_string(tmp_ctx, &guid),
3959 ldb_dn_get_linearized(dsdb_dn->dn)));
3962 /* see if this link already exists */
3963 pdn = parsed_dn_find(pdn_list, old_el->num_values, &guid, dsdb_dn->dn);
3965 /* see if this update is newer than what we have already */
3966 struct GUID invocation_id = GUID_zero();
3967 uint32_t version = 0;
3968 uint32_t originating_usn = 0;
3969 NTTIME change_time = 0;
3970 uint32_t rmd_flags = dsdb_dn_rmd_flags(pdn->dsdb_dn->dn);
3972 dsdb_get_extended_dn_guid(pdn->dsdb_dn->dn, &invocation_id, "RMD_INVOCID");
3973 dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &version, "RMD_VERSION");
3974 dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &originating_usn, "RMD_ORIGINATING_USN");
3975 dsdb_get_extended_dn_nttime(pdn->dsdb_dn->dn, &change_time, "RMD_CHANGETIME");
3977 if (!replmd_update_is_newer(&invocation_id,
3978 &la->meta_data.originating_invocation_id,
3980 la->meta_data.version,
3982 la->meta_data.originating_usn,
3984 la->meta_data.originating_change_time)) {
3985 DEBUG(3,("Discarding older DRS linked attribute update to %s on %s from %s\n",
3986 old_el->name, ldb_dn_get_linearized(msg->dn),
3987 GUID_string(tmp_ctx, &la->meta_data.originating_invocation_id)));
3988 talloc_free(tmp_ctx);
3992 /* get a seq_num for this change */
3993 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
3994 if (ret != LDB_SUCCESS) {
3995 talloc_free(tmp_ctx);
3999 if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
4000 /* remove the existing backlink */
4001 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid, false, attr, false);
4002 if (ret != LDB_SUCCESS) {
4003 talloc_free(tmp_ctx);
4008 ret = replmd_update_la_val(tmp_ctx, pdn->v, dsdb_dn, pdn->dsdb_dn,
4009 &la->meta_data.originating_invocation_id,
4010 la->meta_data.originating_usn, seq_num,
4011 la->meta_data.originating_change_time,
4012 la->meta_data.version,
4014 if (ret != LDB_SUCCESS) {
4015 talloc_free(tmp_ctx);
4020 /* add the new backlink */
4021 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid, true, attr, false);
4022 if (ret != LDB_SUCCESS) {
4023 talloc_free(tmp_ctx);
4028 /* get a seq_num for this change */
4029 ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
4030 if (ret != LDB_SUCCESS) {
4031 talloc_free(tmp_ctx);
4035 old_el->values = talloc_realloc(msg->elements, old_el->values,
4036 struct ldb_val, old_el->num_values+1);
4037 if (!old_el->values) {
4038 ldb_module_oom(module);
4039 return LDB_ERR_OPERATIONS_ERROR;
4041 old_el->num_values++;
4043 ret = replmd_build_la_val(tmp_ctx, &old_el->values[old_el->num_values-1], dsdb_dn,
4044 &la->meta_data.originating_invocation_id,
4045 la->meta_data.originating_usn, seq_num,
4046 la->meta_data.originating_change_time,
4047 la->meta_data.version,
4048 (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?false:true);
4049 if (ret != LDB_SUCCESS) {
4050 talloc_free(tmp_ctx);
4055 ret = replmd_add_backlink(module, schema, &la->identifier->guid, &guid,
4057 if (ret != LDB_SUCCESS) {
4058 talloc_free(tmp_ctx);
4064 /* we only change whenChanged and uSNChanged if the seq_num
4066 if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
4067 talloc_free(tmp_ctx);
4068 return ldb_operr(ldb);
4071 if (add_uint64_element(ldb, msg, "uSNChanged",
4072 seq_num) != LDB_SUCCESS) {
4073 talloc_free(tmp_ctx);
4074 return ldb_operr(ldb);
4077 old_el = ldb_msg_find_element(msg, attr->lDAPDisplayName);
4078 if (old_el == NULL) {
4079 talloc_free(tmp_ctx);
4080 return ldb_operr(ldb);
4083 ret = dsdb_check_single_valued_link(attr, old_el);
4084 if (ret != LDB_SUCCESS) {
4085 talloc_free(tmp_ctx);
4089 ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE | DSDB_MODIFY_RELAX);
4090 if (ret != LDB_SUCCESS) {
4091 ldb_debug(ldb, LDB_DEBUG_WARNING, "Failed to apply linked attribute change '%s'\n%s\n",
4093 ldb_ldif_message_string(ldb, tmp_ctx, LDB_CHANGETYPE_MODIFY, msg));
4094 talloc_free(tmp_ctx);
4098 talloc_free(tmp_ctx);
4103 static int replmd_extended(struct ldb_module *module, struct ldb_request *req)
4105 if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) {
4106 return replmd_extended_replicated_objects(module, req);
4109 return ldb_next_request(module, req);
4114 we hook into the transaction operations to allow us to
4115 perform the linked attribute updates at the end of the whole
4116 transaction. This allows a forward linked attribute to be created
4117 before the object is created. During a vampire, w2k8 sends us linked
4118 attributes before the objects they are part of.
4120 static int replmd_start_transaction(struct ldb_module *module)
4122 /* create our private structure for this transaction */
4123 struct replmd_private *replmd_private = talloc_get_type(ldb_module_get_private(module),
4124 struct replmd_private);
4125 replmd_txn_cleanup(replmd_private);
4127 /* free any leftover mod_usn records from cancelled
4129 while (replmd_private->ncs) {
4130 struct nc_entry *e = replmd_private->ncs;
4131 DLIST_REMOVE(replmd_private->ncs, e);
4135 return ldb_next_start_trans(module);
4139 on prepare commit we loop over our queued la_context structures and
4142 static int replmd_prepare_commit(struct ldb_module *module)
4144 struct replmd_private *replmd_private =
4145 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
4146 struct la_entry *la, *prev;
4147 struct la_backlink *bl;
4150 /* walk the list backwards, to do the first entry first, as we
4151 * added the entries with DLIST_ADD() which puts them at the
4152 * start of the list */
4153 for (la = DLIST_TAIL(replmd_private->la_list); la; la=prev) {
4154 prev = DLIST_PREV(la);
4155 DLIST_REMOVE(replmd_private->la_list, la);
4156 ret = replmd_process_linked_attribute(module, la);
4157 if (ret != LDB_SUCCESS) {
4158 replmd_txn_cleanup(replmd_private);
4163 /* process our backlink list, creating and deleting backlinks
4165 for (bl=replmd_private->la_backlinks; bl; bl=bl->next) {
4166 ret = replmd_process_backlink(module, bl);
4167 if (ret != LDB_SUCCESS) {
4168 replmd_txn_cleanup(replmd_private);
4173 replmd_txn_cleanup(replmd_private);
4175 /* possibly change @REPLCHANGED */
4176 ret = replmd_notify_store(module);
4177 if (ret != LDB_SUCCESS) {
4181 return ldb_next_prepare_commit(module);
4184 static int replmd_del_transaction(struct ldb_module *module)
4186 struct replmd_private *replmd_private =
4187 talloc_get_type(ldb_module_get_private(module), struct replmd_private);
4188 replmd_txn_cleanup(replmd_private);
4190 return ldb_next_del_trans(module);
4194 _PUBLIC_ const struct ldb_module_ops ldb_repl_meta_data_module_ops = {
4195 .name = "repl_meta_data",
4196 .init_context = replmd_init,
4198 .modify = replmd_modify,
4199 .rename = replmd_rename,
4200 .del = replmd_delete,
4201 .extended = replmd_extended,
4202 .start_transaction = replmd_start_transaction,
4203 .prepare_commit = replmd_prepare_commit,
4204 .del_transaction = replmd_del_transaction,
git.samba.org / metze / samba / wip.git / blob