#include "dsdb/repl/drepl_service.h"
#include "param/param.h"
+struct repl_secret_state {
+ const char *user_dn;
+};
+
+/*
+ called when a repl secret has completed
+ */
+static void drepl_repl_secret_callback(struct dreplsrv_service *service,
+ WERROR werr,
+ enum drsuapi_DsExtendedError ext_err,
+ void *cb_data)
+{
+ struct repl_secret_state *state = talloc_get_type_abort(cb_data, struct repl_secret_state);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(3,(__location__ ": repl secret failed for user %s - %s: extended_ret[0x%X]\n",
+ state->user_dn, win_errstr(werr), ext_err));
+ } else {
+ DEBUG(3,(__location__ ": repl secret completed OK for '%s'\n", state->user_dn));
+ }
+ talloc_free(state);
+}
+
/**
* Called when the auth code wants us to try and replicate
void drepl_repl_secret(struct dreplsrv_service *service,
const char *user_dn)
{
- DEBUG(0,(__location__ ": got drepl_repl_secret with %s\n", user_dn));
+ WERROR werr;
+ struct ldb_dn *nc_dn, *nc_root, *source_dsa_dn;
+ struct dreplsrv_partition *p;
+ struct GUID *source_dsa_guid;
+ struct repl_secret_state *state;
+ int ret;
+
+ state = talloc_zero(service, struct repl_secret_state);
+ if (state == NULL) {
+ /* nothing to do, no return value */
+ return;
+ }
+
+ /* keep a copy for logging in the callback */
+ state->user_dn = talloc_strdup(state, user_dn);
+
+ nc_dn = ldb_dn_new(state, service->samdb, user_dn);
+ if (!ldb_dn_validate(nc_dn)) {
+ DEBUG(0,(__location__ ": Failed to parse user_dn '%s'\n", user_dn));
+ talloc_free(state);
+ return;
+ }
+
+ /* work out which partition this is in */
+ ret = dsdb_find_nc_root(service->samdb, state, nc_dn, &nc_root);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find nc_root for user_dn '%s'\n", user_dn));
+ talloc_free(state);
+ return;
+ }
+
+ /* find the partition in our list */
+ for (p=service->partitions; p; p=p->next) {
+ if (ldb_dn_compare(p->dn, nc_root) == 0) {
+ break;
+ }
+ }
+ if (p == NULL) {
+ DEBUG(0,(__location__ ": Failed to find partition for nc_root '%s'\n", ldb_dn_get_linearized(nc_root)));
+ talloc_free(state);
+ return;
+ }
+
+ if (p->sources == NULL) {
+ DEBUG(0,(__location__ ": No sources for nc_root '%s' for user_dn '%s'\n",
+ ldb_dn_get_linearized(nc_root), user_dn));
+ talloc_free(state);
+ return;
+ }
+
+ /* use the first source, for no particularly good reason */
+ source_dsa_guid = &p->sources->repsFrom1->source_dsa_obj_guid;
+
+ source_dsa_dn = ldb_dn_new(state, service->samdb,
+ talloc_asprintf(state, "<GUID=%s>",
+ GUID_string(state, source_dsa_guid)));
+ if (!ldb_dn_validate(source_dsa_dn)) {
+ DEBUG(0,(__location__ ": Invalid source DSA GUID '%s' for user_dn '%s'\n",
+ GUID_string(state, source_dsa_guid), user_dn));
+ talloc_free(state);
+ return;
+ }
+
+ werr = drepl_request_extended_op(service,
+ nc_dn,
+ source_dsa_dn,
+ DRSUAPI_EXOP_REPL_SECRET,
+ 0,
+ drepl_repl_secret_callback, state);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(2,(__location__ ": Failed to setup secret replication for user_dn '%s'\n", user_dn));
+ talloc_free(state);
+ return;
+ }
+ DEBUG(3,(__location__ ": started secret replication for %s\n", user_dn));
}
git.samba.org / metze / samba / wip.git / commitdiff