/* drsuapi_DsRemoveDSServer */ static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct drsuapi_DsRemoveDSServer *r) { struct drsuapi_bind_state *b_state; struct dcesrv_handle *h; struct ldb_dn *ntds_dn; int ret; bool ok; WERROR status; *r->out.level_out = 1; status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER, NULL); if (!W_ERROR_IS_OK(status)) { return status; } DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h->data; switch (r->in.level) { case 1: ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn); W_ERROR_HAVE_NO_MEMORY(ntds_dn); ok = ldb_dn_validate(ntds_dn); if (!ok) { return WERR_FOOBAR; } /* TODO: it's likely that we need more checks here */ ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings"); if (!ok) { return WERR_FOOBAR; } if (r->in.req->req1.commit) { ret = dsdb_delete(b_state->sam_ctx, ntds_dn, DSDB_TREE_DELETE); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } } return WERR_OK; default: break; } return WERR_FOOBAR; }
/* check to see if any deleted objects need scavenging */ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) { struct kccsrv_partition *part; int ret; uint32_t tombstoneLifetime; bool do_fs = false; time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", "check_deleted_full_scan_interval", 86400); time_t t = time(NULL); if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", "check_deleted_interval", 600)) { return NT_STATUS_OK; } s->last_deleted_check = t; ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) { do_fs = true; s->last_full_scan_deleted_check = t; } if (s->last_full_scan_deleted_check == 0) { /* * If we never made a full scan set the last full scan event to be in the past * and that 9/10 of the full scan interval has already passed. * This is done to avoid the full scan to fire just at the begining of samba * or a couple of minutes after the start. * With this "setup" and default values of interval, the full scan will fire * 2.4 hours after the start of samba */ s->last_full_scan_deleted_check = t - ((9 * interval) / 10); } for (part=s->partitions; part; part=part->next) { struct ldb_dn *do_dn; struct ldb_result *res; const char *attrs[] = { "whenChanged", NULL }; unsigned int i; ret = dsdb_get_deleted_objects_dn(s->samdb, mem_ctx, part->dn, &do_dn); if (ret != LDB_SUCCESS) { /* some partitions have no Deleted Objects container */ continue; } if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, DSDB_SEARCH_SHOW_RECYCLED, NULL); } else { if (do_fs) { DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", ldb_dn_get_linearized(part->dn))); } ret = dsdb_search(s->samdb, part->dn, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); } if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", ldb_dn_get_linearized(do_dn))); talloc_free(do_dn); continue; } for (i=0; i<res->count; i++) { const char *tstring; time_t whenChanged = 0; if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { /* Skip the Deleted Object Container */ continue; } tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); if (tstring) { whenChanged = ldb_string_to_time(tstring); } if (t - whenChanged > tombstoneLifetime*60*60*24) { ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED); if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", ldb_dn_get_linearized(res->msgs[i]->dn))); } else { DEBUG(4,("Removed deleted object %s\n", ldb_dn_get_linearized(res->msgs[i]->dn))); } } } talloc_free(do_dn); } return NT_STATUS_OK; }