DWORD
VmDirSimpleEntryDeleteAttribute(
PCSTR pszDN,
PCSTR pszAttr
)
{
DWORD dwError = 0;
size_t dnlen = 0;
size_t attrlen = 0;
VDIR_OPERATION ldapOp = {0};
if (IsNullOrEmptyString(pszDN) || IsNullOrEmptyString(pszAttr))
{
BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
}
dwError = VmDirInitStackOperation(
&ldapOp,
VDIR_OPERATION_TYPE_INTERNAL,
LDAP_REQ_MODIFY,
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
dnlen = VmDirStringLenA(pszDN);
attrlen = VmDirStringLenA(pszAttr);
ldapOp.pBEIF = VmDirBackendSelect(NULL);
ldapOp.reqDn.lberbv_val = (PSTR)pszDN;
ldapOp.reqDn.lberbv_len = dnlen;
ldapOp.request.modifyReq.dn.lberbv_val = ldapOp.reqDn.lberbv_val;
ldapOp.request.modifyReq.dn.lberbv_len = ldapOp.reqDn.lberbv_len;
dwError = VmDirAppendAMod(
&ldapOp, MOD_OP_DELETE, pszAttr, attrlen, NULL, 0);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&ldapOp);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeOperationContent(&ldapOp);
return dwError;
error:
goto cleanup;
}
int
VmDirMLModify(
PVDIR_OPERATION pOperation
)
{
DWORD dwError = 0;
PSTR pszLocalErrMsg = NULL;
pOperation->pBECtx->pBE = VmDirBackendSelect(pOperation->request.modifyReq.dn.lberbv.bv_val);
assert(pOperation->pBECtx->pBE);
// AnonymousBind Or in case of a failed bind, do not grant modify access
if (pOperation->conn->bIsAnonymousBind || VmDirIsFailedAccessInfo(&pOperation->conn->AccessInfo))
{
dwError = LDAP_INSUFFICIENT_ACCESS;
BAIL_ON_VMDIR_ERROR_WITH_MSG(
dwError, pszLocalErrMsg,
"Not bind/authenticate yet");
}
if (!VmDirValidTxnState(pOperation->pBECtx, pOperation->reqCode))
{
dwError = LDAP_UNWILLING_TO_PERFORM;
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
"%s: invaid request for transaction state", __func__);
}
// Mod request sanity check
dwError = _VmDirExternalModsSanityCheck(pOperation, pOperation->request.modifyReq.mods);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(pOperation);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
return pOperation->ldapResult.errCode;
error:
VMDIR_SET_LDAP_RESULT_ERROR(&(pOperation->ldapResult), dwError, pszLocalErrMsg);
goto cleanup;
}
static
DWORD
VmDirSrvModifyPersistedDSERoot(
PVDIR_SCHEMA_CTX pSchemaCtx,
PSTR pszRootNamingContextDN,
PSTR pszConfigNamingContextDN,
PSTR pszSchemaNamingContextDN,
PSTR pszSubSchemaSubEntryDN,
PSTR pszServerDN,
PSTR pszDefaultAdminDN,
PSTR pszDCAccountDN,
PSTR pszDCAccountUPN,
PSTR pszDelObjsContainerDN,
PSTR pszSiteName
)
{
DWORD dwError = 0;
PSTR ppszPersistedDSERootAttrs[] =
{
ATTR_ROOT_DOMAIN_NAMING_CONTEXT, pszRootNamingContextDN,
ATTR_DEFAULT_NAMING_CONTEXT, pszRootNamingContextDN,
ATTR_CONFIG_NAMING_CONTEXT, pszConfigNamingContextDN,
ATTR_SCHEMA_NAMING_CONTEXT, pszSchemaNamingContextDN,
ATTR_SUB_SCHEMA_SUB_ENTRY, pszSubSchemaSubEntryDN,
ATTR_NAMING_CONTEXTS, pszRootNamingContextDN,
ATTR_NAMING_CONTEXTS, pszConfigNamingContextDN,
ATTR_NAMING_CONTEXTS, pszSchemaNamingContextDN,
ATTR_SERVER_NAME, pszServerDN,
ATTR_DEFAULT_ADMIN_DN, pszDefaultAdminDN,
ATTR_DC_ACCOUNT_DN, pszDCAccountDN,
ATTR_DC_ACCOUNT_UPN, pszDCAccountUPN,
ATTR_DEL_OBJS_CONTAINER, pszDelObjsContainerDN,
ATTR_SITE_NAME, pszSiteName,
NULL
};
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_BERVALUE bvDSERootDN = VDIR_BERVALUE_INIT;
int i = 0;
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: VmDirInitStackOperation failed with error code: %d.", dwError );
// Setup target DN
bvDSERootDN.lberbv.bv_val = PERSISTED_DSE_ROOT_DN;
bvDSERootDN.lberbv.bv_len = VmDirStringLenA( bvDSERootDN.lberbv.bv_val );
dwError = VmDirNormalizeDN( &bvDSERootDN, op.pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirBervalContentDup( &bvDSERootDN, &op.reqDn );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: BervalContentDup failed with error code: %d.", dwError );
op.pBEIF = VmDirBackendSelect(op.reqDn.lberbv.bv_val);
assert(op.pBEIF);
dwError = VmDirBervalContentDup( &op.reqDn, &op.request.modifyReq.dn );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: BervalContentDup failed with error code: %d.", dwError );
// Setup mods
for (i = 0; ppszPersistedDSERootAttrs[i] != NULL; i += 2 )
{
dwError = VmDirAppendAMod( &op, MOD_OP_REPLACE,
ppszPersistedDSERootAttrs[i],
(int) VmDirStringLenA(ppszPersistedDSERootAttrs[i]),
ppszPersistedDSERootAttrs[i + 1],
VmDirStringLenA(ppszPersistedDSERootAttrs[i + 1]) );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: VmDirAppendAMod failed with error code: %d.", dwError );
}
dwError = VmDirAppendAMod( &op, MOD_OP_DELETE, ATTR_INVOCATION_ID, ATTR_INVOCATION_ID_LEN,
gVmdirServerGlobals.invocationId.lberbv.bv_val,
gVmdirServerGlobals.invocationId.lberbv.bv_len );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: VmDirAppendAMod failed with error code: %d.", dwError );
// Modify
dwError = VmDirInternalModifyEntry( &op );
BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
"VmDirSrvModifyPersistedDSERoot: InternalModifyEntry failed. DN: %s, Error code: %d, Error string: %s",
op.reqDn.lberbv.bv_val, dwError, VDIR_SAFE_STRING( op.ldapResult.pszErrMsg ) );
cleanup:
VmDirFreeBervalContent(&bvDSERootDN);
VmDirFreeOperationContent(&op);
VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
return dwError;
error:
VmDirLog(LDAP_DEBUG_ANY, VDIR_SAFE_STRING(pszLocalErrMsg) );
goto cleanup;
}
/*
* Set vmwPasswordNeverExpires (if it doesn't have a value) to TRUE
* on the domain administrator's account.
*/
DWORD
VmDirSetAdministratorPasswordNeverExpires(
VOID
)
{
DWORD dwError = 0;
PCSTR pszDomainDn = NULL;
const CHAR szAdministrator[] = "cn=Administrator,cn=Users";
const CHAR szTrue[] = "TRUE";
PSTR pszAdministratorDn = NULL;
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PVDIR_ENTRY pEntry = NULL;
VDIR_BERVALUE bervBlob = VDIR_BERVALUE_INIT;
pszDomainDn = gVmdirServerGlobals.systemDomainDN.lberbv.bv_val;
if (pszDomainDn == NULL)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocateStringPrintf(&pszAdministratorDn, "%s,%s", szAdministrator, pszDomainDn);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSimpleEqualFilterInternalSearch(
pszDomainDn,
LDAP_SCOPE_SUBTREE,
ATTR_DN,
pszAdministratorDn,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize != 1)
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
pEntry = &(entryArray.pEntry[0]);
if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
{
dwError = VmDirEntryUnpack( pEntry );
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSetAdministratorPasswordNeverExpire: VmDirInitStackOperation failed: %u", dwError);
op.pBEIF = VmDirBackendSelect(NULL);
assert(op.pBEIF);
op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;
bervBlob.lberbv.bv_val = (PSTR) szTrue;
bervBlob.lberbv.bv_len = strlen(szTrue);
dwError = VmDirAppendAMod( &op,
MOD_OP_REPLACE,
ATTR_PASSWORD_NEVER_EXPIRES,
ATTR_PASSWORD_NEVER_EXPIRES_LEN,
bervBlob.lberbv_val,
bervBlob.lberbv_len);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&op);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeEntryArrayContent(&entryArray);
VmDirFreeOperationContent(&op);
VMDIR_SAFE_FREE_STRINGA(pszAdministratorDn);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSetAdministratorPasswordNeverExpires failed, (%u)", dwError);
goto cleanup;
}
/*
* Set SRP Identifier's secret on existing entry with Password set
*/
DWORD
VmDirSRPSetIdentityData(
PCSTR pszUPN,
PCSTR pszClearTextPassword
)
{
DWORD dwError = 0;
VDIR_OPERATION op = {0};
PSTR pszLocalErrMsg = NULL;
VDIR_ENTRY_ARRAY entryArray = {0};
PVDIR_ENTRY pEntry = NULL;
PVDIR_ATTRIBUTE pAttrSecret = NULL;
VDIR_BERVALUE bvUPN = VDIR_BERVALUE_INIT;
VDIR_BERVALUE bvClearTextPassword = VDIR_BERVALUE_INIT;
VDIR_BERVALUE bervSecretBlob = VDIR_BERVALUE_INIT;
if ( IsNullOrEmptyString(pszUPN) ||
IsNullOrEmptyString(pszClearTextPassword)
)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
bvUPN.lberbv_val = (PSTR)pszUPN;
bvUPN.lberbv_len = VmDirStringLenA(pszUPN);
bvClearTextPassword.lberbv_val = (PSTR)pszClearTextPassword;
bvClearTextPassword.lberbv_len = VmDirStringLenA(pszClearTextPassword);
dwError = VmDirSimpleEqualFilterInternalSearch(
"",
LDAP_SCOPE_SUBTREE,
ATTR_KRB_UPN,
pszUPN,
&entryArray);
BAIL_ON_VMDIR_ERROR(dwError);
if (entryArray.iSize == 1)
{
pAttrSecret = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_SRP_SECRET);
if (pAttrSecret)
{
dwError = VMDIR_ERROR_ENTRY_ALREADY_EXIST;
BAIL_ON_VMDIR_ERROR(dwError);
}
}
else
{
dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
BAIL_ON_VMDIR_ERROR(dwError);
}
pEntry = &(entryArray.pEntry[0]);
dwError = VdirPasswordCheck(&bvClearTextPassword, pEntry);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSRPCreateSecret(&bvUPN, &bvClearTextPassword, &bervSecretBlob);
BAIL_ON_VMDIR_ERROR(dwError);
if (pEntry->allocType == ENTRY_STORAGE_FORMAT_PACK)
{
dwError = VmDirEntryUnpack( pEntry );
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "VmDirSRPSetIdentityData: VmDirInitStackOperation failed: %u", dwError);
op.pBEIF = VmDirBackendSelect(NULL);
assert(op.pBEIF);
op.reqDn.lberbv.bv_val = pEntry->dn.lberbv.bv_val;
op.reqDn.lberbv.bv_len = pEntry->dn.lberbv.bv_len;
op.request.modifyReq.dn.lberbv = op.reqDn.lberbv;
dwError = VmDirAppendAMod( &op,
MOD_OP_ADD,
ATTR_SRP_SECRET,
ATTR_SRP_SECRET_LEN,
bervSecretBlob.lberbv_val,
bervSecretBlob.lberbv_len);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&op);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeBervalContent(&bervSecretBlob);
VmDirFreeEntryArrayContent(&entryArray);
VmDirFreeOperationContent(&op);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"VmDirSRPSetIdentityData (%s) failed, (%u)", VDIR_SAFE_STRING(pszUPN), dwError);
goto cleanup;
}
static
int
_VmDirSwapDB(
PCSTR dbHomeDir,
BOOLEAN bHasXlog)
{
int retVal = LDAP_SUCCESS;
char dbExistingName[VMDIR_MAX_FILE_NAME_LEN] = {0};
char dbNewName[VMDIR_MAX_FILE_NAME_LEN] = {0};
PSTR pszLocalErrorMsg = NULL;
int errorCode = 0;
BOOLEAN bLegacyDataLoaded = FALSE;
PVDIR_BACKEND_INTERFACE pBE = NULL;
#ifndef _WIN32
const char fileSeperator = '/';
#else
const char fileSeperator = '\\';
#endif
// Shutdown backend
pBE = VmDirBackendSelect(NULL);
assert(pBE);
VmDirdStateSet(VMDIRD_STATE_SHUTDOWN);
VmDirIndexLibShutdown();
VmDirSchemaLibShutdown();
pBE->pfnBEShutdown();
VmDirBackendContentFree(pBE);
// move .mdb files
retVal = VmDirStringPrintFA( dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s%c%s", dbHomeDir, fileSeperator,
LOCAL_PARTNER_DIR, fileSeperator, VMDIR_MDB_DATA_FILE_NAME);
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
retVal = VmDirStringPrintFA( dbNewName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", dbHomeDir, fileSeperator,
VMDIR_MDB_DATA_FILE_NAME );
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
#ifdef WIN32
if (MoveFileEx(dbExistingName, dbNewName, MOVEFILE_COPY_ALLOWED|MOVEFILE_REPLACE_EXISTING) == 0)
{
retVal = LDAP_OPERATIONS_ERROR;
errorCode = GetLastError();
#else
if (rename(dbExistingName, dbNewName) != 0)
{
retVal = LDAP_OPERATIONS_ERROR;
errorCode = errno;
#endif
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: rename file from %s to %s failed, errno %d", dbExistingName, dbNewName, errorCode );
}
retVal = VmDirStringPrintFA(dbNewName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s%c%s", dbHomeDir, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
if (bHasXlog)
{
//move xlog directory
retVal = VmDirStringPrintFA(dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s%c%s", dbHomeDir, fileSeperator,
LOCAL_PARTNER_DIR, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
#ifdef WIN32
if (MoveFileEx(dbExistingName, dbNewName, MOVEFILE_COPY_ALLOWED|MOVEFILE_REPLACE_EXISTING) == 0)
{
retVal = LDAP_OPERATIONS_ERROR;
errorCode = GetLastError();
#else
if (rmdir(dbNewName) != 0)
{
retVal = LDAP_OPERATIONS_ERROR;
errorCode = errno;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot remove directory %s, errno %d",
dbNewName, errorCode);
}
if (rename(dbExistingName, dbNewName) != 0)
{
retVal = LDAP_OPERATIONS_ERROR;
errorCode = errno;
#endif
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot move directory from %s to %s, errno %d",
dbNewName, dbExistingName, errorCode);
}
}
retVal = VmDirStringPrintFA(dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", dbHomeDir, fileSeperator, LOCAL_PARTNER_DIR);
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
"_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
#ifdef WIN32
if (RemoveDirectory(dbExistingName)==0)
{
errorCode = GetLastError();
#else
if (rmdir(dbExistingName))
{
errorCode = errno;
#endif
VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL, "cannot remove directory %s errno %d", dbExistingName, errorCode);
}
VmDirdStateSet(VMDIRD_STATE_STARTUP);
retVal = VmDirInitBackend(&bLegacyDataLoaded);
BAIL_ON_VMDIR_ERROR(retVal);
if (bLegacyDataLoaded)
{
retVal = VmDirPatchLocalSubSchemaSubEntry();
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrorMsg,
"_VmDirSwapDB: failed to patch subschema subentry: %d", retVal );
retVal = VmDirWriteSchemaObjects();
BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrorMsg,
"_VmDirSwapDB: failed to create schema tree: %d", retVal );
}
VmDirdStateSet(VMDIRD_STATE_NORMAL);
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
return retVal;
error:
retVal = LDAP_OPERATIONS_ERROR;
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s", VDIR_SAFE_STRING(pszLocalErrorMsg) );
goto cleanup;
}
static
int
_VmDirWrapUpFirstReplicationCycle(
PCSTR pszHostname,
VMDIR_REPLICATION_AGREEMENT * pReplAgr)
{
int retVal = LDAP_SUCCESS;
PVDIR_ENTRY pPartnerServerEntry = NULL;
PVDIR_ATTRIBUTE pAttrUpToDateVector = NULL;
PVDIR_ATTRIBUTE pAttrInvocationId = NULL;
USN localUsn = 0;
USN partnerLocalUsn = 0;
char partnerlocalUsnStr[VMDIR_MAX_USN_STR_LEN];
VDIR_BACKEND_CTX beCtx = {0};
struct berval syncDoneCtrlVal = {0};
PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
VDIR_OPERATION searchOp = {0};
PVDIR_FILTER pSearchFilter = NULL;
PSTR pszSeparator = NULL;
retVal = VmDirSchemaCtxAcquire(&pSchemaCtx);
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirInitStackOperation( &searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, pSchemaCtx );
BAIL_ON_VMDIR_ERROR(retVal);
searchOp.pBEIF = VmDirBackendSelect(NULL);
assert(searchOp.pBEIF);
searchOp.reqDn.lberbv.bv_val = "";
searchOp.reqDn.lberbv.bv_len = 0;
searchOp.request.searchReq.scope = LDAP_SCOPE_SUBTREE;
retVal = VmDirConcatTwoFilters(searchOp.pSchemaCtx, ATTR_CN, (PSTR) pszHostname, ATTR_OBJECT_CLASS, OC_DIR_SERVER,
&pSearchFilter);
BAIL_ON_VMDIR_ERROR(retVal);
searchOp.request.searchReq.filter = pSearchFilter;
retVal = VmDirInternalSearch(&searchOp);
BAIL_ON_VMDIR_ERROR(retVal);
if (searchOp.internalSearchEntryArray.iSize != 1)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"_VmDirWrapUpFirstReplicationCycle: Unexpected (not 1) number of partner server entries found (%d)",
searchOp.internalSearchEntryArray.iSize );
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR(retVal);
}
pPartnerServerEntry = searchOp.internalSearchEntryArray.pEntry;
pAttrUpToDateVector = VmDirEntryFindAttribute( ATTR_UP_TO_DATE_VECTOR, pPartnerServerEntry );
pAttrInvocationId = VmDirEntryFindAttribute( ATTR_INVOCATION_ID, pPartnerServerEntry );
assert( pAttrInvocationId != NULL );
beCtx.pBE = VmDirBackendSelect(NULL);
assert(beCtx.pBE);
if ((retVal = beCtx.pBE->pfnBEGetNextUSN( &beCtx, &localUsn )) != 0)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirWrapUpFirstReplicationCycle: pfnBEGetNextUSN failed with error code: %d, "
"error message: %s", retVal, VDIR_SAFE_STRING(beCtx.pszBEErrorMsg) );
BAIL_ON_VMDIR_ERROR( retVal );
}
retVal = _VmGetHighestCommittedUSN(localUsn, &partnerLocalUsn);
BAIL_ON_VMDIR_ERROR( retVal );
VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirWrapUpFirstReplicationCycle: partnerLocalUsn %llu locaUsn %llu", partnerLocalUsn, localUsn);
if ((retVal = VmDirStringNPrintFA( partnerlocalUsnStr, sizeof(partnerlocalUsnStr), sizeof(partnerlocalUsnStr) - 1,
"%" PRId64, partnerLocalUsn)) != 0)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirWrapUpFirstReplicationCycle: VmDirStringNPrintFA failed with error code: %d",
retVal );
BAIL_ON_VMDIR_ERROR( retVal );
}
if (pAttrUpToDateVector)
{
if (VmDirStringEndsWith( pAttrUpToDateVector->vals[0].lberbv.bv_val, ",", FALSE))
{
pszSeparator = "";
}
else
{
pszSeparator = ",";
}
// <partnerLocalUSN>,<partner up-to-date vector>,<partner server GUID>:<partnerLocalUSN>,
retVal = VmDirAllocateStringPrintf( &(syncDoneCtrlVal.bv_val), "%s,%s%s%s:%s,",
partnerlocalUsnStr,
pAttrUpToDateVector->vals[0].lberbv.bv_val,
pszSeparator,
pAttrInvocationId->vals[0].lberbv.bv_val,
partnerlocalUsnStr);
BAIL_ON_VMDIR_ERROR(retVal);
}
else
{
// <partnerLocalUSN>,<partner server GUID>:<partnerLocalUSN>,
retVal = VmDirAllocateStringPrintf( &(syncDoneCtrlVal.bv_val), "%s,%s:%s,",
partnerlocalUsnStr,
pAttrInvocationId->vals[0].lberbv.bv_val,
partnerlocalUsnStr);
BAIL_ON_VMDIR_ERROR(retVal);
}
VmDirSetACLMode();
syncDoneCtrlVal.bv_len = VmDirStringLenA(syncDoneCtrlVal.bv_val);
if ((retVal = VmDirReplUpdateCookies( pSchemaCtx, &(syncDoneCtrlVal), pReplAgr )) != LDAP_SUCCESS)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: UpdateCookies failed. Error: %d", retVal );
BAIL_ON_VMDIR_ERROR( retVal );
}
if ((retVal = _VmDirPatchDSERoot(pSchemaCtx)) != LDAP_SUCCESS)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: _VmDirPatchDSERoot failed. Error: %d", retVal );
BAIL_ON_VMDIR_ERROR( retVal );
}
cleanup:
VmDirFreeOperationContent(&searchOp);
VmDirBackendCtxContentFree(&beCtx);
VMDIR_SAFE_FREE_MEMORY(syncDoneCtrlVal.bv_val);
VmDirSchemaCtxRelease(pSchemaCtx);
return retVal;
error:
retVal = LDAP_OPERATIONS_ERROR;
goto cleanup;
}
#ifndef VDIR_PSC_VERSION
#define VDIR_PSC_VERSION "6.7.0"
#endif
static
int
_VmDirPatchDSERoot(
PVDIR_SCHEMA_CTX pSchemaCtx)
{
int retVal = LDAP_SUCCESS;
VDIR_OPERATION op = {0};
VDIR_BERVALUE bvDSERootDN = VDIR_BERVALUE_INIT;
VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "_VmDirPatchDSERoot: Begin" );
bvDSERootDN.lberbv.bv_val = PERSISTED_DSE_ROOT_DN;
bvDSERootDN.lberbv.bv_len = VmDirStringLenA( bvDSERootDN.lberbv.bv_val );
retVal = VmDirInitStackOperation( &op,
VDIR_OPERATION_TYPE_INTERNAL,
LDAP_REQ_MODIFY,
pSchemaCtx );
BAIL_ON_VMDIR_ERROR(retVal);
retVal = VmDirNormalizeDN( &bvDSERootDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(retVal);
retVal = VmDirBervalContentDup( &bvDSERootDN, &op.reqDn );
BAIL_ON_VMDIR_ERROR(retVal);
op.pBEIF = VmDirBackendSelect(op.reqDn.lberbv.bv_val);
assert(op.pBEIF);
if (VmDirBervalContentDup( &op.reqDn, &op.request.modifyReq.dn ) != 0)
{
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirPatchDSERoot: BervalContentDup failed." );
BAIL_ON_VMDIR_ERROR( retVal );
}
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_DC_ACCOUNT_UPN, ATTR_DC_ACCOUNT_UPN_LEN,
gVmdirServerGlobals.dcAccountUPN.lberbv.bv_val,
gVmdirServerGlobals.dcAccountUPN.lberbv.bv_len );
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_DC_ACCOUNT_DN, ATTR_DC_ACCOUNT_DN_LEN,
gVmdirServerGlobals.dcAccountDN.lberbv.bv_val,
gVmdirServerGlobals.dcAccountDN.lberbv.bv_len );
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_SERVER_NAME, ATTR_SERVER_NAME_LEN,
gVmdirServerGlobals.serverObjDN.lberbv.bv_val,
gVmdirServerGlobals.serverObjDN.lberbv.bv_len );
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_SITE_NAME, ATTR_SITE_NAME_LEN,
gVmdirServerGlobals.pszSiteName,
VmDirStringLenA(gVmdirServerGlobals.pszSiteName) );
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_PSC_VERSION, ATTR_PSC_VERSION_LEN,
VDIR_PSC_VERSION,
VmDirStringLenA(VDIR_PSC_VERSION) );
BAIL_ON_VMDIR_ERROR( retVal );
retVal = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_MAX_DOMAIN_FUNCTIONAL_LEVEL,
ATTR_MAX_DOMAIN_FUNCTIONAL_LEVEL_LEN,
VMDIR_MAX_DFL_STRING,
VmDirStringLenA(VMDIR_MAX_DFL_STRING) );
BAIL_ON_VMDIR_ERROR( retVal );
if ((retVal = VmDirInternalModifyEntry( &op )) != 0)
{
// If VmDirInternall call failed, reset retVal to LDAP level error space (for B/C)
retVal = op.ldapResult.errCode;
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirPatchDSERoot: InternalModifyEntry failed. "
"Error code: %d, Error string: %s", retVal, VDIR_SAFE_STRING( op.ldapResult.pszErrMsg ) );
BAIL_ON_VMDIR_ERROR( retVal );
}
cleanup:
VmDirFreeOperationContent(&op);
VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "_VmDirPatchDSERoot: End" );
return retVal;
error:
retVal = LDAP_OPERATIONS_ERROR;
goto cleanup;
}
DWORD
VmDirCopyPartnerSchema(
PCSTR pszFQDomainName,
PCSTR pszUsername,
PCSTR pszPassword,
PCSTR pszReplURI
)
{
DWORD dwError = 0;
LDAP *pLd = NULL;
LDAPMessage *pResult = NULL;
LDAPMessage *pEntry = NULL;
VDIR_OPERATION ldapOp = {0};
BOOLEAN bHasTxn = FALSE;
DWORD dwDeadlockRetry = 0;
dwError = _OpenLdapConnection(
pszFQDomainName,
pszUsername,
pszPassword,
pszReplURI,
&pLd);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _GetSchemaEntryFromPartner(pLd, &pResult, &pEntry);
BAIL_ON_VMDIR_ERROR(dwError);
txnretry:
if (bHasTxn)
{
ldapOp.pBEIF->pfnBETxnAbort(ldapOp.pBECtx);
bHasTxn = FALSE;
}
if (dwDeadlockRetry++ > MAX_DEADLOCK_RETRIES)
{
dwError = LDAP_LOCK_DEADLOCK;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = _CreateCopyOperation(pEntry, &ldapOp);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = ldapOp.pBEIF->pfnBETxnBegin(ldapOp.pBECtx, VDIR_BACKEND_TXN_WRITE);
BAIL_ON_VMDIR_ERROR(dwError);
bHasTxn = TRUE;
dwError = _PopulateOperationModAttributes(pLd, pEntry, &ldapOp);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirInternalModifyEntry(&ldapOp) ? ldapOp.ldapResult.errCode : 0;
if (dwError == LDAP_LOCK_DEADLOCK)
{
VmDirFreeOperationContent(&ldapOp);
goto txnretry;
}
else if (dwError && ldapOp.ldapResult.vmdirErrCode)
{
dwError = ldapOp.ldapResult.vmdirErrCode;
}
BAIL_ON_VMDIR_ERROR(dwError);
dwError = ldapOp.pBEIF->pfnBETxnCommit(ldapOp.pBECtx);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
if (pLd)
{
ldap_unbind_ext_s(pLd,NULL,NULL);
}
if (pResult)
{
ldap_msgfree(pResult);
}
VmDirFreeOperationContent(&ldapOp);
return dwError;
error:
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"%s,%d failed, error(%d)", __FUNCTION__, __LINE__, dwError );
if (bHasTxn)
{
ldapOp.pBEIF->pfnBETxnAbort(ldapOp.pBECtx);
}
goto cleanup;
}
/*
* Convenient function to replace ONE single value attribute via InternalModifyEntry
* *****************************************************************************
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
* You should NOT call this function while in a backend txn/ctx.
* *****************************************************************************
* This may not be easy to determine as we could call this in different places, which
* may be nested in external and internal OPERATION.
* A better approach is to pass in pOperation and use the same beCtx if exists.
* However, this could also cause logic error, e.g. you could lost track if entry/data
* has already been changed by beCtx and reread them.
* *****************************************************************************
*/
DWORD
VmDirInternalEntryAttributeReplace(
PVDIR_SCHEMA_CTX pSchemaCtx,
PCSTR pszNormDN,
PCSTR pszAttrName,
PVDIR_BERVALUE pBervAttrValue
)
{
DWORD dwError = 0;
VDIR_OPERATION ldapOp = {0};
PVDIR_MODIFICATION pMod = NULL;
if (!pszNormDN || !pszAttrName || !pBervAttrValue)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirInitStackOperation(
&ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
ldapOp.pBEIF = VmDirBackendSelect(pszNormDN);
assert(ldapOp.pBEIF);
ldapOp.reqDn.lberbv.bv_val = (PSTR)pszNormDN;
ldapOp.reqDn.lberbv.bv_len = VmDirStringLenA(pszNormDN);
dwError = VmDirAllocateMemory(sizeof(*pMod)*1, (PVOID)&pMod);
BAIL_ON_VMDIR_ERROR(dwError);
pMod->next = NULL;
pMod->operation = MOD_OP_REPLACE;
dwError = VmDirModAddSingleValueAttribute(
pMod,
ldapOp.pSchemaCtx,
pszAttrName,
pBervAttrValue->lberbv.bv_val,
pBervAttrValue->lberbv.bv_len);
BAIL_ON_VMDIR_ERROR(dwError);
ldapOp.request.modifyReq.dn.lberbv.bv_val = (PSTR)pszNormDN;
ldapOp.request.modifyReq.dn.lberbv.bv_len = VmDirStringLenA(pszNormDN);
ldapOp.request.modifyReq.mods = pMod;
pMod = NULL;
ldapOp.request.modifyReq.numMods = 1;
dwError = VmDirInternalModifyEntry(&ldapOp);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VmDirFreeOperationContent(&ldapOp);
if (pMod)
{
VmDirModificationFree(pMod);
}
return dwError;
error:
goto cleanup;
}