/*
drsuapi_DsRemoveDSServer
*/
static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsRemoveDSServer *r)
{
struct drsuapi_bind_state *b_state;
struct dcesrv_handle *h;
struct ldb_dn *ntds_dn;
int ret;
bool ok;
WERROR status;
*r->out.level_out = 1;
status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
}
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
switch (r->in.level) {
case 1:
ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn);
W_ERROR_HAVE_NO_MEMORY(ntds_dn);
ok = ldb_dn_validate(ntds_dn);
if (!ok) {
return WERR_FOOBAR;
}
/* TODO: it's likely that we need more checks here */
ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings");
if (!ok) {
return WERR_FOOBAR;
}
if (r->in.req->req1.commit) {
ret = dsdb_delete(b_state->sam_ctx, ntds_dn, DSDB_TREE_DELETE);
if (ret != LDB_SUCCESS) {
return WERR_FOOBAR;
}
}
return WERR_OK;
default:
break;
}
return WERR_FOOBAR;
}
/*
check to see if any deleted objects need scavenging
*/
NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
{
struct kccsrv_partition *part;
int ret;
uint32_t tombstoneLifetime;
bool do_fs = false;
time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv",
"check_deleted_full_scan_interval", 86400);
time_t t = time(NULL);
if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv",
"check_deleted_interval", 600)) {
return NT_STATUS_OK;
}
s->last_deleted_check = t;
ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime);
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) {
do_fs = true;
s->last_full_scan_deleted_check = t;
}
if (s->last_full_scan_deleted_check == 0) {
/*
* If we never made a full scan set the last full scan event to be in the past
* and that 9/10 of the full scan interval has already passed.
* This is done to avoid the full scan to fire just at the begining of samba
* or a couple of minutes after the start.
* With this "setup" and default values of interval, the full scan will fire
* 2.4 hours after the start of samba
*/
s->last_full_scan_deleted_check = t - ((9 * interval) / 10);
}
for (part=s->partitions; part; part=part->next) {
struct ldb_dn *do_dn;
struct ldb_result *res;
const char *attrs[] = { "whenChanged", NULL };
unsigned int i;
ret = dsdb_get_deleted_objects_dn(s->samdb, mem_ctx, part->dn, &do_dn);
if (ret != LDB_SUCCESS) {
/* some partitions have no Deleted Objects
container */
continue;
}
if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) {
ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs,
DSDB_SEARCH_SHOW_RECYCLED, NULL);
} else {
if (do_fs) {
DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n",
ldb_dn_get_linearized(part->dn)));
}
ret = dsdb_search(s->samdb, part->dn, &res, part->dn, LDB_SCOPE_SUBTREE, attrs,
DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)");
}
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n",
ldb_dn_get_linearized(do_dn)));
talloc_free(do_dn);
continue;
}
for (i=0; i<res->count; i++) {
const char *tstring;
time_t whenChanged = 0;
if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) {
/* Skip the Deleted Object Container */
continue;
}
tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL);
if (tstring) {
whenChanged = ldb_string_to_time(tstring);
}
if (t - whenChanged > tombstoneLifetime*60*60*24) {
ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_DELETED);
if (ret != LDB_SUCCESS) {
DEBUG(1,(__location__ ": Failed to remove deleted object %s\n",
ldb_dn_get_linearized(res->msgs[i]->dn)));
} else {
DEBUG(4,("Removed deleted object %s\n",
ldb_dn_get_linearized(res->msgs[i]->dn)));
}
}
}
talloc_free(do_dn);
}
return NT_STATUS_OK;
}
