svn commit: samba r19651 - in branches: SAMBA_3_0/source/libads
SAMBA_3_0/source/libsmb SAMBA_3_0/source/nsswitch
SAMBA_3_0/source/utils SAMBA_3_0_24/source/libads
SAMBA_3_0_24/source/libsmb SAMBA_3_0_24/source/nsswitch
SAMBA_3_0_24/source/utils
gd at samba.org
gd at samba.org
Fri Nov 10 12:42:52 GMT 2006
Author: gd
Date: 2006-11-10 12:42:50 +0000 (Fri, 10 Nov 2006)
New Revision: 19651
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19651
Log:
Fix interesting bug with the automatic site coverage in Active Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
Modified:
branches/SAMBA_3_0/source/libads/ldap.c
branches/SAMBA_3_0/source/libsmb/namequery_dc.c
branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
branches/SAMBA_3_0/source/utils/net_ads.c
branches/SAMBA_3_0_24/source/libads/ldap.c
branches/SAMBA_3_0_24/source/libsmb/namequery_dc.c
branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c
branches/SAMBA_3_0_24/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ldap.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0/source/libads/ldap.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -139,6 +139,30 @@
return False;
}
+/**********************************************
+ Is this the closest DC ?
+**********************************************/
+
+BOOL ads_closest_dc(ADS_STRUCT *ads)
+{
+ if (ads->config.flags & ADS_CLOSEST) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag set\n"));
+ return True;
+ }
+
+ /* not sure if this can ever happen */
+ if (ads_sitename_match(ads)) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag not set but sites match\n"));
+ return True;
+ }
+
+ DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
+ ads->config.ldap_server_name));
+
+ return False;
+}
+
+
/*
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
@@ -392,7 +416,7 @@
}
/* cache the successful connection for workgroup and realm */
- if (ads_sitename_match(ads)) {
+ if (ads_closest_dc(ads)) {
saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
}
Modified: branches/SAMBA_3_0/source/libsmb/namequery_dc.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/namequery_dc.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0/source/libsmb/namequery_dc.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -79,7 +79,7 @@
}
#ifdef HAVE_KRB5
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -822,7 +822,7 @@
DEBUG(10,("dcip_to_name: flags = 0x%x\n", (unsigned int)ads->config.flags));
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_ads.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -314,7 +314,7 @@
tried_closest_dc = True; /* avoid loop */
- if (!closest_dc || !site_matches) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
Modified: branches/SAMBA_3_0_24/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0_24/source/libads/ldap.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0_24/source/libads/ldap.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -139,6 +139,30 @@
return False;
}
+/**********************************************
+ Is this the closest DC ?
+**********************************************/
+
+BOOL ads_closest_dc(ADS_STRUCT *ads)
+{
+ if (ads->config.flags & ADS_CLOSEST) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag set\n"));
+ return True;
+ }
+
+ /* not sure if this can ever happen */
+ if (ads_sitename_match(ads)) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag not set but sites match\n"));
+ return True;
+ }
+
+ DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
+ ads->config.ldap_server_name));
+
+ return False;
+}
+
+
/*
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
@@ -388,7 +412,7 @@
}
/* cache the successful connection for workgroup and realm */
- if (ads_sitename_match(ads)) {
+ if (ads_closest_dc(ads)) {
saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
}
Modified: branches/SAMBA_3_0_24/source/libsmb/namequery_dc.c
===================================================================
--- branches/SAMBA_3_0_24/source/libsmb/namequery_dc.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0_24/source/libsmb/namequery_dc.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -79,7 +79,7 @@
}
#ifdef HAVE_KRB5
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -820,7 +820,7 @@
DEBUG(10,("dcip_to_name: flags = 0x%x\n", (unsigned int)ads->config.flags));
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
Modified: branches/SAMBA_3_0_24/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0_24/source/utils/net_ads.c 2006-11-10 02:44:38 UTC (rev 19650)
+++ branches/SAMBA_3_0_24/source/utils/net_ads.c 2006-11-10 12:42:50 UTC (rev 19651)
@@ -303,7 +303,7 @@
tried_closest_dc = True; /* avoid loop */
- if (!closest_dc || !site_matches) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
More information about the samba-cvs
mailing list