[SCM] Samba Shared Repository - branch master updated - 1b7b0e924f3064a9774fd5d46bedc3d342b39ddb

Stefan Metzmacher metze at samba.org
Sat Dec 13 10:53:08 GMT 2008


The branch, master has been updated
       via  1b7b0e924f3064a9774fd5d46bedc3d342b39ddb (commit)
       via  2bb91392b46e347fe3b6803d10b10d8b40e4a4a6 (commit)
       via  6a993cb333675f4079d439fa334edee2df604933 (commit)
       via  17efebde11eafd065c2cac39cdbe55b8d40d40be (commit)
       via  a8040d59659e58c5cb92c1107a7ff012eff12729 (commit)
       via  2f27ffc4a2ba745341a5961b8f04e62da3fb089a (commit)
       via  895c40d03a07182c054a6fd857e7dd6838e698f4 (commit)
       via  0c43f96330f2935805ba4f0f8f858a027a90bc4c (commit)
       via  7f779450cb0b0d9f36665c56c4acd0950daaeab2 (commit)
       via  588f5aae669910fee6da7f807f330163496b4170 (commit)
      from  627c844a13caf869ae3c68ec780a8eded7cb181d (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1b7b0e924f3064a9774fd5d46bedc3d342b39ddb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 21 08:28:13 2008 +0100

    s3:dsgetdcname: retry with the clients site
    
    metze

commit 2bb91392b46e347fe3b6803d10b10d8b40e4a4a6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 21 08:22:38 2008 +0100

    s3:libnet_join: use DS_FORCE_REDISCOVERY
    
    metze

commit 6a993cb333675f4079d439fa334edee2df604933
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 19:40:23 2008 +0100

    s3:libnet_join: call saf_join_store() after a the join.
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)

commit 17efebde11eafd065c2cac39cdbe55b8d40d40be
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 19:39:30 2008 +0100

    s3:libads/ldap.c: store the dc name in the saf cache as in all other places
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)

commit a8040d59659e58c5cb92c1107a7ff012eff12729
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 19:38:15 2008 +0100

    s3:libads/ldap.c: if the client belongs to no site at all any dc is the closest
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)

commit 2f27ffc4a2ba745341a5961b8f04e62da3fb089a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 19:36:25 2008 +0100

    s3:libads/ldap.c: pass the real workgroup name to get_dc_name()
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)

commit 895c40d03a07182c054a6fd857e7dd6838e698f4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 19:31:30 2008 +0100

    s3:libsmb/namequery.c: add saf_join_store() function
    
    saf_join_store() should be called after a successful
    domain join, the affinity to the dc used at join time
    has a larger ttl, to avoid problems with delayed replication.
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit 80e74a27c55c01221091e3eec930c2ac4433c22c)

commit 0c43f96330f2935805ba4f0f8f858a027a90bc4c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 27 09:40:25 2008 +0100

    s3: libsmb/namequery: fallback to returning all dcs, when none is available in the requested site
    
    It could happen that all dcs in a site are unavailable
    (some sites have only one dc) and then we need to fallback
    to get all dcs.
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit c127367b1dd622eeceb1f47de0a047c297dda222)

commit 7f779450cb0b0d9f36665c56c4acd0950daaeab2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 22 11:14:10 2008 +0200

    s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case
    
    We use get_dc_name() for LDAP because it generates the selfwritten
    krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
    
    For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)

commit 588f5aae669910fee6da7f807f330163496b4170
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 22 10:36:21 2008 +0200

    s3: correctly detect if the current dc is the closest one
    
    ads->config.tried_closest_dc was never set.
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Günther Deschner <gd at samba.org>
    (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)

-----------------------------------------------------------------------

Summary of changes:
 source3/include/ads.h        |    1 -
 source3/include/proto.h      |    1 +
 source3/libads/ldap.c        |   45 ++++++++++++++++++++++--
 source3/libads/ndr.c         |    1 -
 source3/libnet/libnet_join.c |    6 +++-
 source3/libsmb/dsgetdcname.c |   49 +++++++++++++++++++++++---
 source3/libsmb/namequery.c   |   77 ++++++++++++++++++++++++++++++++++++++++--
 source3/utils/net_ads.c      |    2 +-
 8 files changed, 165 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/ads.h b/source3/include/ads.h
index b72d250..abff9ea 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -80,7 +80,6 @@ typedef struct ads_struct {
 		char *server_site_name;
 		char *client_site_name;
 		time_t current_time;
-		int tried_closest_dc;
 		char *schema_path;
 		char *config_path;
 	} config;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 09ebaa7..69194ec 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2984,6 +2984,7 @@ bool namecache_status_fetch(const char *keyname,
 /* The following definitions come from libsmb/namequery.c  */
 
 bool saf_store( const char *domain, const char *servername );
+bool saf_join_store( const char *domain, const char *servername );
 bool saf_delete( const char *domain );
 char *saf_fetch( const char *domain );
 NODE_STATUS_STRUCT *node_status_query(int fd,
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 932e42e..cf8a7eb 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -162,6 +162,11 @@ bool ads_closest_dc(ADS_STRUCT *ads)
 		return True;
 	}
 
+	if (ads->config.client_site_name == NULL) {
+		DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+		return True;
+	}
+
 	DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", 
 		ads->config.ldap_server_name));
 
@@ -267,10 +272,12 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
 
 static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 {
+	const char *c_domain;
 	const char *c_realm;
 	int count, i=0;
 	struct ip_service *ip_list;
 	const char *realm;
+	const char *domain;
 	bool got_realm = False;
 	bool use_own_domain = False;
 	char *sitename;
@@ -308,13 +315,44 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 		return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
 	}
 
+	if ( use_own_domain ) {
+		c_domain = lp_workgroup();
+	} else {
+		c_domain = ads->server.workgroup;
+	}
+
 	realm = c_realm;
+	domain = c_domain;
+
+	/*
+	 * In case of LDAP we use get_dc_name() as that
+	 * creates the custom krb5.conf file
+	 */
+	if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+		fstring srv_name;
+		struct sockaddr_storage ip_out;
+
+		DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+			(got_realm ? "realm" : "domain"), realm));
+
+		if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+			/*
+			 * we call ads_try_connect() to fill in the
+			 * ads->config details
+			 */
+			if (ads_try_connect(ads, srv_name, false)) {
+				return NT_STATUS_OK;
+			}
+		}
+
+		return NT_STATUS_NO_LOGON_SERVERS;
+	}
 
 	sitename = sitename_fetch(realm);
 
  again:
 
-	DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
+	DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n",
 		(got_realm ? "realm" : "domain"), realm));
 
 	status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm);
@@ -613,9 +651,8 @@ got_connection:
 
 	/* cache the successful connection for workgroup and realm */
 	if (ads_closest_dc(ads)) {
-		print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
-		saf_store( ads->server.workgroup, addr);
-		saf_store( ads->server.realm, addr);
+		saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+		saf_store( ads->server.realm, ads->config.ldap_server_name);
 	}
 
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
index 6324a22..6ada66c 100644
--- a/source3/libads/ndr.c
+++ b/source3/libads/ndr.c
@@ -75,7 +75,6 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct
 	ndr_print_string(ndr, "server_site_name", r->config.server_site_name);
 	ndr_print_string(ndr, "client_site_name", r->config.client_site_name);
 	ndr_print_time_t(ndr, "current_time", r->config.current_time);
-	ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc);
 	ndr_print_string(ndr, "schema_path", r->config.schema_path);
 	ndr_print_string(ndr, "config_path", r->config.config_path);
 	ndr->depth--;
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 908fb78..691f6ff 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1521,7 +1521,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx,
 		return WERR_OK;
 	}
 
-	saf_store(r->in.domain_name, r->in.dc_name);
+	saf_join_store(r->out.netbios_domain_name, r->in.dc_name);
+	if (r->out.dns_domain_name) {
+		saf_join_store(r->out.dns_domain_name, r->in.dc_name);
+	}
 
 #ifdef WITH_ADS
 	if (r->out.domain_is_ad) {
@@ -1752,6 +1755,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 				     r->in.domain_name,
 				     NULL,
 				     NULL,
+				     DS_FORCE_REDISCOVERY |
 				     DS_DIRECTORY_SERVICE_REQUIRED |
 				     DS_WRITABLE_REQUIRED |
 				     DS_RETURN_DNS_NAME,
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index d8c2b70..3491544 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -1119,6 +1119,27 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
 				  num_dcs, info);
 }
 
+static bool is_closest_site(struct netr_DsRGetDCNameInfo *info)
+{
+	if (info->dc_flags & DS_SERVER_CLOSEST) {
+		return true;
+	}
+
+	if (!info->client_site_name) {
+		return true;
+	}
+
+	if (!info->dc_site_name) {
+		return false;
+	}
+
+	if (strcmp(info->client_site_name, info->dc_site_name) == 0) {
+		return true;
+	}
+
+	return false;
+}
+
 /********************************************************************
  dsgetdcname.
 
@@ -1136,6 +1157,8 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
 	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
 	struct netr_DsRGetDCNameInfo *myinfo = NULL;
 	char *query_site = NULL;
+	bool first = true;
+	struct netr_DsRGetDCNameInfo *first_info = NULL;
 
 	DEBUG(10,("dsgetdcname: domain_name: %s, "
 		  "domain_guid: %s, site_name: %s, flags: 0x%08x\n",
@@ -1163,7 +1186,6 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
 	status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid,
 				    flags, query_site, &myinfo);
 	if (NT_STATUS_IS_OK(status)) {
-		*info = myinfo;
 		goto done;
 	}
 
@@ -1176,12 +1198,27 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
 					domain_guid, flags, query_site,
 					&myinfo);
 
- 	if (NT_STATUS_IS_OK(status)) {
-		*info = myinfo;
-	}
-
  done:
 	SAFE_FREE(query_site);
 
-	return status;
+	if (!NT_STATUS_IS_OK(status)) {
+		if (!first) {
+			*info = first_info;
+			return NT_STATUS_OK;
+		}
+		return status;
+	}
+
+	if (!first) {
+		TALLOC_FREE(first_info);
+	} else if (!is_closest_site(myinfo)) {
+		first = false;
+		first_info = myinfo;
+		/* TODO: may use the next_closest_site here */
+		query_site = SMB_STRDUP(myinfo->client_site_name);
+		goto rediscover;
+	}
+
+	*info = myinfo;
+	return NT_STATUS_OK;
 }
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index bcf849b..0567957 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -34,6 +34,8 @@ bool global_in_nmbd = False;
 ****************************************************************************/
 #define SAFKEY_FMT	"SAF/DOMAIN/%s"
 #define SAF_TTL		900
+#define SAFJOINKEY_FMT	"SAFJOIN/DOMAIN/%s"
+#define SAFJOIN_TTL	3600
 
 static char *saf_key(const char *domain)
 {
@@ -44,6 +46,15 @@ static char *saf_key(const char *domain)
 	return keystr;
 }
 
+static char *saf_join_key(const char *domain)
+{
+	char *keystr;
+
+	asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
+
+	return keystr;
+}
+
 /****************************************************************************
 ****************************************************************************/
 
@@ -69,7 +80,7 @@ bool saf_store( const char *domain, const char *servername )
 		return False;
 
 	key = saf_key( domain );
-	expire = time( NULL ) + SAF_TTL;
+	expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
 
 	DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
 		domain, servername, (unsigned int)expire ));
@@ -81,6 +92,38 @@ bool saf_store( const char *domain, const char *servername )
 	return ret;
 }
 
+bool saf_join_store( const char *domain, const char *servername )
+{
+	char *key;
+	time_t expire;
+	bool ret = False;
+
+	if ( !domain || !servername ) {
+		DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
+		return False;
+	}
+
+	if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+		DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
+		return False;
+	}
+
+	if ( !gencache_init() )
+		return False;
+
+	key = saf_join_key( domain );
+	expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
+
+	DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
+		domain, servername, (unsigned int)expire ));
+
+	ret = gencache_set( key, servername, expire );
+
+	SAFE_FREE( key );
+
+	return ret;
+}
+
 bool saf_delete( const char *domain )
 {
 	char *key;
@@ -94,15 +137,22 @@ bool saf_delete( const char *domain )
 	if ( !gencache_init() )
 		return False;
 
+	key = saf_join_key(domain);
+	ret = gencache_del(key);
+	SAFE_FREE(key);
+
+	if (ret) {
+		DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
+	}
+
 	key = saf_key(domain);
 	ret = gencache_del(key);
+	SAFE_FREE(key);
 
 	if (ret) {
 		DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
 	}
 
-	SAFE_FREE( key );
-
 	return ret;
 }
 
@@ -124,6 +174,18 @@ char *saf_fetch( const char *domain )
 	if ( !gencache_init() )
 		return False;
 
+	key = saf_join_key( domain );
+
+	ret = gencache_get( key, &server, &timeout );
+
+	SAFE_FREE( key );
+
+	if ( ret ) {
+		DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
+			server, domain ));
+		return server;
+	}
+
 	key = saf_key( domain );
 
 	ret = gencache_get( key, &server, &timeout );
@@ -2098,6 +2160,15 @@ NTSTATUS get_sorted_dc_list( const char *domain,
 
 	status = get_dc_list(domain, sitename, ip_list,
 			count, lookup_type, &ordered);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
+	    && sitename) {
+		DEBUG(3,("get_sorted_dc_list: no server for name %s available"
+			 " in site %s, fallback to all servers\n",
+			 domain, sitename));
+		status = get_dc_list(domain, NULL, ip_list,
+				     count, lookup_type, &ordered);
+	}
+
 	if (!NT_STATUS_IS_OK(status)) {
 		SAFE_FREE(*ip_list);
 		*count = 0;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index b03fefe..27d5346 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -293,7 +293,7 @@ retry:
 
 		tried_closest_dc = true; /* avoid loop */
 
-		if (!ads->config.tried_closest_dc) {
+		if (!ads_closest_dc(ads)) {
 
 			namecache_delete(ads->server.realm, 0x1C);
 			namecache_delete(ads->server.workgroup, 0x1C);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list