[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3275-g3d2fe30
Stefan Metzmacher
metze at samba.org
Sat Dec 13 17:46:55 GMT 2008
The branch, v3-2-test has been updated
via 3d2fe303830c0c1e425f6279a1625a56a27abd07 (commit)
via 9838de125505fdff18014d72ebe9816176a610f9 (commit)
via d47dda115e1a3df50357a7a82694522df884c374 (commit)
via 6359df973fa24a3babd0e10e9e131ace47e2b2e8 (commit)
via 60c0166fd492bb6cff41811973c8da026c5109d7 (commit)
via f771eee7878fd4d5e670000256032ed56f537d8e (commit)
via 6ee994e2d25d14b31dc9de75264e94a9ac6a09d4 (commit)
via 8321caf35736401d2a0d53cefc5c432d5b9e2bc7 (commit)
via 5e47b314550d1165b86bd556330d36e0787e5109 (commit)
via 46d5eef85477d621c27e72910bffe6d15f83d6a6 (commit)
via e79ce10550e18a59e9aa2edb377e9b7130e60789 (commit)
via d5f1a3b9196933f86f46a6664a044fd027a8f417 (commit)
from dc3c9fd570850e69ad5166184726f9abb7d8a9c7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 3d2fe303830c0c1e425f6279a1625a56a27abd07
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 21 08:28:13 2008 +0100
s3:dsgetdcname: retry with the clients site
metze
(cherry picked from commit 1b7b0e924f3064a9774fd5d46bedc3d342b39ddb)
(cherry picked from commit f7a811f2ae3572791035014b6e20410b07ea011e)
commit 9838de125505fdff18014d72ebe9816176a610f9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 21 08:22:38 2008 +0100
s3:libnet_join: use DS_FORCE_REDISCOVERY
metze
(cherry picked from commit 2bb91392b46e347fe3b6803d10b10d8b40e4a4a6)
(cherry picked from commit 134893ef2b12b4b039c717588a8172613f6d1955)
commit d47dda115e1a3df50357a7a82694522df884c374
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:40:23 2008 +0100
s3:libnet_join: call saf_join_store() after a the join.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
(cherry picked from commit 6a993cb333675f4079d439fa334edee2df604933)
(cherry picked from commit 8314ce63ff77f0472d4249adcea87123b3b3f5c2)
commit 6359df973fa24a3babd0e10e9e131ace47e2b2e8
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:39:30 2008 +0100
s3:libads/ldap.c: store the dc name in the saf cache as in all other places
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
(cherry picked from commit 17efebde11eafd065c2cac39cdbe55b8d40d40be)
(cherry picked from commit 9e78bfdbe107519f2ddfa4d532771945a7691b46)
commit 60c0166fd492bb6cff41811973c8da026c5109d7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:38:15 2008 +0100
s3:libads/ldap.c: if the client belongs to no site at all any dc is the closest
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
(cherry picked from commit a8040d59659e58c5cb92c1107a7ff012eff12729)
(cherry picked from commit 7baceea20252dec6b64e86ec8b5a73b62b373758)
commit f771eee7878fd4d5e670000256032ed56f537d8e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:36:25 2008 +0100
s3:libads/ldap.c: pass the real workgroup name to get_dc_name()
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
(cherry picked from commit 2f27ffc4a2ba745341a5961b8f04e62da3fb089a)
(cherry picked from commit 132911954715bfa6df8566c0fb382ef07a7da96e)
commit 6ee994e2d25d14b31dc9de75264e94a9ac6a09d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 13 12:18:32 2008 +0100
s3:libsmb/namequery.c: add saf_join_store() function
saf_join_store() should be called after a successful
domain join, the affinity to the dc used at join time
has a larger ttl, to avoid problems with delayed replication.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 80e74a27c55c01221091e3eec930c2ac4433c22c)
(cherry picked from commit 895c40d03a07182c054a6fd857e7dd6838e698f4)
(cherry picked from commit 7b56268b3c9652e3089bd75e4e51dd626fa742a6)
commit 8321caf35736401d2a0d53cefc5c432d5b9e2bc7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 09:40:25 2008 +0100
s3: libsmb/namequery: fallback to returning all dcs, when none is available in the requested site
It could happen that all dcs in a site are unavailable
(some sites have only one dc) and then we need to fallback
to get all dcs.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c127367b1dd622eeceb1f47de0a047c297dda222)
(cherry picked from commit 0c43f96330f2935805ba4f0f8f858a027a90bc4c)
(cherry picked from commit caaf59383ceabdc555f7db098dae0455dea65023)
commit 5e47b314550d1165b86bd556330d36e0787e5109
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 22 11:14:10 2008 +0200
s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
(cherry picked from commit 7f779450cb0b0d9f36665c56c4acd0950daaeab2)
(cherry picked from commit 95c9a0272a72c029d75c3ffd1b5fad360b30f139)
commit 46d5eef85477d621c27e72910bffe6d15f83d6a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 22 10:36:21 2008 +0200
s3: correctly detect if the current dc is the closest one
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
(cherry picked from commit 588f5aae669910fee6da7f807f330163496b4170)
(cherry picked from commit b609f41baa035a15dafb18b2ec569a2b96968b17)
commit e79ce10550e18a59e9aa2edb377e9b7130e60789
Author: Michael Adam <obnox at samba.org>
Date: Fri Aug 29 17:55:28 2008 +0200
libnet_join: streamline logic of libnet_join_post_processing()
Michael
(cherry picked from commit 81cc1af1e699e454fbb1d12636d002f845231006)
(cherry picked from commit 3ea63ec10c37460253fbe68d63576e0cd8783c11)
commit d5f1a3b9196933f86f46a6664a044fd027a8f417
Author: Michael Adam <obnox at samba.org>
Date: Fri Aug 29 17:43:12 2008 +0200
libnet: fix join by creating keytab after changing the config.
Michael
(cherry picked from commit 96d1c780bf9524b929e6026776602a5288aea73d)
(cherry picked from commit 298e5b663b1d6b469d130041dbed151801a45d1e)
-----------------------------------------------------------------------
Summary of changes:
source/include/ads.h | 1 -
source/libads/ldap.c | 45 +++++++++++++++++++++++--
source/libads/ndr.c | 1 -
source/libnet/libnet_join.c | 31 ++++++++++-------
source/libsmb/dsgetdcname.c | 49 ++++++++++++++++++++++++---
source/libsmb/namequery.c | 77 +++++++++++++++++++++++++++++++++++++++++--
source/utils/net_ads.c | 2 +-
7 files changed, 178 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/ads.h b/source/include/ads.h
index d5ce88b..5a6a5f8 100644
--- a/source/include/ads.h
+++ b/source/include/ads.h
@@ -78,7 +78,6 @@ typedef struct ads_struct {
char *server_site_name;
char *client_site_name;
time_t current_time;
- int tried_closest_dc;
char *schema_path;
char *config_path;
} config;
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index a834773..47b9f3e 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -162,6 +162,11 @@ bool ads_closest_dc(ADS_STRUCT *ads)
return True;
}
+ if (ads->config.client_site_name == NULL) {
+ DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+ return True;
+ }
+
DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
ads->config.ldap_server_name));
@@ -267,10 +272,12 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server )
static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
{
+ const char *c_domain;
const char *c_realm;
int count, i=0;
struct ip_service *ip_list;
const char *realm;
+ const char *domain;
bool got_realm = False;
bool use_own_domain = False;
char *sitename;
@@ -308,13 +315,44 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
}
+ if ( use_own_domain ) {
+ c_domain = lp_workgroup();
+ } else {
+ c_domain = ads->server.workgroup;
+ }
+
realm = c_realm;
+ domain = c_domain;
+
+ /*
+ * In case of LDAP we use get_dc_name() as that
+ * creates the custom krb5.conf file
+ */
+ if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+ fstring srv_name;
+ struct sockaddr_storage ip_out;
+
+ DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+ (got_realm ? "realm" : "domain"), realm));
+
+ if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+ /*
+ * we call ads_try_connect() to fill in the
+ * ads->config details
+ */
+ if (ads_try_connect(ads, srv_name)) {
+ return NT_STATUS_OK;
+ }
+ }
+
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
sitename = sitename_fetch(realm);
again:
- DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
+ DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n",
(got_realm ? "realm" : "domain"), realm));
status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm);
@@ -481,9 +519,8 @@ got_connection:
/* cache the successful connection for workgroup and realm */
if (ads_closest_dc(ads)) {
- print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
- saf_store( ads->server.workgroup, addr);
- saf_store( ads->server.realm, addr);
+ saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+ saf_store( ads->server.realm, ads->config.ldap_server_name);
}
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
diff --git a/source/libads/ndr.c b/source/libads/ndr.c
index 6324a22..6ada66c 100644
--- a/source/libads/ndr.c
+++ b/source/libads/ndr.c
@@ -75,7 +75,6 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct
ndr_print_string(ndr, "server_site_name", r->config.server_site_name);
ndr_print_string(ndr, "client_site_name", r->config.client_site_name);
ndr_print_time_t(ndr, "current_time", r->config.current_time);
- ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc);
ndr_print_string(ndr, "schema_path", r->config.schema_path);
ndr_print_string(ndr, "config_path", r->config.config_path);
ndr->depth--;
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 526a0bd..e7302b4 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -1463,9 +1463,25 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx,
return werr;
}
- if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
- saf_store(r->in.domain_name, r->in.dc_name);
+ if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) {
+ return WERR_OK;
+ }
+
+ saf_join_store(r->out.netbios_domain_name, r->in.dc_name);
+ if (r->out.dns_domain_name) {
+ saf_join_store(r->out.dns_domain_name, r->in.dc_name);
+ }
+
+#ifdef WITH_ADS
+ if (r->out.domain_is_ad) {
+ ADS_STATUS ads_status;
+
+ ads_status = libnet_join_post_processing_ads(mem_ctx, r);
+ if (!ADS_ERR_OK(ads_status)) {
+ return WERR_GENERAL_FAILURE;
+ }
}
+#endif /* WITH_ADS */
return WERR_OK;
}
@@ -1644,6 +1660,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
r->in.domain_name,
NULL,
NULL,
+ DS_FORCE_REDISCOVERY |
DS_DIRECTORY_SERVICE_REQUIRED |
DS_WRITABLE_REQUIRED |
DS_RETURN_DNS_NAME,
@@ -1712,16 +1729,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
goto done;
}
-#ifdef WITH_ADS
- if (r->out.domain_is_ad) {
- ads_status = libnet_join_post_processing_ads(mem_ctx, r);
- if (!ADS_ERR_OK(ads_status)) {
- werr = WERR_GENERAL_FAILURE;
- goto done;
- }
- }
-#endif /* WITH_ADS */
-
werr = WERR_OK;
done:
diff --git a/source/libsmb/dsgetdcname.c b/source/libsmb/dsgetdcname.c
index 2b8f76a..72c3c73 100644
--- a/source/libsmb/dsgetdcname.c
+++ b/source/libsmb/dsgetdcname.c
@@ -1383,6 +1383,27 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
num_dcs, info);
}
+static bool is_closest_site(struct netr_DsRGetDCNameInfo *info)
+{
+ if (info->dc_flags & DS_SERVER_CLOSEST) {
+ return true;
+ }
+
+ if (!info->client_site_name) {
+ return true;
+ }
+
+ if (!info->dc_site_name) {
+ return false;
+ }
+
+ if (strcmp(info->client_site_name, info->dc_site_name) == 0) {
+ return true;
+ }
+
+ return false;
+}
+
/********************************************************************
dsgetdcname.
@@ -1400,6 +1421,8 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
struct netr_DsRGetDCNameInfo *myinfo = NULL;
char *query_site = NULL;
+ bool first = true;
+ struct netr_DsRGetDCNameInfo *first_info = NULL;
DEBUG(10,("dsgetdcname: domain_name: %s, "
"domain_guid: %s, site_name: %s, flags: 0x%08x\n",
@@ -1427,7 +1450,6 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid,
flags, query_site, &myinfo);
if (NT_STATUS_IS_OK(status)) {
- *info = myinfo;
goto done;
}
@@ -1440,12 +1462,27 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
domain_guid, flags, query_site,
&myinfo);
- if (NT_STATUS_IS_OK(status)) {
- *info = myinfo;
- }
-
done:
SAFE_FREE(query_site);
- return status;
+ if (!NT_STATUS_IS_OK(status)) {
+ if (!first) {
+ *info = first_info;
+ return NT_STATUS_OK;
+ }
+ return status;
+ }
+
+ if (!first) {
+ TALLOC_FREE(first_info);
+ } else if (!is_closest_site(myinfo)) {
+ first = false;
+ first_info = myinfo;
+ /* TODO: may use the next_closest_site here */
+ query_site = SMB_STRDUP(myinfo->client_site_name);
+ goto rediscover;
+ }
+
+ *info = myinfo;
+ return NT_STATUS_OK;
}
diff --git a/source/libsmb/namequery.c b/source/libsmb/namequery.c
index 5945683..112df1b 100644
--- a/source/libsmb/namequery.c
+++ b/source/libsmb/namequery.c
@@ -34,6 +34,8 @@ bool global_in_nmbd = False;
****************************************************************************/
#define SAFKEY_FMT "SAF/DOMAIN/%s"
#define SAF_TTL 900
+#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
+#define SAFJOIN_TTL 3600
static char *saf_key(const char *domain)
{
@@ -44,6 +46,15 @@ static char *saf_key(const char *domain)
return keystr;
}
+static char *saf_join_key(const char *domain)
+{
+ char *keystr;
+
+ asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain);
+
+ return keystr;
+}
+
/****************************************************************************
****************************************************************************/
@@ -69,7 +80,7 @@ bool saf_store( const char *domain, const char *servername )
return False;
key = saf_key( domain );
- expire = time( NULL ) + SAF_TTL;
+ expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
domain, servername, (unsigned int)expire ));
@@ -81,6 +92,38 @@ bool saf_store( const char *domain, const char *servername )
return ret;
}
+bool saf_join_store( const char *domain, const char *servername )
+{
+ char *key;
+ time_t expire;
+ bool ret = False;
+
+ if ( !domain || !servername ) {
+ DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
+ return False;
+ }
+
+ if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+ DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
+ return False;
+ }
+
+ if ( !gencache_init() )
+ return False;
+
+ key = saf_join_key( domain );
+ expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
+
+ DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
+ domain, servername, (unsigned int)expire ));
+
+ ret = gencache_set( key, servername, expire );
+
+ SAFE_FREE( key );
+
+ return ret;
+}
+
bool saf_delete( const char *domain )
{
char *key;
@@ -94,15 +137,22 @@ bool saf_delete( const char *domain )
if ( !gencache_init() )
return False;
+ key = saf_join_key(domain);
+ ret = gencache_del(key);
+ SAFE_FREE(key);
+
+ if (ret) {
+ DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
+ }
+
key = saf_key(domain);
ret = gencache_del(key);
+ SAFE_FREE(key);
if (ret) {
DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
}
- SAFE_FREE( key );
-
return ret;
}
@@ -124,6 +174,18 @@ char *saf_fetch( const char *domain )
if ( !gencache_init() )
return False;
+ key = saf_join_key( domain );
+
+ ret = gencache_get( key, &server, &timeout );
+
+ SAFE_FREE( key );
+
+ if ( ret ) {
+ DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
+ server, domain ));
+ return server;
+ }
+
key = saf_key( domain );
ret = gencache_get( key, &server, &timeout );
@@ -2098,6 +2160,15 @@ NTSTATUS get_sorted_dc_list( const char *domain,
status = get_dc_list(domain, sitename, ip_list,
count, lookup_type, &ordered);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
+ && sitename) {
+ DEBUG(3,("get_sorted_dc_list: no server for name %s available"
+ " in site %s, fallback to all servers\n",
+ domain, sitename));
+ status = get_dc_list(domain, NULL, ip_list,
+ count, lookup_type, &ordered);
+ }
+
if (!NT_STATUS_IS_OK(status)) {
SAFE_FREE(*ip_list);
*count = 0;
diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c
index ef6b151..a023a11 100644
--- a/source/utils/net_ads.c
+++ b/source/utils/net_ads.c
@@ -306,7 +306,7 @@ retry:
tried_closest_dc = True; /* avoid loop */
- if (!ads->config.tried_closest_dc) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
--
Samba Shared Repository
More information about the samba-cvs
mailing list