[SCM] Samba Shared Repository - branch v3-0-test updated -
release-3-0-32-58-gfeef594
Günther Deschner
gd at samba.org
Thu Oct 30 13:53:44 GMT 2008
The branch, v3-0-test has been updated
via feef594d275881466e2c3f59c0ff54609a9cc53b (commit)
via 543fa85a711337e979c7b631bda5db95d109ef59 (commit)
via f86ef9b53a903485deba94febf90dd4e657cc02b (commit)
via c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc (commit)
via 80e74a27c55c01221091e3eec930c2ac4433c22c (commit)
via c127367b1dd622eeceb1f47de0a047c297dda222 (commit)
via d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f (commit)
via dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3 (commit)
from 559ba0215cada4093efd22f165b608c41913d935 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit feef594d275881466e2c3f59c0ff54609a9cc53b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:40:23 2008 +0100
utils/net_ads.c: call saf_join_store() after a the join.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 543fa85a711337e979c7b631bda5db95d109ef59
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:39:30 2008 +0100
libads/ldap.c: store the dc name in the saf cache as in all other places
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit f86ef9b53a903485deba94febf90dd4e657cc02b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:38:15 2008 +0100
libads/ldap.c: if the client belongs to no site at all any dc is the closest
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:36:25 2008 +0100
libads/ldap.c: pass the real workgroup name to get_dc_name()
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 80e74a27c55c01221091e3eec930c2ac4433c22c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 19:31:30 2008 +0100
libsmb/namequery.c: add saf_join_store() function
saf_join_store() should be called after a successful
domain join, the affinity to the dc used at join time
has a larger ttl, to avoid problems with delayed replication.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit c127367b1dd622eeceb1f47de0a047c297dda222
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 27 09:40:25 2008 +0100
libsmb/namequery: fallback to returning all dcs, when none is available in the requested site
It could happen that all dcs in a site are unavailable
(some sites have only one dc) and then we need to fallback
to get all dcs.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 22 11:14:10 2008 +0200
s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 22 10:36:21 2008 +0200
s3: correctly detect if the current dc is the closest one
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source/include/ads.h | 1 -
source/libads/ldap.c | 46 +++++++++++++++++++++++--
source/libsmb/namequery.c | 80 ++++++++++++++++++++++++++++++++++++++++++---
source/utils/net_ads.c | 5 ++-
4 files changed, 121 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/ads.h b/source/include/ads.h
index 24884f5..1f4cc7a 100644
--- a/source/include/ads.h
+++ b/source/include/ads.h
@@ -56,7 +56,6 @@ typedef struct {
char *server_site_name;
char *client_site_name;
time_t current_time;
- int tried_closest_dc;
} config;
} ADS_STRUCT;
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index 67c5470..4e18ff7 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -156,6 +156,11 @@ BOOL ads_closest_dc(ADS_STRUCT *ads)
return True;
}
+ if (ads->config.client_site_name == NULL) {
+ DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+ return True;
+ }
+
DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
ads->config.ldap_server_name));
@@ -243,9 +248,11 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
{
+ const char *c_domain;
const char *c_realm;
int count, i=0;
struct ip_service *ip_list;
+ pstring domain;
pstring realm;
BOOL got_realm = False;
BOOL use_own_domain = False;
@@ -283,14 +290,45 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
}
}
-
+
+ if ( use_own_domain ) {
+ c_domain = lp_workgroup();
+ } else {
+ c_domain = ads->server.workgroup;
+ }
+
+ pstrcpy( domain, c_domain );
pstrcpy( realm, c_realm );
+ /*
+ * In case of LDAP we use get_dc_name() as that
+ * creates the custom krb5.conf file
+ */
+ if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+ fstring srv_name;
+ struct in_addr ip_out;
+
+ DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+ (got_realm ? "realm" : "domain"), realm));
+
+ if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+ /*
+ * we call ads_try_connect() to fill in the
+ * ads->config details
+ */
+ if (ads_try_connect(ads, srv_name)) {
+ return NT_STATUS_OK;
+ }
+ }
+
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
+
sitename = sitename_fetch(realm);
again:
- DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
+ DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n",
(got_realm ? "realm" : "domain"), realm));
status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm);
@@ -435,8 +473,8 @@ got_connection:
/* cache the successful connection for workgroup and realm */
if (ads_closest_dc(ads)) {
- saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
- saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
+ saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+ saf_store( ads->server.realm, ads->config.ldap_server_name);
}
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
diff --git a/source/libsmb/namequery.c b/source/libsmb/namequery.c
index b2a4156..023fd3f 100644
--- a/source/libsmb/namequery.c
+++ b/source/libsmb/namequery.c
@@ -34,6 +34,8 @@ BOOL global_in_nmbd = False;
****************************************************************************/
#define SAFKEY_FMT "SAF/DOMAIN/%s"
#define SAF_TTL 900
+#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
+#define SAFJOIN_TTL 3600
static char *saf_key(const char *domain)
{
@@ -44,6 +46,15 @@ static char *saf_key(const char *domain)
return keystr;
}
+static char *saf_join_key(const char *domain)
+{
+ char *keystr;
+
+ asprintf( &keystr, SAFJOINKEY_FMT, strupper_static(domain) );
+
+ return keystr;
+}
+
/****************************************************************************
****************************************************************************/
@@ -67,7 +78,7 @@ BOOL saf_store( const char *domain, const char *servername )
return False;
key = saf_key( domain );
- expire = time( NULL ) + SAF_TTL;
+ expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
@@ -80,6 +91,38 @@ BOOL saf_store( const char *domain, const char *servername )
return ret;
}
+BOOL saf_join_store( const char *domain, const char *servername )
+{
+ char *key;
+ time_t expire;
+ BOOL ret = False;
+
+ if ( !domain || !servername ) {
+ DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
+ return False;
+ }
+
+ if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+ DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
+ return False;
+ }
+
+ if ( !gencache_init() )
+ return False;
+
+ key = saf_join_key( domain );
+ expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
+
+ DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
+ domain, servername, (unsigned int)expire ));
+
+ ret = gencache_set( key, servername, expire );
+
+ SAFE_FREE( key );
+
+ return ret;
+}
+
BOOL saf_delete( const char *domain )
{
char *key;
@@ -93,15 +136,22 @@ BOOL saf_delete( const char *domain )
if ( !gencache_init() )
return False;
+ key = saf_join_key(domain);
+ ret = gencache_del(key);
+ SAFE_FREE(key);
+
+ if (ret) {
+ DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
+ }
+
key = saf_key(domain);
ret = gencache_del(key);
-
+ SAFE_FREE(key);
+
if (ret) {
DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
}
- SAFE_FREE( key );
-
return ret;
}
@@ -122,7 +172,19 @@ char *saf_fetch( const char *domain )
if ( !gencache_init() )
return False;
-
+
+ key = saf_join_key( domain );
+
+ ret = gencache_get( key, &server, &timeout );
+
+ SAFE_FREE( key );
+
+ if ( ret ) {
+ DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
+ server, domain ));
+ return server;
+ }
+
key = saf_key( domain );
ret = gencache_get( key, &server, &timeout );
@@ -1648,6 +1710,14 @@ NTSTATUS get_sorted_dc_list( const char *domain, const char *sitename, struct ip
}
status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) && sitename) {
+ DEBUG(3,("get_sorted_dc_list: no server for name %s available"
+ " in site %s, fallback to all servers\n",
+ domain, sitename));
+ status = get_dc_list(domain, NULL, ip_list, count,
+ lookup_type, &ordered);
+ }
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c
index d6a52b8..6d06466 100644
--- a/source/utils/net_ads.c
+++ b/source/utils/net_ads.c
@@ -306,7 +306,7 @@ retry:
tried_closest_dc = True; /* avoid loop */
- if (!ads->config.tried_closest_dc) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);
@@ -1575,6 +1575,9 @@ int net_ads_join(int argc, const char **argv)
goto fail;
}
+ saf_join_store(ads->server.workgroup, ads->config.ldap_server_name);
+ saf_join_store(ads->server.realm, ads->config.ldap_server_name);
+
/* Verify that everything is ok */
if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list