[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Mon Apr 26 23:25:58 MDT 2010
The branch, master has been updated
via 280d06f... s4-libnet: cope with an empty client site name from CLDAP
via e88a54a... s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch
via 4497080... s4:knownfail - remove tests which should pass
via cfbd5ef... s4:netlogon RPC server - we don't need "are we DC" proofs
via ca1f7c9... s4:torture - DsRGetDcSiteCoverageW - adapt test to check for the sitename
via 4686305... s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation
via a66bdbe... s4:torture - DsRGetSiteName - move "skip" statement before the "computer_name" check
via 3b4137c... s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs
via 2780a18... s4:torture - GetAnyDCName - adaptions
via 5fc7118... s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation
via cf93634... s4:torture - DsRAddressesToSitenames - enhance the testsuite
via 908d982... s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information
via cf73bc6... s4:CLDAP server - make use of the new "samdb_client_site_name" call
via 093d356... s4:util - add a function which finds the matching client site using the client address
via 725e48c... s4-drsdevel: support sites in drs developer scripts
via 4679bb7... s4-vampire: show main CLDAP response attributes during vampire
via 7e2b3ab... s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors
from 3f643f1... Correctly report share types (now Win7 makes RPC calls against us).
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 280d06f8b5734555eb3cb8423d7f9ad1bdc83792
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Apr 27 15:02:29 2010 +1000
s4-libnet: cope with an empty client site name from CLDAP
We fall back to the server site name in a vampire
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit e88a54a87e185b44e2d216bd853e6a87bf950be6
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Apr 27 14:25:14 2010 +1000
s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch
We should respond when we are the PDC
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 449708017377c3cdf814642af75d7c7f8b554a3e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Apr 21 19:30:37 2010 +0200
s4:knownfail - remove tests which should pass
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit cfbd5ef8c401e316fe5659bb4360e30b6b8096d1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Apr 21 17:54:06 2010 +0200
s4:netlogon RPC server - we don't need "are we DC" proofs
When we aren't a DC we shouldn't have the netlogon pipe available.
[MS-NRPC 1.3] says that we can only have DCs on the server side.
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit ca1f7c9b7332be2f7136094953eef43c65ee1462
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu Apr 22 10:37:45 2010 +0200
s4:torture - DsRGetDcSiteCoverageW - adapt test to check for the sitename
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 4686305feb13f6c824843cb2ab8d55f59254303c
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu Apr 22 10:28:37 2010 +0200
s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation
Does for now only return DC's primary site.
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit a66bdbec86f2da8b53518b05018f2c17261b9003
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Apr 21 19:13:11 2010 +0200
s4:torture - DsRGetSiteName - move "skip" statement before the "computer_name" check
We don't support the check for the computer name on the RPC server side.
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 3b4137c7be94678e3bd3553fa05feea1efe0f5fd
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Apr 18 19:01:18 2010 +0200
s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 2780a18a9fc3aac355c141fe0393e1f8008e242f
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Apr 20 16:59:48 2010 +0200
s4:torture - GetAnyDCName - adaptions
- Check for the various domainname set modes (on NULL and "" the domain should
be the default domain on the server)
- support return value "WERR_NO_SUCH_DOMAIN" (the server is the PDC of the
domain)
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 5fc71186751da3fc2388021630b16279cb949017
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sun Apr 18 15:02:06 2010 +0200
s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation
This implementation checks if the domainname is valid for us or a trusted domain.
Then I've also added the PDC location functionality. That means that we should
return "WERR_NO_SUCH_DOMAIN" (MS-NRPC 3.5.5.2.5).
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit cf93634ec5bc4a87c58fccbf2c04c8625013946f
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Apr 21 21:39:20 2010 +0200
s4:torture - DsRAddressesToSitenames - enhance the testsuite
This shows the Windows behaviour of these two calls which we should match.
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 908d982980846257b65ab576d31131e8793e9399
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Apr 13 22:49:48 2010 +0200
s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit cf73bc63e5c9335a2af8e0b46d2b12de5607f506
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Apr 11 13:17:05 2010 +0200
s4:CLDAP server - make use of the new "samdb_client_site_name" call
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 093d35661d25d7fd89ce46fef5922768c0c0ace7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Apr 13 18:28:53 2010 +0200
s4:util - add a function which finds the matching client site using the client address
The lookup of the client site is done using the subnets in the configuration
partition. If no one matches we use the Windows Server fallback mechansim.
This means: if only one site is available just use it. If they're more set the
output variable to "".
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 725e48c22c92e284bb55567f2116c8ddc82a0529
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Apr 27 12:18:02 2010 +1000
s4-drsdevel: support sites in drs developer scripts
commit 4679bb731b3620006249abb0f9808c755266d87a
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Apr 27 12:17:36 2010 +1000
s4-vampire: show main CLDAP response attributes during vampire
commit 7e2b3ab14f84fb369a8fc00839feebd70b85426b
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Apr 27 12:17:08 2010 +1000
s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors
The 0xc0002104/WERR_DS_DRA_NO_REPLICA seems to be spurious, and can be
avoided by setting DRSUAPI_DRS_SYNC_ALL in the DsReplicaSync request.
We need to investigate this further, and find out from MS why this is
sometimes being sent, even when the target DC has the right repsFrom
entries
-----------------------------------------------------------------------
Summary of changes:
source4/cldap_server/netlogon.c | 5 +-
source4/dsdb/common/util.c | 90 +++++++
source4/dsdb/repl/drepl_notify.c | 19 ++-
source4/dsdb/repl/drepl_service.h | 2 +
source4/libnet/libnet_become_dc.c | 9 +
source4/rpc_server/netlogon/dcerpc_netlogon.c | 211 +++++++++++++---
source4/scripting/devel/drs/unvampire_ad.sh | 5 +-
source4/scripting/devel/drs/vampire_ad.sh | 4 +-
source4/scripting/devel/drs/vars | 1 +
source4/selftest/knownfail | 4 -
source4/torture/rpc/netlogon.c | 347 ++++++++++++++++++++++---
11 files changed, 622 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 8f445d0..1993c1f 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -266,8 +266,9 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
flatname = lp_sam_name(lp_ctx);
server_site = samdb_server_site_name(sam_ctx, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(server_site);
- /* FIXME: Hardcoded site name */
- client_site = "Default-First-Site-Name";
+ client_site = samdb_client_site_name(sam_ctx, mem_ctx,
+ src_address, NULL);
+ NT_STATUS_HAVE_NO_MEMORY(client_site);
load_interfaces(mem_ctx, lp_interfaces(lp_ctx), &ifaces);
pdc_ip = iface_best_ip(ifaces, src_address);
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 3a04797..7dd68b8 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -40,6 +40,7 @@
#include "system/locale.h"
#include "lib/util/tsort.h"
#include "dsdb/common/util.h"
+#include "lib/socket/socket.h"
/*
search the sam for the specified attributes in a specific domain, filter on
@@ -1593,6 +1594,95 @@ const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
}
/*
+ * Finds the client site by using the client's IP address.
+ * The "subnet_name" returns the name of the subnet if parameter != NULL
+ */
+const char *samdb_client_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+ const char *ip_address, char **subnet_name)
+{
+ const char *attrs[] = { "cn", "siteObject", NULL };
+ struct ldb_dn *sites_container_dn, *subnets_dn, *sites_dn;
+ struct ldb_result *res;
+ const struct ldb_val *val;
+ const char *site_name = NULL, *l_subnet_name = NULL;
+ const char *allow_list[2] = { NULL, NULL };
+ unsigned int i;
+ int cnt, ret;
+
+ sites_container_dn = samdb_sites_dn(ldb, mem_ctx);
+ if (sites_container_dn == NULL) {
+ return NULL;
+ }
+
+ subnets_dn = ldb_dn_copy(mem_ctx, sites_container_dn);
+ if ( ! ldb_dn_add_child_fmt(subnets_dn, "CN=Subnets")) {
+ talloc_free(sites_container_dn);
+ talloc_free(subnets_dn);
+ return NULL;
+ }
+
+ ret = ldb_search(ldb, mem_ctx, &res, subnets_dn, LDB_SCOPE_ONELEVEL,
+ attrs, NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(sites_container_dn);
+ talloc_free(subnets_dn);
+ return NULL;
+ }
+
+ for (i = 0; i < res->count; i++) {
+ l_subnet_name = ldb_msg_find_attr_as_string(res->msgs[i], "cn",
+ NULL);
+
+ allow_list[0] = l_subnet_name;
+
+ if (allow_access(mem_ctx, NULL, allow_list, "", ip_address)) {
+ sites_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx,
+ res->msgs[i],
+ "siteObject");
+ if (sites_dn == NULL) {
+ /* No reference, maybe another subnet matches */
+ continue;
+ }
+
+ /* "val" cannot be NULL here since "sites_dn" != NULL */
+ val = ldb_dn_get_rdn_val(sites_dn);
+ site_name = talloc_strdup(mem_ctx,
+ (const char *) val->data);
+
+ talloc_free(sites_dn);
+
+ break;
+ }
+ }
+
+ if (site_name == NULL) {
+ /* This is the Windows Server fallback rule: when no subnet
+ * exists and we have only one site available then use it (it
+ * is for sure the same as our server site). If more sites do
+ * exist then we don't know which one to use and set the site
+ * name to "". */
+ cnt = samdb_search_count(ldb, sites_container_dn,
+ "(objectClass=site)");
+ if (cnt == 1) {
+ site_name = samdb_server_site_name(ldb, mem_ctx);
+ } else {
+ site_name = talloc_strdup(mem_ctx, "");
+ }
+ l_subnet_name = NULL;
+ }
+
+ if (subnet_name != NULL) {
+ *subnet_name = talloc_strdup(mem_ctx, l_subnet_name);
+ }
+
+ talloc_free(sites_container_dn);
+ talloc_free(subnets_dn);
+ talloc_free(res);
+
+ return site_name;
+}
+
+/*
work out if we are the PDC for the domain of the current open ldb
*/
bool samdb_is_pdc(struct ldb_context *ldb)
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index 00075e8..0145b27 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -120,6 +120,10 @@ static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req)
DRSUAPI_DRS_ASYNC_OP |
DRSUAPI_DRS_UPDATE_NOTIFICATION |
DRSUAPI_DRS_WRIT_REP;
+ if (state->op->service->syncall_workaround) {
+ DEBUG(3,("sending DsReplicaSync with SYNC_ALL workaround\n"));
+ r->in.req->req1.options |= DRSUAPI_DRS_SYNC_ALL;
+ }
if (state->op->is_urgent) {
r->in.req->req1.options |= DRSUAPI_DRS_SYNC_URGENT;
@@ -127,6 +131,10 @@ static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req)
state->ndr_struct_ptr = r;
+ if (DEBUGLVL(10)) {
+ NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r);
+ }
+
subreq = dcerpc_drsuapi_DsReplicaSync_r_send(state,
state->ev,
drsuapi->drsuapi_handle,
@@ -185,10 +193,17 @@ static void dreplsrv_notify_op_callback(struct tevent_req *subreq)
status = dreplsrv_op_notify_recv(subreq);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s\n",
+ WERROR werr;
+ werr = ntstatus_to_werror(status);
+
+ DEBUG(0,("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s : %s\n",
op->source_dsa->repsFrom1->other_info->dns_name,
ldb_dn_get_linearized(op->source_dsa->partition->dn),
- nt_errstr(status)));
+ nt_errstr(status), win_errstr(werr)));
+ if (W_ERROR_EQUAL(werr, WERR_DS_DRA_NO_REPLICA)) {
+ DEBUG(0,("Enabling SYNC_ALL workaround\n"));
+ op->service->syncall_workaround = true;
+ }
} else {
DEBUG(2,("dreplsrv_notify: DsReplicaSync OK for %s\n",
op->source_dsa->repsFrom1->other_info->dns_name));
diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h
index 7813f92..88be769 100644
--- a/source4/dsdb/repl/drepl_service.h
+++ b/source4/dsdb/repl/drepl_service.h
@@ -213,6 +213,8 @@ struct dreplsrv_service {
bool in_progress;
struct dreplsrv_partition_source_dsa *rid_manager_source_dsa;
} ridalloc;
+
+ bool syncall_workaround;
};
#include "dsdb/repl/drepl_out_helpers.h"
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index 8880abf..74242c0 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -822,6 +822,15 @@ static void becomeDC_recv_cldap(struct tevent_req *req)
s->dest_dsa.site_name = s->cldap.netlogon.client_site;
+ DEBUG(0,("CLDAP response: forest=%s dns=%s netbios=%s server_site=%s client_site=%s\n",
+ s->forest.dns_name, s->domain.dns_name, s->domain.netbios_name,
+ s->source_dsa.site_name, s->dest_dsa.site_name));
+ if (!s->dest_dsa.site_name || strcmp(s->dest_dsa.site_name, "") == 0) {
+ DEBUG(0,("Got empty client site - using server site name %s\n",
+ s->source_dsa.site_name));
+ s->dest_dsa.site_name = s->source_dsa.site_name;
+ }
+
becomeDC_connect_ldap1(s);
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 5acf91f..8681e68 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -988,6 +988,10 @@ static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALL
return werr;
}
+static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ struct netr_DomainTrustList *trusts,
+ uint32_t trust_flags);
/*
netr_GetAnyDCName
@@ -995,18 +999,56 @@ static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALL
static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_GetAnyDCName *r)
{
- struct netr_GetDcName r2;
+ struct netr_DomainTrustList *trusts;
+ struct ldb_context *sam_ctx;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ uint32_t i;
WERROR werr;
- ZERO_STRUCT(r2);
+ *r->out.dcname = NULL;
+
+ if ((r->in.domainname == NULL) || (r->in.domainname[0] == '\0')) {
+ /* if the domainname parameter wasn't set assume our domain */
+ r->in.domainname = lp_workgroup(lp_ctx);
+ }
- r2.in.logon_server = r->in.logon_server;
- r2.in.domainname = r->in.domainname;
- r2.out.dcname = r->out.dcname;
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
- werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2);
+ if (strcasecmp(r->in.domainname, lp_workgroup(lp_ctx)) == 0) {
+ *r->out.dcname = talloc_asprintf(mem_ctx, "\\%s",
+ lp_netbios_name(lp_ctx));
+ W_ERROR_HAVE_NO_MEMORY(*r->out.dcname);
- return werr;
+ return WERR_OK;
+ }
+
+ /* Okay, now we have to consider the trusted domains */
+
+ trusts = talloc_zero(mem_ctx, struct netr_DomainTrustList);
+ W_ERROR_HAVE_NO_MEMORY(trusts);
+
+ trusts->count = 0;
+
+ werr = fill_trusted_domains_array(mem_ctx, sam_ctx, trusts,
+ NETR_TRUST_FLAG_INBOUND
+ | NETR_TRUST_FLAG_OUTBOUND);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ for (i = 0; i < trusts->count; i++) {
+ if (strcasecmp(r->in.domainname, trusts->array[i].netbios_name) == 0) {
+ /* FIXME: Here we need to find a DC for the specified
+ * trusted domain. */
+
+ /* return WERR_OK; */
+ return WERR_NO_SUCH_DOMAIN;
+ }
+ }
+
+ return WERR_NO_SUCH_DOMAIN;
}
@@ -1088,7 +1130,19 @@ static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state
static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsRGetSiteName *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct ldb_context *sam_ctx;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ *r->out.site = samdb_server_site_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(*r->out.site);
+
+ return WERR_OK;
}
@@ -1456,16 +1510,6 @@ static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call,
/*
- netr_DsRAddressToSitenamesW
-*/
-static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DsRAddressToSitenamesW *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
-/*
netr_DsRGetDCNameEx2
*/
static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
@@ -1616,12 +1660,23 @@ static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state
static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsRAddressToSitenamesExW *r)
{
+ struct ldb_context *sam_ctx;
struct netr_DsRAddressToSitenamesExWCtr *ctr;
- int i;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ uint16_t sin_family;
+ struct sockaddr_in *addr;
+ struct sockaddr_in6 *addr6;
+ char addr_str[INET6_ADDRSTRLEN];
+ char *subnet_name;
+ const char *res;
+ uint32_t i;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
- /* we should map the provided IPs to site names, once we have
- * sites support
- */
ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr);
W_ERROR_HAVE_NO_MEMORY(ctr);
@@ -1634,9 +1689,46 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce
W_ERROR_HAVE_NO_MEMORY(ctr->subnetname);
for (i=0; i<ctr->count; i++) {
- /* FIXME: Hardcoded site name */
- ctr->sitename[i].string = "Default-First-Site-Name";
+ ctr->sitename[i].string = NULL;
ctr->subnetname[i].string = NULL;
+
+ if (r->in.addresses[i].size < sizeof(sin_family)) {
+ continue;
+ }
+ sin_family = SVAL(r->in.addresses[i].buffer, 0);
+
+ switch (sin_family) {
+ case AF_INET:
+ if (r->in.addresses[i].size < sizeof(struct sockaddr_in)) {
+ continue;
+ }
+ addr = (struct sockaddr_in *) r->in.addresses[i].buffer;
+ res = inet_ntop(AF_INET, &addr->sin_addr,
+ addr_str, sizeof(addr_str));
+ break;
+ case AF_INET6:
+ if (r->in.addresses[i].size < sizeof(struct sockaddr_in6)) {
+ continue;
+ }
+ addr6 = (struct sockaddr_in6 *) r->in.addresses[i].buffer;
+ res = inet_ntop(AF_INET6, &addr6->sin6_addr,
+ addr_str, sizeof(addr_str));
+ break;
+ default:
+ continue;
+ break;
+ }
+
+ if (res == NULL) {
+ continue;
+ }
+
+ ctr->sitename[i].string = samdb_client_site_name(sam_ctx,
+ mem_ctx,
+ addr_str,
+ &subnet_name);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sitename[i].string);
+ ctr->subnetname[i].string = subnet_name;
}
return WERR_OK;
@@ -1644,12 +1736,73 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce
/*
+ netr_DsRAddressToSitenamesW
+*/
+static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DsRAddressToSitenamesW *r)
+{
+ struct netr_DsRAddressToSitenamesExW r2;
+ struct netr_DsRAddressToSitenamesWCtr *ctr;
+ uint32_t i;
+ WERROR werr;
+
+ ZERO_STRUCT(r2);
+
+ r2.in.server_name = r->in.server_name;
+ r2.in.count = r->in.count;
+ r2.in.addresses = r->in.addresses;
+
+ r2.out.ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr *);
+ W_ERROR_HAVE_NO_MEMORY(r2.out.ctr);
+
+ werr = dcesrv_netr_DsRAddressToSitenamesExW(dce_call, mem_ctx, &r2);
+
+ ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesWCtr);
+ W_ERROR_HAVE_NO_MEMORY(ctr);
+
+ *r->out.ctr = ctr;
+
+ ctr->count = r->in.count;
+ ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sitename);
+
+ for (i=0; i<ctr->count; i++) {
+ ctr->sitename[i].string = (*r2.out.ctr)->sitename[i].string;
+ }
+
+ return werr;
+}
+
+
+/*
netr_DsrGetDcSiteCoverageW
*/
static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsrGetDcSiteCoverageW *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct ldb_context *sam_ctx;
+ struct DcSitesCtr *ctr;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ ctr = talloc(mem_ctx, struct DcSitesCtr);
+ W_ERROR_HAVE_NO_MEMORY(ctr);
+
+ *r->out.ctr = ctr;
+
+ /* For now only return our default site */
+ ctr->num_sites = 1;
+ ctr->sites = talloc_array(ctr, struct lsa_String, ctr->num_sites);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sites);
+ ctr->sites[0].string = samdb_server_site_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sites[0].string);
+
+ return WERR_OK;
}
@@ -1956,10 +2109,6 @@ static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state
struct ldb_context *sam_ctx;
WERROR werr;
- if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
- return WERR_CALL_NOT_IMPLEMENTED;
- }
-
if (r->in.flags & 0xFFFFFFFE) {
return WERR_INVALID_FLAGS;
}
@@ -2019,10 +2168,6 @@ static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *
NTSTATUS status;
WERROR werr;
- if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
status = dcesrv_netr_creds_server_step_check(dce_call,
mem_ctx,
r->in.computer_name,
diff --git a/source4/scripting/devel/drs/unvampire_ad.sh b/source4/scripting/devel/drs/unvampire_ad.sh
index 7f9763e..dbd3cfb 100755
--- a/source4/scripting/devel/drs/unvampire_ad.sh
+++ b/source4/scripting/devel/drs/unvampire_ad.sh
@@ -4,8 +4,11 @@ set -x
--
Samba Shared Repository
More information about the samba-cvs
mailing list