[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Sep 16 00:07:45 MDT 2010
The branch, master has been updated
via 7e729c4 s4-dns: use a non-forwardable ticket in samba_dnsupdate
via 89827af s4-kerberos: obey the credentials setting for forwardable tickets
via efb37a5 s4-pycredentials: expose forwardable setting via python
via 6a82997 s4-credentials: added ability to control forwardable attribute on krb5 tickets
via 377ffcb s4-drs: make debugging DsUpdateRefs a bit easier
via e5cd023 s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls
via 4cf53c6 s4-drs: removed a debug print in repl secret
via f95e6a3 s4-test: enable valgrind on wbinfo tests
via eeafe1e s4-pydrs: fix for python 2.4
from 32976e2 s3: Add convenience make target buildfarm-test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7e729c4f6a374f5fa1e348404e370dbf122a5a0b
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 14:13:48 2010 +1000
s4-dns: use a non-forwardable ticket in samba_dnsupdate
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 89827af5250a0e65e19ee3752cfe407a6e01856f
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 14:13:29 2010 +1000
s4-kerberos: obey the credentials setting for forwardable tickets
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit efb37a5b8c3667c948e1ec9815a1c9ac575a4456
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 14:12:57 2010 +1000
s4-pycredentials: expose forwardable setting via python
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 6a82997285db9aff0085e6a54e58a34a97152ebb
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 14:12:37 2010 +1000
s4-credentials: added ability to control forwardable attribute on krb5 tickets
with the latest bind9 nsupdate, we need to be able to control if the
ticket we use is forwardable
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 377ffcb0292505bfcdc6fbcfdc379614364cc868
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 13:02:43 2010 +1000
s4-drs: make debugging DsUpdateRefs a bit easier
commit e5cd023a41ce4b8a51bbace4da395a7f0843d212
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 13:02:23 2010 +1000
s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls
commit 4cf53c6d0b8b418adf39b6dd81d44c7b6d587e0c
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 13:00:20 2010 +1000
s4-drs: removed a debug print in repl secret
commit f95e6a32e430dba459f01a9400bebdf78549abae
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 10:58:03 2010 +1000
s4-test: enable valgrind on wbinfo tests
commit eeafe1eb65b92c4a1cfafbadd71c991c9c2be50e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 16 07:38:14 2010 +1000
s4-pydrs: fix for python 2.4
thanks to Kamen and David Gonzalez for spotting this
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_wbinfo.sh | 2 +-
source4/auth/credentials/credentials.c | 12 +++++
source4/auth/credentials/credentials.h | 12 +++++
source4/auth/credentials/pycredentials.c | 16 +++++++
source4/auth/kerberos/kerberos.c | 27 ++----------
source4/auth/kerberos/kerberos.h | 8 ++-
source4/auth/kerberos/kerberos_util.c | 32 ++++++++++++++-
source4/dsdb/repl/drepl_replica.c | 59 +++++++++++++++++++++++++++
source4/dsdb/repl/drepl_service.c | 37 +++++++++++++++++
source4/dsdb/wscript_build | 2 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 45 +++++++++++++++++++-
source4/rpc_server/drsuapi/getncchanges.c | 1 -
source4/rpc_server/drsuapi/updaterefs.c | 9 ++++-
source4/scripting/bin/samba_dnsupdate | 5 +-
source4/scripting/python/samba/drs_utils.py | 2 +-
15 files changed, 232 insertions(+), 37 deletions(-)
create mode 100644 source4/dsdb/repl/drepl_replica.c
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 4efffc8..b344f71 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -15,7 +15,7 @@ shift 4
failed=0
samba4bindir="$BUILDDIR/bin"
-wbinfo="$samba4bindir/wbinfo$EXEEXT"
+wbinfo="$VALGRIND $samba4bindir/wbinfo$EXEEXT"
. `dirname $0`/../../testprogs/blackbox/subunit.sh
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index acdcfde..e1965b3 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -109,6 +109,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
cli_credentials_set_gensec_features(cred, 0);
+ cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE);
return cred;
}
@@ -133,11 +134,22 @@ _PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
creds->use_kerberos = use_kerberos;
}
+_PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
+ enum credentials_krb_forwardable krb_forwardable)
+{
+ creds->krb_forwardable = krb_forwardable;
+}
+
_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
{
return creds->use_kerberos;
}
+_PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds)
+{
+ return creds->krb_forwardable;
+}
+
_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
{
creds->gensec_features = gensec_features;
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index c4c7d3f..b7a9540 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -44,6 +44,12 @@ enum credentials_use_kerberos {
CRED_MUST_USE_KERBEROS /* Sometimes administrators are parinoid, so always do kerberos */
};
+enum credentials_krb_forwardable {
+ CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */
+ CRED_NO_KRB_FORWARDABLE, /* not forwardable */
+ CRED_FORCE_KRB_FORWARDABLE /* forwardable */
+};
+
#define CLI_CRED_NTLM2 0x01
#define CLI_CRED_NTLMv2_AUTH 0x02
#define CLI_CRED_LANMAN_AUTH 0x04
@@ -122,6 +128,9 @@ struct cli_credentials {
/* Should we be trying to use kerberos? */
enum credentials_use_kerberos use_kerberos;
+ /* Should we get a forwardable ticket? */
+ enum credentials_krb_forwardable krb_forwardable;
+
/* gensec features which should be used for connections */
uint32_t gensec_features;
@@ -193,6 +202,8 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
const char **error_string);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
+void cli_credentials_set_krb_forwardable(struct cli_credentials *creds,
+ enum credentials_krb_forwardable krb_forwardable);
bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained);
@@ -280,6 +291,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred);
const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c
index 86ce63e..7c860b0 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -193,6 +193,16 @@ static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *a
Py_RETURN_NONE;
}
+static PyObject *py_creds_set_krb_forwardable(py_talloc_Object *self, PyObject *args)
+{
+ int state;
+ if (!PyArg_ParseTuple(args, "i", &state))
+ return NULL;
+
+ cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
+ Py_RETURN_NONE;
+}
+
static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
@@ -364,6 +374,8 @@ static PyMethodDef py_creds_methods[] = {
NULL },
{ "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
NULL },
+ { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
+ NULL },
{ "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
{ "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
{ "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
@@ -407,6 +419,10 @@ void initcredentials(void)
PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
+ PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
+ PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
+ PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
+
Py_INCREF(&PyCredentials);
PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
Py_INCREF(&PyCredentialCacheContainer);
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 4275764..0db0dd3 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -41,31 +41,23 @@
krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
krb5_principal principal, krb5_keyblock *keyblock,
const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
time_t *expire_time, time_t *kdc_time)
{
krb5_error_code code = 0;
krb5_creds my_creds;
- krb5_get_init_creds_opt *options;
-
- if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) {
- return code;
- }
-
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options);
if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
- 0, target_service, options))) {
+ 0, target_service, krb_options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
- krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
- krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -78,7 +70,6 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
- krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return 0;
@@ -96,20 +87,14 @@
krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
krb5_principal principal, const char *password,
krb5_principal impersonate_principal, const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
time_t *expire_time, time_t *kdc_time)
{
krb5_error_code code = 0;
krb5_creds my_creds;
krb5_creds *impersonate_creds;
- krb5_get_init_creds_opt *init_options;
krb5_get_creds_opt options;
- if ((code = krb5_get_init_creds_opt_alloc(ctx, &init_options))) {
- return code;
- }
-
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, init_options);
-
/* If we are not impersonating, then get this ticket for the
* target service, otherwise a krbtgt, and get the next ticket
* for the target */
@@ -117,19 +102,16 @@
NULL, NULL,
0,
impersonate_principal ? NULL : target_service,
- init_options))) {
- krb5_get_init_creds_opt_free(ctx, init_options);
+ krb_options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
- krb5_get_init_creds_opt_free(ctx, init_options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
- krb5_get_init_creds_opt_free(ctx, init_options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -142,7 +124,6 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
- krb5_get_init_creds_opt_free(ctx, init_options);
krb5_free_cred_contents(ctx, &my_creds);
if (code == 0 && impersonate_principal) {
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index b4422b5..b58014f 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -94,11 +94,13 @@ bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_tick
krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
krb5_principal principal, const char *password,
krb5_principal impersonate_principal, const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
time_t *expire_time, time_t *kdc_time);
krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
- krb5_principal principal, krb5_keyblock *keyblock,
- const char *target_service,
- time_t *expire_time, time_t *kdc_time);
+ krb5_principal principal, krb5_keyblock *keyblock,
+ const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
+ time_t *expire_time, time_t *kdc_time);
krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
krb5_principal host_princ,
int enctype);
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 30e43f0..8b533f6 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -200,6 +200,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
krb5_principal impersonate_principal;
int tries;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+ krb5_get_init_creds_opt *krb_options;
if (!mem_ctx) {
(*error_string) = strerror(ENOMEM);
@@ -222,12 +223,37 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
password = cli_credentials_get_password(credentials);
+ /* setup the krb5 options we want */
+ if ((ret = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context, &krb_options))) {
+ (*error_string) = talloc_asprintf(credentials, "krb5_get_init_creds_opt_alloc failed (%s)\n",
+ smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+ ret, mem_ctx));
+ talloc_free(mem_ctx);
+ return ret;
+ }
+
+ /* get the defaults */
+ krb5_get_init_creds_opt_set_default_flags(smb_krb5_context->krb5_context, NULL, NULL, krb_options);
+
+ /* set if we want a forwardable ticket */
+ switch (cli_credentials_get_krb_forwardable(credentials)) {
+ case CRED_AUTO_KRB_FORWARDABLE:
+ break;
+ case CRED_NO_KRB_FORWARDABLE:
+ krb5_get_init_creds_opt_set_forwardable(krb_options, FALSE);
+ break;
+ case CRED_FORCE_KRB_FORWARDABLE:
+ krb5_get_init_creds_opt_set_forwardable(krb_options, TRUE);
+ break;
+ }
+
tries = 2;
while (tries--) {
if (password) {
ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache,
princ, password,
impersonate_principal, target_service,
+ krb_options,
NULL, &kdc_time);
} else if (impersonate_principal) {
(*error_string) = "INTERNAL error: Cannot impersonate principal with just a keyblock. A password must be specified in the credentials";
@@ -241,6 +267,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
if (!mach_pwd) {
talloc_free(mem_ctx);
(*error_string) = "kinit_to_ccache: No password available for kinit\n";
+ krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
return EINVAL;
}
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
@@ -251,7 +278,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
if (ret == 0) {
ret = kerberos_kinit_keyblock_cc(smb_krb5_context->krb5_context, ccache,
princ, &keyblock,
- target_service,
+ target_service, krb_options,
NULL, &kdc_time);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &keyblock);
}
@@ -267,6 +294,8 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
}
}
+ krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+
if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
(*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
cli_credentials_get_principal(credentials, mem_ctx),
@@ -291,6 +320,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
ccache, obtained,
error_string);
}
+
if (ret) {
(*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
cli_credentials_get_principal(credentials, mem_ctx),
diff --git a/source4/dsdb/repl/drepl_replica.c b/source4/dsdb/repl/drepl_replica.c
new file mode 100644
index 0000000..2f344a4
--- /dev/null
+++ b/source4/dsdb/repl/drepl_replica.c
@@ -0,0 +1,59 @@
+/*
+ Unix SMB/CIFS mplementation.
+
+ DSDB replication service - DsReplica{Add,Del,Mod} handling
+
+ Copyright (C) Andrew Tridgell 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "smbd/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+
+/*
+ implement DsReplicaAdd (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_add(struct dreplsrv_service *service,
+ struct drsuapi_DsReplicaAdd *r)
+{
+ NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaAdd, NDR_IN, r);
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ implement DsReplicaDel (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_del(struct dreplsrv_service *service,
+ struct drsuapi_DsReplicaDel *r)
+{
+ NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaDel, NDR_IN, r);
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+ implement DsReplicaMod (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_mod(struct dreplsrv_service *service,
+ struct drsuapi_DsReplicaMod *r)
+{
+ NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaMod, NDR_IN, r);
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c
index c4ad6d8..e122d0a 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -377,6 +377,40 @@ static NTSTATUS drepl_trigger_repl_secret(struct irpc_message *msg,
/*
+ DsReplicaAdd messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_add(struct irpc_message *msg,
+ struct drsuapi_DsReplicaAdd *r)
+{
+ struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+ struct dreplsrv_service);
+ return drepl_replica_add(service, r);
+}
+
+/*
+ DsReplicaDel messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_del(struct irpc_message *msg,
+ struct drsuapi_DsReplicaDel *r)
+{
+ struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+ struct dreplsrv_service);
+ return drepl_replica_del(service, r);
+}
+
+/*
+ DsReplicaMod messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_mod(struct irpc_message *msg,
+ struct drsuapi_DsReplicaMod *r)
+{
+ struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+ struct dreplsrv_service);
+ return drepl_replica_mod(service, r);
+}
+
+
+/*
startup the dsdb replicator service task
*/
static void dreplsrv_task_init(struct task_server *task)
@@ -462,6 +496,9 @@ static void dreplsrv_task_init(struct task_server *task)
IRPC_REGISTER(task->msg_ctx, irpc, DREPLSRV_REFRESH, dreplsrv_refresh, service);
IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service);
+ IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAADD, dreplsrv_replica_add, service);
+ IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICADEL, dreplsrv_replica_del, service);
+ IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAMOD, dreplsrv_replica_mod, service);
IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TAKEFSMOROLE, drepl_take_FSMO_role, service);
IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TRIGGER_REPL_SECRET, drepl_trigger_repl_secret, service);
messaging_register(task->msg_ctx, service, MSG_DREPL_ALLOCATE_RID, dreplsrv_allocate_rid);
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
index 615fd10..3c2742d 100644
--- a/source4/dsdb/wscript_build
+++ b/source4/dsdb/wscript_build
@@ -25,7 +25,7 @@ bld.SAMBA_SUBSYSTEM('SAMDB_SCHEMA',
bld.SAMBA_MODULE('DREPL_SRV',
- source='repl/drepl_service.c repl/drepl_periodic.c repl/drepl_partitions.c repl/drepl_out_pull.c repl/drepl_out_helpers.c repl/drepl_notify.c repl/drepl_ridalloc.c repl/drepl_extended.c repl/drepl_fsmo.c repl/drepl_secret.c',
+ source='repl/drepl_service.c repl/drepl_periodic.c repl/drepl_partitions.c repl/drepl_out_pull.c repl/drepl_out_helpers.c repl/drepl_notify.c repl/drepl_ridalloc.c repl/drepl_extended.c repl/drepl_fsmo.c repl/drepl_secret.c repl/drepl_replica.c',
autoproto='repl/drepl_service_proto.h',
subsystem='service',
init_function='server_service_drepl_init',
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 9d388b2..16c19cd 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -304,7 +304,20 @@ static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, T
static WERROR dcesrv_drsuapi_DsReplicaAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaAdd *r)
{
- DRSUAPI_UNSUPPORTED(drsuapi_DsReplicaAdd);
+ WERROR status;
+
+ status = drs_security_level_check(dce_call, "DsReplicaAdd", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+ r, NDR_DRSUAPI_DSREPLICAADD,
+ &ndr_table_drsuapi,
+ "dreplsrv", "DsReplicaAdd",
+ IRPC_CALL_TIMEOUT);
+
+ return WERR_OK;
}
@@ -314,7 +327,20 @@ static WERROR dcesrv_drsuapi_DsReplicaAdd(struct dcesrv_call_state *dce_call, TA
static WERROR dcesrv_drsuapi_DsReplicaDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaDel *r)
{
- DRSUAPI_UNSUPPORTED(drsuapi_DsReplicaDel);
+ WERROR status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list