[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Mon Sep 27 18:05:01 MDT 2010 

The branch, master has been updated
       via  6676142 s4-ildap: two more places that need talloc_reparent()
       via  396cdd6 s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
       via  8e1a3c8 s4-drs: make getncchanges debug less verbose
       via  8edf3d7 s4-dns: avoid search domains expansion in DNS resolver
       via  43d0c2e heimdal: avoid DNS search domain expansion
      from  48adfb2 samr: add three new ACB flags to IDL.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 66761423474edc9736a8a6eae6feaaf958d89d0e
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 27 15:03:44 2010 -0700

    s4-ildap: two more places that need talloc_reparent()
    
    these contexts can have references
    
    Autobuild-User: Andrew Tridgell <tridge at samba.org>
    Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104

commit 396cdd6343e12a1b3cdd2d4c3bbac37c5fc30330
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 27 14:56:04 2010 -0700

    s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
    
    log level 0 is excessive for this!

commit 8e1a3c8ccab0586e8244b511df95e6f22c49fa8b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 27 14:42:13 2010 -0700

    s4-drs: make getncchanges debug less verbose
    
    quieten make test a little

commit 8edf3d71318acdba73f7415ae2db7b7988e34029
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 27 14:34:43 2010 -0700

    s4-dns: avoid search domains expansion in DNS resolver
    
    add a '.' if the name contains a '.' already, but not at the end

commit 43d0c2e9ea71770aa87e74778c20908606cd55f8
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 27 14:34:06 2010 -0700

    heimdal: avoid DNS search domain expansion
    
    When you have a domain search list in resolv.conf, and one of the DNS
    servers for a searched domain is uncontactable then we would timeout
    resolving DNS names.
    
    Avoid this by adding a '.' to the hostname if the hostname already has
    a '.' in it, which we assume to mean it is fully qualified.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/kcc/kcc_topology.c           |    2 +-
 source4/heimdal/lib/krb5/krbhst.c         |   17 ++++++++++++++++-
 source4/lib/ldb/ldb_ildap/ldb_ildap.c     |    2 +-
 source4/libcli/ldap/ldap_bind.c           |    2 +-
 source4/libcli/resolve/dns_ex.c           |    8 ++++++++
 source4/rpc_server/drsuapi/getncchanges.c |    2 +-
 6 files changed, 28 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/kcc/kcc_topology.c b/source4/dsdb/kcc/kcc_topology.c
index fbf2885..9124fc7 100644
--- a/source4/dsdb/kcc/kcc_topology.c
+++ b/source4/dsdb/kcc/kcc_topology.c
@@ -3460,7 +3460,7 @@ NTSTATUS kcctpl_test(struct kccsrv_service *service)
 	struct GUID_list keep;
 	bool all_connected;
 
-	DEBUG(0, ("Testing kcctpl_create_intersite_connections\n"));
+	DEBUG(2, ("Testing kcctpl_create_intersite_connections\n"));
 	status = kcctpl_create_intersite_connections(service, tmp_ctx, &keep,
 						     &all_connected);
 	DEBUG(4, ("%s\n", nt_errstr(status)));
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 3bb00d2..4da3af2 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -370,9 +370,24 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
     int ret;
 
     if (host->ai == NULL) {
+	char *hostname_dot = NULL;
 	make_hints(&hints, host->proto);
 	snprintf (portstr, sizeof(portstr), "%d", host->port);
-	ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
+	if (strchr(host->hostname, '.') && 
+	    host->hostname[strlen(host->hostname)-1] != '.') {
+		/* avoid expansion of search domains from resolv.conf
+		   - these can be very slow if the DNS server is not up
+		   for the searched domain */
+		hostname_dot = malloc(strlen(host->hostname)+2);
+		if (hostname_dot) {
+			strcpy(hostname_dot, host->hostname);
+			hostname_dot[strlen(host->hostname)] = '.';
+			hostname_dot[strlen(host->hostname)+1] = 0;
+		}
+	}
+	ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai);
+	if (hostname_dot) 
+		free(hostname_dot);
 	if (ret)
 	    return krb5_eai_to_heim_errno(ret, errno);
     }
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 044f91b..98e98a8 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -409,7 +409,7 @@ static int ildb_request_send(struct ildb_context *ac, struct ldap_message *msg)
 		ldb_set_errstring(ldb, "async send request failed");
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
-	ac->ireq = talloc_steal(ac, req);
+	ac->ireq = talloc_reparent(ac->ildb->ldap, ac, req);
 
 	if (!ac->ireq->conn) {
 		ldb_set_errstring(ldb, "connection to remote LDAP server dropped?");
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 5a2635a..6565979 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -352,7 +352,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
 			status = NT_STATUS_NO_MEMORY;
 			goto failed;
 		}
-		talloc_steal(tmp_ctx, req);
+		talloc_reparent(conn, tmp_ctx, req);
 
 		status = ldap_result_n(req, 0, &response);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 76dd103..711eb0a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -92,6 +92,14 @@ static void run_child_dns_lookup(struct dns_ex_state *state, int fd)
 	uint32_t i;
 	bool do_srv = (state->flags & RESOLVE_NAME_FLAG_DNS_SRV);
 
+	if (strchr(state->name.name, '.') && state->name.name[strlen(state->name.name)-1] != '.') {
+		/* we are asking for a fully qualified name, but the
+		   name doesn't end in a '.'. We need to prevent the
+		   DNS library trying the search domains configured in
+		   resolv.conf */
+		state->name.name = talloc_strdup_append(state->name.name, ".");
+	}
+
 	/* this is the blocking call we are going to lots of trouble
 	   to avoid in the parent */
 	reply = rk_dns_lookup(state->name.name, do_srv?"SRV":"A");
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 204297d..36d74f4 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1260,7 +1260,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 			search_dn = getnc_state->ncRoot_dn;
 		}
 
-		DEBUG(1,(__location__ ": getncchanges on %s using filter %s\n",
+		DEBUG(2,(__location__ ": getncchanges on %s using filter %s\n",
 			 ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter));
 		ret = drsuapi_search_with_extended_dn(sam_ctx, getnc_state, &getnc_state->site_res,
 						      search_dn, scope, attrs,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list