[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Sep 30 16:26:02 MDT 2010
The branch, master has been updated
via 6a029cd autobuild: push of ref/notes/commits isn't allowed in master
via 176ecce s4-provision: wipe the old keytabs when provisioning
via 67a0461 s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
via 75a542a s4-drs: put the GCSPN flag into the repsTo if requested
via 87f67d3 s4-libnet: wipe the old keytab when exporting
via 57f6770 s4-dsdb: silence the domainFunctionality not setup warning
from e90b964 autobuild: added much better email reporting
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6a029cd9ca662863724920030bb3a325cee28691
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 14:42:02 2010 -0700
autobuild: push of ref/notes/commits isn't allowed in master
metze may enable this later
Autobuild-User: Andrew Tridgell <tridge at samba.org>
Autobuild-Date: Thu Sep 30 22:25:02 UTC 2010 on sn-devel-104
commit 176ecce9a661c9145620c3f7af9d13025ed0616c
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 12:45:00 2010 -0700
s4-provision: wipe the old keytabs when provisioning
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 67a04613e9106f9ab6c014c57a971d75854908f7
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 12:44:39 2010 -0700
s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
we need to fetch the msDS-keyVersionNumber from the writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 75a542a1d93f6f015d866a01d25d5978e9b32583
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 12:43:45 2010 -0700
s4-drs: put the GCSPN flag into the repsTo if requested
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 87f67d336919172845f53067c67d1eab8e7ef18a
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 12:43:14 2010 -0700
s4-libnet: wipe the old keytab when exporting
this prevents confusion with old keytab entries
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 57f67701a694b03f7c227c0f58729bf6d3733bbc
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 12:42:35 2010 -0700
s4-dsdb: silence the domainFunctionality not setup warning
-----------------------------------------------------------------------
Summary of changes:
script/autobuild.py | 4 +++-
source4/dsdb/common/util.c | 3 ++-
source4/libnet/libnet_export_keytab.c | 2 ++
source4/rpc_server/drsuapi/getncchanges.c | 6 ++++++
source4/rpc_server/drsuapi/updaterefs.c | 2 ++
source4/scripting/python/samba/join.py | 7 +++++--
source4/scripting/python/samba/provision.py | 20 ++++++++++++++++----
source4/scripting/python/samba/tests/provision.py | 16 +++++++++++++---
8 files changed, 49 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/autobuild.py b/script/autobuild.py
index 62cef69..f1e29a7 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -270,7 +270,9 @@ def rebase_tree(url):
def push_to(url):
print("Pushing to %s" % url)
if options.mark:
- run_cmd("EDITOR=script/commit_mark.sh git notes edit HEAD", dir=test_master)
+ run_cmd("EDITOR=script/commit_mark.sh git commit --amend -c HEAD", dir=test_master)
+ # the notes method doesn't work yet, as metze hasn't allowed refs/notes/* in master
+ # run_cmd("EDITOR=script/commit_mark.sh git notes edit HEAD", dir=test_master)
run_cmd("git remote add -t master pushto %s" % url, show=True, dir=test_master)
run_cmd("git push pushto +HEAD:master", show=True, dir=test_master)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index a5d0f60..3259eab 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3059,7 +3059,8 @@ int dsdb_functional_level(struct ldb_context *ldb)
int *domainFunctionality =
talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
if (!domainFunctionality) {
- DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n"));
+ /* this is expected during initial provision */
+ DEBUG(4,(__location__ ": WARNING: domainFunctionality not setup\n"));
return DS_DOMAIN_FUNCTION_2000;
}
return *domainFunctionality;
diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c
index f7ab88f..e8a0a13 100644
--- a/source4/libnet/libnet_export_keytab.c
+++ b/source4/libnet/libnet_export_keytab.c
@@ -45,6 +45,8 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
return NT_STATUS_NO_MEMORY;
}
+ unlink(r->in.keytab_name);
+
ret = kt_copy(smb_krb5_context->krb5_context, from_keytab, r->in.keytab_name);
if(ret) {
r->out.error_string = smb_get_krb5_error_message(smb_krb5_context->krb5_context,
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index c04a8c7..54b0430 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1589,6 +1589,12 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
ureq.options = DRSUAPI_DRS_ADD_REF |
DRSUAPI_DRS_ASYNC_OP |
DRSUAPI_DRS_GETCHG_CHECK;
+
+ /* we also need to pass through the
+ DRSUAPI_DRS_REF_GCSPN bit so that repsTo gets flagged
+ to send notifies using the GC SPN */
+ ureq.options |= (req10->replica_flags & DRSUAPI_DRS_REF_GCSPN);
+
werr = drsuapi_UpdateRefs(b_state, mem_ctx, &ureq);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,(__location__ ": Failed UpdateRefs in DsGetNCChanges - %s\n",
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index d628388..a089586 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -66,6 +66,8 @@ static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(reps.r[reps.count]);
reps.r[reps.count].version = 1;
reps.r[reps.count].ctr.ctr1 = *dest;
+ /* add the GCSPN flag if the client asked for it */
+ reps.r[reps.count].ctr.ctr1.replica_flags |= (options & DRSUAPI_DRS_REF_GCSPN);
reps.count++;
werr = dsdb_savereps(sam_ctx, mem_ctx, dn, "repsTo", reps.r, reps.count);
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 34f3ebb..6cd18b4 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -119,7 +119,7 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None,
"useraccountcontrol" : str(samba.dsdb.UF_NORMAL_ACCOUNT |
samba.dsdb.UF_ACCOUNTDISABLE),
"showinadvancedviewonly" : "TRUE",
- "description" : "tricky account"}
+ "description" : "krbtgt for %s" % ctx.samname}
ctx.samdb.add(rec, ["rodc_join:1:1"])
# now we need to search for the samAccountName attribute on the krbtgt DN,
@@ -210,6 +210,8 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None,
ctx.acct_pass,
force_change_at_next_login=False,
username=ctx.samname)
+ res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"])
+ ctx.key_version_number = res[0]["msDS-keyVersionNumber"]
def join_provision(ctx):
@@ -281,7 +283,8 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None,
netbiosname=ctx.myname,
domainsid=security.dom_sid(ctx.domsid),
machinepass=ctx.acct_pass,
- secure_channel_type=misc.SEC_CHAN_RODC)
+ secure_channel_type=misc.SEC_CHAN_RODC,
+ key_version_number=ctx.key_version_number)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 9e22d58..1d0abf4 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -389,6 +389,7 @@ def provision_paths_from_lp(lp, dnsdomain):
# This is stored without path prefix for the "privateKeytab" attribute in
# "secrets_dns.ldif".
paths.dns_keytab = "dns.keytab"
+ paths.keytab = "secrets.keytab"
paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
@@ -781,7 +782,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
})
-def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
+def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
"""Setup the secrets database.
:note: This function does not handle exceptions and transaction on purpose,
@@ -794,8 +795,19 @@ def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
:param lp: Loadparm context
:return: LDB handle for the created secrets database
"""
- if os.path.exists(path):
- os.unlink(path)
+ if os.path.exists(paths.secrets):
+ os.unlink(paths.secrets)
+
+ keytab_path = os.path.join(paths.private_dir, paths.keytab)
+ if os.path.exists(keytab_path):
+ os.unlink(keytab_path)
+
+ dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ if os.path.exists(dns_keytab_path):
+ os.unlink(dns_keytab_path)
+
+ path = paths.secrets
+
secrets_ldb = Ldb(path, session_info=session_info,
lp=lp)
secrets_ldb.erase()
@@ -1513,7 +1525,7 @@ def provision(setup_dir, logger, session_info,
share_ldb.load_ldif_file_add(setup_path("share.ldif"))
logger.info("Setting up secrets.ldb")
- secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
+ secrets_ldb = setup_secretsdb(paths, setup_path,
session_info=session_info,
backend_credentials=provision_backend.secrets_credentials, lp=lp)
diff --git a/source4/scripting/python/samba/tests/provision.py b/source4/scripting/python/samba/tests/provision.py
index 37b256a..58bb030 100644
--- a/source4/scripting/python/samba/tests/provision.py
+++ b/source4/scripting/python/samba/tests/provision.py
@@ -18,7 +18,7 @@
#
import os
-from samba.provision import setup_secretsdb, findnss
+from samba.provision import setup_secretsdb, findnss, ProvisionPaths
import samba.tests
from samba.tests import env_loadparm, TestCase
@@ -36,7 +36,12 @@ def create_dummy_secretsdb(path, lp=None):
"""
if lp is None:
lp = env_loadparm()
- secrets_ldb = setup_secretsdb(path, setup_path, None, None, lp=lp)
+ paths = ProvisionPaths()
+ paths.secrets = path
+ paths.private_dir = os.path.dirname(path)
+ paths.keytab = "no.keytab"
+ paths.dns_keytab = "no.dns.keytab"
+ secrets_ldb = setup_secretsdb(paths, setup_path, None, None, lp=lp)
secrets_ldb.transaction_commit()
return secrets_ldb
@@ -47,7 +52,12 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
def test_setup_secretsdb(self):
path = os.path.join(self.tempdir, "secrets.ldb")
- ldb = setup_secretsdb(path, setup_path, None, None, lp=env_loadparm())
+ paths = ProvisionPaths()
+ paths.secrets = path
+ paths.private_dir = os.path.dirname(path)
+ paths.keytab = "no.keytab"
+ paths.dns_keytab = "no.dns.keytab"
+ ldb = setup_secretsdb(paths, setup_path, None, None, lp=env_loadparm())
try:
self.assertEquals("LSA Secrets",
ldb.searchone(basedn="CN=LSA Secrets", attribute="CN"))
--
Samba Shared Repository
More information about the samba-cvs
mailing list