[SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Thu Apr 19 04:34:02 MDT 2012
The branch, master has been updated
via cf39ef3 s4-kcc: avoid a false alarm with rodc
via 89cb1a4 samba_spnupdate: don't try to register DNS related SPN if we are not mastering the NC
from 9ce9389 s3: Fix a "ISO C90 forbids mixed declarations and code"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cf39ef363782dae8d9b73bb249f2321c924c1dc8
Author: Matthieu Patou <mat at matws.net>
Date: Thu Apr 19 01:51:24 2012 -0700
s4-kcc: avoid a false alarm with rodc
Autobuild-User: Matthieu Patou <mat at samba.org>
Autobuild-Date: Thu Apr 19 12:32:58 CEST 2012 on sn-devel-104
commit 89cb1a46760b2f95abdf832f0db713f1c979caf8
Author: Matthieu Patou <mat at matws.net>
Date: Thu Apr 19 01:44:14 2012 -0700
samba_spnupdate: don't try to register DNS related SPN if we are not mastering the NC
For RW DC the impact is pretty small but for RODC the whole SPN set is
rejected by the target DC as RODC hasn't the right to register DNS SPN
if it is not mastering this NC.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/kcc/kcc_periodic.c | 7 +++++++
source4/scripting/bin/samba_spnupdate | 25 ++++++++++++++++++++++++-
2 files changed, 31 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index f4374d2..e379230 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -436,6 +436,13 @@ static int kccsrv_gc_update(struct kccsrv_service *s, struct ldb_result *res)
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
+
+ if (s->am_rodc) {
+ DEBUG(5, ("%d partial replica should be added but we are RODC so we skip\n", msg->num_elements));
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+
msg->elements[0].flags = LDB_FLAG_MOD_ADD;
ret = dsdb_modify(s->samdb, msg, 0);
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
index 52a51d8..69406a8 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -3,6 +3,7 @@
# update our servicePrincipalName names from spn_update_list
#
# Copyright (C) Andrew Tridgell 2010
+# Copyright (C) Matthieu Patou <mat at matws.net> 2012
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,7 +19,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import os, sys
+import os, sys, re
# ensure we get messages out immediately, so they get in the samba logs,
# and don't get swallowed by a timeout
@@ -120,11 +121,31 @@ file = open(spn_update_list, "r")
spn_list = []
+has_forest_dns = False
+has_domain_dns = False
+# check if we "are DNS server"
+res = samdb.search(base=samdb.get_config_basedn(),
+ expression='(objectguid=%s)' % sub_vars['NTDSGUID'],
+ attrs=["msDS-hasMasterNCs"])
+
+basedn = str(samdb.get_default_basedn())
+if len(res) == 1:
+ for e in res[0]["msDS-hasMasterNCs"]:
+ if str(e) == "DC=DomainDnsZones,%s" % basedn:
+ has_domain_dns = True
+ if str(e) == "DC=ForestDnsZones,%s" % basedn:
+ has_forest_dns = True
+
+
# build the spn list
for line in file:
line = line.strip()
if line == '' or line[0] == "#":
continue
+ if re.match(r".*/DomainDnsZones\..*", line) and not has_domain_dns:
+ continue
+ if re.match(r".*/ForestDnsZones\..*", line) and not has_forest_dns:
+ continue
line = samba.substitute_var(line, sub_vars)
spn_list.append(line)
@@ -221,6 +242,8 @@ def call_rodc_update(d):
return
req1.spn_names = spn_names
(level, res) = drs.DsWriteAccountSpn(drs_handle, 1, req1)
+ if (res.status != (0, 'WERR_OK')):
+ print "WriteAccountSpn has failed with error %s" % str(res.status)
if samdb.am_rodc():
call_rodc_update(add_list)
--
Samba Shared Repository
More information about the samba-cvs
mailing list