[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Sat Sep 27 14:10:04 MDT 2014


The branch, master has been updated
       via  85437d7 samba_dnsupdate: Look for ForestDnsZones in the right place
       via  270f7b3 s3:passdb: add pdb_get_trust_credentials()
       via  354f146 acl: Fix typo: structrual -> structural
       via  5ae9ada dsdb: Be less verbose when announcing kcc is being invoked.
      from  e3a796f s3:torture: in LOCAL-MESSAGING-FDPASS2, close fds after passing them

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 85437d742612df88f1a20e8a2844a1cc9a5100c9
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Sep 25 15:42:16 2014 -0700

    samba_dnsupdate: Look for ForestDnsZones in the right place
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Sat Sep 27 22:09:29 CEST 2014 on sn-devel-104

commit 270f7b3441963904412aaf5594983f46caace59b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Aug 7 16:34:28 2013 +0200

    s3:passdb: add pdb_get_trust_credentials()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Pair-programmed-with: Andrew Bartlett <abartlet at samba.org>

commit 354f1461b43e60068f826d0a77d281e789a5c249
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Sep 27 16:42:38 2014 +0200

    acl: Fix typo: structrual -> structural
    
    Change-Id: I859f62042e16d146ab4cb1490ab725d2bfa06db1
    Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 5ae9ada3a8708b0b64587640b7ff7ab1c04b29b7
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sat Sep 27 16:28:27 2014 +0200

    dsdb: Be less verbose when announcing kcc is being invoked.
    
    Change-Id: I94ab7d92e7e4f4311f0b20b1072c3ad05155d068
    Signed-Off-By: Jelmer Vernooij <jelmer at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/include/passdb.h                           |    5 +
 .../passdb/ABI/{pdb-0.1.1.sigs => pdb-0.1.2.sigs}  |    1 +
 source3/passdb/ABI/pdb-0.sigs                      |   13 +-
 source3/passdb/passdb.c                            |  252 ++++++++++++++++++--
 source3/wscript_build                              |    4 +-
 source4/dsdb/kcc/kcc_periodic.c                    |    2 +-
 source4/dsdb/samdb/ldb_modules/acl.c               |    2 +-
 source4/scripting/bin/samba_dnsupdate              |    4 +-
 8 files changed, 256 insertions(+), 27 deletions(-)
 copy source3/passdb/ABI/{pdb-0.1.1.sigs => pdb-0.1.2.sigs} (99%)


Changeset truncated at 500 lines:

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index f991808..86cb16e 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -715,6 +715,11 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
 		       const char **account_name,
 		       enum netr_SchannelType *channel);
+struct cli_credentials;
+NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
+				   const char *dns_domain, /* optional */
+				   TALLOC_CTX *mem_ctx,
+				   struct cli_credentials **_creds);
 
 /* The following definitions come from passdb/pdb_compat.c  */
 
diff --git a/source3/passdb/ABI/pdb-0.1.1.sigs b/source3/passdb/ABI/pdb-0.1.2.sigs
similarity index 99%
copy from source3/passdb/ABI/pdb-0.1.1.sigs
copy to source3/passdb/ABI/pdb-0.1.2.sigs
index 99f9605..8b97bac 100644
--- a/source3/passdb/ABI/pdb-0.1.1.sigs
+++ b/source3/passdb/ABI/pdb-0.1.2.sigs
@@ -157,6 +157,7 @@ pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
 pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
 pdb_get_seq_num: bool (time_t *)
 pdb_get_tevent_context: struct tevent_context *(void)
+pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **)
 pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
 pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
 pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
diff --git a/source3/passdb/ABI/pdb-0.sigs b/source3/passdb/ABI/pdb-0.sigs
index ccb371b..e6e3f73 100644
--- a/source3/passdb/ABI/pdb-0.sigs
+++ b/source3/passdb/ABI/pdb-0.sigs
@@ -19,7 +19,6 @@ algorithmic_rid_base: int (void)
 builtin_domain_name: const char *(void)
 cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
 cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
-pdb_create_builtin: NTSTATUS (uint32_t)
 create_builtin_administrators: NTSTATUS (const struct dom_sid *)
 create_builtin_users: NTSTATUS (const struct dom_sid *)
 decode_account_policy_name: const char *(enum pdb_policy_type)
@@ -74,6 +73,7 @@ pdb_build_fields_present: uint32_t (struct samu *)
 pdb_capabilities: uint32_t (void)
 pdb_copy_sam_account: bool (struct samu *, struct samu *)
 pdb_create_alias: NTSTATUS (const char *, uint32_t *)
+pdb_create_builtin: NTSTATUS (uint32_t)
 pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
 pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
 pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
@@ -91,11 +91,6 @@ pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid
 pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
 pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
 pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
-pdb_is_responsible_for_our_sam: bool (void)
-pdb_is_responsible_for_builtin: bool (void)
-pdb_is_responsible_for_wellknown: bool (void)
-pdb_is_responsible_for_unix_users: bool (void)
-pdb_is_responsible_for_unix_groups: bool (void)
 pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
 pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
 pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
@@ -162,6 +157,7 @@ pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
 pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
 pdb_get_seq_num: bool (time_t *)
 pdb_get_tevent_context: struct tevent_context *(void)
+pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **)
 pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
 pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
 pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
@@ -181,6 +177,11 @@ pdb_gid_to_sid: bool (gid_t, struct dom_sid *)
 pdb_group_rid_to_gid: gid_t (uint32_t)
 pdb_increment_bad_password_count: bool (struct samu *)
 pdb_is_password_change_time_max: bool (time_t)
+pdb_is_responsible_for_builtin: bool (void)
+pdb_is_responsible_for_our_sam: bool (void)
+pdb_is_responsible_for_unix_groups: bool (void)
+pdb_is_responsible_for_unix_users: bool (void)
+pdb_is_responsible_for_wellknown: bool (void)
 pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
 pdb_new_rid: bool (uint32_t *)
 pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 8cf592c..70d8626 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -30,6 +30,8 @@
 #include "../libcli/security/security.h"
 #include "../lib/util/util_pw.h"
 #include "util_tdb.h"
+#include "auth/credentials/credentials.h"
+#include "lib/param/param.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -2298,13 +2300,26 @@ bool is_dc_trusted_domain_situation(const char *domain_name)
  Caller must free password, but not account_name.
 *******************************************************************/
 
-bool get_trust_pw_clear(const char *domain, char **ret_pwd,
-			const char **account_name,
-			enum netr_SchannelType *channel)
+static bool get_trust_pw_clear2(const char *domain,
+				const char **account_name,
+				enum netr_SchannelType *channel,
+				char **cur_pw,
+				time_t *_last_set_time,
+				char **prev_pw)
 {
 	char *pwd;
 	time_t last_set_time;
 
+	if (cur_pw != NULL) {
+		*cur_pw = NULL;
+	}
+	if (_last_set_time != NULL) {
+		*_last_set_time = 0;
+	}
+	if (prev_pw != NULL) {
+		*prev_pw = NULL;
+	}
+
 	/* if we are a DC and this is not our domain, then lookup an account
 	 * for the domain trust */
 
@@ -2313,7 +2328,7 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 			return false;
 		}
 
-		if (!pdb_get_trusteddom_pw(domain, ret_pwd, NULL,
+		if (!pdb_get_trusteddom_pw(domain, cur_pw, NULL,
 					   &last_set_time))
 		{
 			DEBUG(0, ("get_trust_pw: could not fetch trust "
@@ -2330,6 +2345,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 			*account_name = lp_workgroup();
 		}
 
+		if (_last_set_time != NULL) {
+			*_last_set_time = last_set_time;
+		}
+
 		return true;
 	}
 
@@ -2353,34 +2372,98 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 	pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
 
 	if (pwd != NULL) {
-		*ret_pwd = pwd;
+		struct timeval expire;
+
+		*cur_pw = pwd;
+
 		if (account_name != NULL) {
 			*account_name = lp_netbios_name();
 		}
 
+		if (_last_set_time != NULL) {
+			*_last_set_time = last_set_time;
+		}
+
+		if (prev_pw == NULL) {
+			return true;
+		}
+
+		ZERO_STRUCT(expire);
+		expire.tv_sec = lp_machine_password_timeout();
+		expire.tv_sec /= 2;
+		expire.tv_sec += last_set_time;
+		if (timeval_expired(&expire)) {
+			return true;
+		}
+
+		pwd = secrets_fetch_prev_machine_password(lp_workgroup());
+		if (pwd != NULL) {
+			*prev_pw = pwd;
+		}
+
 		return true;
 	}
 
-	DEBUG(5, ("get_trust_pw_clear: could not fetch clear text trust "
+	DEBUG(5, ("get_trust_pw_clear2: could not fetch clear text trust "
 		  "account password for domain %s\n", domain));
 	return false;
 }
 
+bool get_trust_pw_clear(const char *domain, char **ret_pwd,
+			const char **account_name,
+			enum netr_SchannelType *channel)
+{
+	return get_trust_pw_clear2(domain,
+				   account_name,
+				   channel,
+				   ret_pwd,
+				   NULL,
+				   NULL);
+}
+
 /*******************************************************************
  Wrapper around retrieving the trust account password.
  appropriate account name is stored in account_name.
 *******************************************************************/
 
-bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
-		       const char **account_name,
-		       enum netr_SchannelType *channel)
+static bool get_trust_pw_hash2(const char *domain,
+			       const char **account_name,
+			       enum netr_SchannelType *channel,
+			       struct samr_Password *current_nt_hash,
+			       time_t *last_set_time,
+			       struct samr_Password **_previous_nt_hash)
 {
-	char *pwd = NULL;
-	time_t last_set_time;
+	char *cur_pw = NULL;
+	char *prev_pw = NULL;
+	char **_prev_pw = NULL;
+	bool ok;
+
+	if (_previous_nt_hash != NULL) {
+		*_previous_nt_hash = NULL;
+		_prev_pw = &prev_pw;
+	}
 
-	if (get_trust_pw_clear(domain, &pwd, account_name, channel)) {
-		E_md4hash(pwd, ret_pwd);
-		SAFE_FREE(pwd);
+	ok = get_trust_pw_clear2(domain, account_name, channel,
+				 &cur_pw, last_set_time, _prev_pw);
+	if (ok) {
+		struct samr_Password *previous_nt_hash = NULL;
+
+		E_md4hash(cur_pw, current_nt_hash->hash);
+		SAFE_FREE(cur_pw);
+
+		if (prev_pw == NULL) {
+			return true;
+		}
+
+		previous_nt_hash = SMB_MALLOC_P(struct samr_Password);
+		if (previous_nt_hash == NULL) {
+			return false;
+		}
+
+		E_md4hash(prev_pw, previous_nt_hash->hash);
+		SAFE_FREE(prev_pw);
+
+		*_previous_nt_hash = previous_nt_hash;
 		return true;
 	} else if (is_dc_trusted_domain_situation(domain)) {
 		return false;
@@ -2388,8 +2471,9 @@ bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
 
 	/* as a fallback, try to get the hashed pwd directly from the tdb... */
 
-	if (secrets_fetch_trust_account_password_legacy(domain, ret_pwd,
-							&last_set_time,
+	if (secrets_fetch_trust_account_password_legacy(domain,
+							current_nt_hash->hash,
+							last_set_time,
 							channel))
 	{
 		if (account_name != NULL) {
@@ -2403,3 +2487,139 @@ bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
 		"password for domain %s\n", domain));
 	return False;
 }
+
+bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16],
+		       const char **account_name,
+		       enum netr_SchannelType *channel)
+{
+	struct samr_Password current_nt_hash;
+	bool ok;
+
+	ok = get_trust_pw_hash2(domain, account_name, channel,
+				&current_nt_hash, NULL, NULL);
+	if (!ok) {
+		return false;
+	}
+
+	memcpy(ret_pwd, current_nt_hash.hash, sizeof(current_nt_hash.hash));
+	return true;
+}
+
+NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
+				   const char *dns_domain, /* optional */
+				   TALLOC_CTX *mem_ctx,
+				   struct cli_credentials **_creds)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+	struct loadparm_context *lp_ctx;
+	enum netr_SchannelType channel;
+	time_t last_set_time;
+	const char *_account_name;
+	const char *account_name;
+	char *cur_pw = NULL;
+	char *prev_pw = NULL;
+	struct samr_Password cur_nt_hash;
+	struct cli_credentials *creds = NULL;
+	struct pdb_get_trust_credentials_state *state = NULL;
+	bool ok;
+
+	ok = get_trust_pw_clear2(netbios_domain,
+				 &_account_name,
+				 &channel,
+				 &cur_pw,
+				 &last_set_time,
+				 &prev_pw);
+	if (!ok) {
+		ok = get_trust_pw_hash2(netbios_domain,
+					&_account_name,
+					&channel,
+					&cur_nt_hash,
+					&last_set_time,
+					NULL);
+		if (!ok) {
+			DEBUG(1, ("get_trust_pw_*2 failed for domain[%s]\n",
+				  netbios_domain));
+			status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+			goto fail;
+		}
+	}
+
+	account_name = talloc_asprintf(frame, "%s$", _account_name);
+	if (account_name == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
+	if (lp_ctx == NULL) {
+		DEBUG(1, ("loadparm_init_s3 failed\n"));
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto fail;
+	}
+
+	creds = cli_credentials_init(mem_ctx);
+	if (creds == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	cli_credentials_set_conf(creds, lp_ctx);
+
+	cli_credentials_set_secure_channel_type(creds, channel);
+	cli_credentials_set_password_last_changed_time(creds, last_set_time);
+
+	ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED);
+	if (!ok) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	if (dns_domain != NULL) {
+		ok = cli_credentials_set_realm(creds, dns_domain, CRED_SPECIFIED);
+		if (!ok) {
+			status = NT_STATUS_NO_MEMORY;
+			goto fail;
+		}
+	}
+
+	ok = cli_credentials_set_username(creds, account_name, CRED_SPECIFIED);
+	if (!ok) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	if (cur_pw == NULL) {
+		ok = cli_credentials_set_nt_hash(creds, &cur_nt_hash, CRED_SPECIFIED);
+		if (!ok) {
+			status = NT_STATUS_NO_MEMORY;
+			goto fail;
+		}
+		goto done;
+	}
+
+	ok = cli_credentials_set_password(creds, cur_pw, CRED_SPECIFIED);
+	if (!ok) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	if (prev_pw != NULL) {
+		ok = cli_credentials_set_old_password(creds, prev_pw, CRED_SPECIFIED);
+		if (!ok) {
+			status = NT_STATUS_NO_MEMORY;
+			goto fail;
+		}
+	}
+
+ done:
+	*_creds = creds;
+	creds = NULL;
+	status = NT_STATUS_OK;
+ fail:
+	TALLOC_FREE(creds);
+	SAFE_FREE(cur_pw);
+	SAFE_FREE(prev_pw);
+	TALLOC_FREE(frame);
+	return status;
+}
diff --git a/source3/wscript_build b/source3/wscript_build
index ca46dad..0038262 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -162,7 +162,7 @@ bld.SAMBA3_LIBRARY('pdb',
                    passdb/pdb_interface.c
                    passdb/pdb_secrets.c
                    passdb/pdb_unixid.c''',
-                   deps='secrets3 GROUPDB SERVER_MUTEX wbclient LIBCLI_AUTH flag_mapping',
+                   deps='secrets3 GROUPDB SERVER_MUTEX wbclient LIBCLI_AUTH flag_mapping samba-credentials',
                    private_library=False,
                    pc_files=[],
                    public_headers_install=True,
@@ -172,7 +172,7 @@ bld.SAMBA3_LIBRARY('pdb',
                    passdb/lookup_sid.h''',
                    abi_match=private_pdb_match,
                    abi_directory='passdb/ABI',
-                   vnum='0.1.1')
+                   vnum='0.1.2')
 
 bld.SAMBA3_LIBRARY('smbldaphelper',
                    source='passdb/pdb_ldap_schema.c passdb/pdb_ldap_util.c',
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index 34bae96..0e84e42 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -661,7 +661,7 @@ NTSTATUS kccsrv_samba_kcc(struct kccsrv_service *service,
 	/* kill any existing child */
 	TALLOC_FREE(service->periodic.subreq);
 
-	DEBUG(0,("Calling samba_kcc script\n"));
+	DEBUG(2, ("Calling samba_kcc script\n"));
 	service->periodic.subreq = samba_runcmd_send(service,
 					service->task->event_ctx,
 					timeval_current_ofs(40, 0),
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2ba57b7..e75fb2a 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -867,7 +867,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
 					     &objectclass->schemaIDGUID, req);
 	if (ret != LDB_SUCCESS) {
 		ldb_asprintf_errstring(ldb_module_get_ctx(module),
-				       "acl: unable to find or validate structrual objectClass on %s\n",
+				       "acl: unable to find or validate structural objectClass on %s\n",
 				       ldb_dn_get_linearized(req->op.add.message->dn));
 		return ret;
 	}
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 30d5608..181e67f 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -299,6 +299,8 @@ def get_subst_vars(samdb):
                     vars['IF_RWGC'] = ""
 
         basedn = str(samdb.get_default_basedn())
+        forestdn = str(samdb.get_root_basedn())
+
         if "msDS-hasMasterNCs" in res[0]:
             for e in res[0]["msDS-hasMasterNCs"]:
                 if str(e) == "DC=DomainDnsZones,%s" % basedn:
@@ -307,7 +309,7 @@ def get_subst_vars(samdb):
                         vars['IF_RODNS_DOMAIN'] = ""
                     else:
                         vars['IF_RWDNS_DOMAIN'] = ""
-                if str(e) == "DC=ForestDnsZones,%s" % basedn:
+                if str(e) == "DC=ForestDnsZones,%s" % forestdn:
                     vars['IF_DNS_FOREST'] = ""
                     if am_rodc:
                         vars['IF_RODNS_FOREST'] = ""


-- 
Samba Shared Repository


More information about the samba-cvs mailing list