[SCM] Samba Shared Repository - branch v4-6-stable updated
Karolin Seeger
kseeger at samba.org
Tue Feb 14 12:32:50 UTC 2017
The branch, v4-6-stable has been updated
via a7d9079 VERSION: Disable git snapshots for the 4.6.0rc3 release.
via 2b256a7 WHATSNEW: Add release notes for Samba 4.6.0rc3.
via 96f439d waf: Do not install the unit test binary for krb5samba
via 6e6cf90 s4:tests/sec_descriptor: use more unique oid values
via b641595 ctdb-build: Install CTDB tests correctly from toplevel
via 612a3be s3: VFS: Don't allow symlink, link or rename on already converted paths.
via a52e728 s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
via d5b1ef7 s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
via 5caa093 s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
via bc44e33 s3: VFS: Add utility function check_for_converted_path().
via fc6845f s3: VFS: Ensure shadow:format cannot contain a / path separator.
via 805a7e3 s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
via 2caa219 s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
via d45ee17 s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
via 7ed2e5c s3: VFS: shadow_copy2: Change a parameter name.
via fa24756 s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
via 5f0ded3 s3: VFS: shadow_copy2: Add two new variables to the private data. Not yet used.
via 5377a0b s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
via 28bd3b7 s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
via ba1091c s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
via 8d5bb11 s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
via d3446cd s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
via 0cb108f s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
via 747da44 s3: lib: Add canonicalize_absolute_path().
via 10e63a1 s3: smbd: Correctly canonicalize any incoming shadow copy path.
via 3ebe6e4 waf: backport finding of pkg-config
via c290e63 torture/drs: expand test for DRSUAPI_DRS_GET_ANC
via f0f6c6e getncchanges: implement DRSUAPI_DRS_GET_ANC more correctly
via 616767e getncchanges: calculate getnc_state->min_usn calculation based on the uptodateness vector
via 5983215 getncchanges: improve get_nc_changes_add_links() by checking uSNChanged
via be30185 getncchanges: improve get_nc_changes_build_object() by checking uSNChanged
via 8bf05d4 getncchanges: fix highest_usn off by one calculation in get_nc_changes_add_links()
via e958fcc getncchanges: remove unused c++ comments/code in getncchanges_collect_objects()
via 8d65efb getncchanges: do not replicate links for non critical objects if DRSUAPI_DRS_CRITICAL_ONLY is set
via bf69e32 getncchanges: don't process DRSUAPI_DRS_CRITICAL_ONLY for EXOPs
via 1f3a081 getncchanges: remember the ncRoot_guid on the getncchanges state
via 200b298 getncchanges: pass struct ldb_message as const
via b7deef9 getncchanges: only set nc_{object,linked_attributes}_count with DRSUAPI_DRS_GET_NC_SIZE
via 8b38bec torture/drs: remove pointless nc_object_count replication checks in test_link_utdv_hwm()
via 7016056 python/join: use DRSUAPI_DRS_GET_NC_SIZE for the initial replication
via e8d8720 python/join: set common replica_flags in dc_join.__init__()
via 58b8958 drsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]
via 8cb905d drsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGT
via 8bcb35a s4:libnet: s/highestCommitedUSN/highestCommittedUSN
via cad7d1c s4:dsdb/repl: s/highestCommitedUsn/highestCommittedUSN
via 87d6207 dbcheck-links: Test that dbcheck against one-way links does not error
via 7890e42 dbcheck: Do not regard old one-way-links as errors
via c56b9b8 samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
via d3c8b54 samba-tool: Correct handling of default value for use_ntvfs and use_xattrs
via b162acb ctdb-tests: Use replace headers instead of system headers
via eb90262 ctdb-tests: Do not build mutex test if robust mutexes are not supported
via cb1a9e7 ctdb-common: ioctl(.. FIONREAD ..) returns an int value
via 6d83ec9 s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
via 2a0c2b6 smbd: Fix "map acl inherit" = yes
via 64a14a3 s3: vfs: dirsort doesn't handle opendir of "." correctly.
via de82686 docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage
via 5be0e74 vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
via 2f981c3 selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
via 9dd155e s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
via 25ff2b7 s3/rpc_server: move rpc_modules.c to its own subsystem
via edbffe9 selftest: add test for global "smb encrypt=off"
via 227d16c selftest: disable SMB encryption in simpleserver environment
via d2cf308 docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
via 1231b71 s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
via e138848 s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
via 4f1ac97 s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
via a6fd161 s3/rpc_server: shared rpc modules loading
via 1f2ebda VERSION: Bump version up to 4.6.0rc3...
from 54b08f2 VERSION: Disable git snapshots for the 4.2.0rc2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 54 +-
ctdb/common/run_proc.c | 3 +-
ctdb/tests/src/test_mutex_raw.c | 24 +-
ctdb/wscript | 16 +-
docs-xml/manpages/idmap_ad.8.xml | 27 +-
docs-xml/smbdotconf/security/smbencrypt.xml | 6 +-
librpc/idl/drsuapi.idl | 8 +-
python/samba/dbchecker.py | 47 +-
python/samba/join.py | 40 +-
python/samba/netcmd/domain.py | 14 +-
selftest/target/Samba3.pm | 8 +
source3/lib/util_path.c | 139 ++++
source3/lib/util_path.h | 1 +
source3/modules/vfs_dirsort.c | 4 +
source3/modules/vfs_fruit.c | 2 +-
source3/modules/vfs_shadow_copy2.c | 909 +++++++++++++++------
source3/modules/vfs_streams_xattr.c | 9 +-
source3/rpc_server/rpc_service_setup.c | 21 +-
source3/rpc_server/wscript_build | 11 +-
.../script/tests/test_smbclient_encryption_off.sh | 65 ++
source3/selftest/tests.py | 12 +-
source3/smbd/filename.c | 150 ++++
source3/smbd/negprot.c | 23 +-
source3/smbd/posix_acls.c | 4 +-
source3/smbd/service.c | 115 +--
source3/smbd/smb2_negprot.c | 2 +-
source3/smbd/smb2_tcon.c | 3 +-
source3/torture/torture.c | 44 +
source4/dsdb/repl/drepl_service.h | 2 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 78 +-
source4/dsdb/samdb/samdb.h | 2 +
source4/dsdb/tests/python/sec_descriptor.py | 82 +-
source4/libnet/libnet_become_dc.c | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 418 ++++++++--
.../release-4-5-0-pre1/dangling-one-way-link.ldif | 15 +
source4/selftest/tests.py | 5 +
source4/setup/tests/blackbox_supported_features.sh | 86 ++
source4/torture/drs/python/getnc_exop.py | 332 +++++++-
testprogs/blackbox/dbcheck-links.sh | 10 +
testprogs/blackbox/renamedc.sh | 6 +-
testsuite/unittests/wscript | 3 +-
third_party/waf/wafadmin/Tools/config_c.py | 4 +-
43 files changed, 2200 insertions(+), 608 deletions(-)
create mode 100755 source3/script/tests/test_smbclient_encryption_off.sh
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/dangling-one-way-link.ldif
create mode 100755 source4/setup/tests/blackbox_supported_features.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 7a4c23b..e33652e 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 43c5200..751704b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the second release candidate of Samba 4.6. This is *not*
+This is the third release candidate of Samba 4.6. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -240,6 +240,58 @@ KNOWN ISSUES
Currently none.
+CHANGES SINCE 4.5.0rc2
+======================
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
+ * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
+ the same path as streams_xattr_recheck().
+ * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and
+ use_xattrs.
+ * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
+ requiredFeatures.
+ * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
+ rename.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 12184: s3/rpc_server: Shared rpc modules loading.
+ * BUG 12520: Ensure global "smb encrypt = off" is effective.
+ * BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.
+ * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
+ readdirattr.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12551: smbd: Fix "map acl inherit" = yes.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and
+ DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S
+ * BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
+ 2.???" negprot.
+
+o John Mulligan <jmulligan at nasuni.com>
+ * BUG 12542: docs: Improve description of "unix_primary_group" parameter in
+ idmap_ad manpage.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 12552: waf: Do not install the unit test binary for krb5samba.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
+ * BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
+ rename.
+
+o Uri Simchoni <uri at samba.org>
+ * BUG 12529: waf: Backport finding of pkg-config.
+
+
CHANGES SINCE 4.5.0rc1
======================
diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c
index 96e422c..f9fee80 100644
--- a/ctdb/common/run_proc.c
+++ b/ctdb/common/run_proc.c
@@ -132,8 +132,9 @@ static void proc_read_handler(struct tevent_context *ev,
{
struct proc_context *proc = talloc_get_type_abort(
private_data, struct proc_context);
- size_t offset, len = 0;
+ size_t offset;
ssize_t nread;
+ int len = 0;
int ret;
ret = ioctl(proc->fd, FIONREAD, &len);
diff --git a/ctdb/tests/src/test_mutex_raw.c b/ctdb/tests/src/test_mutex_raw.c
index 8e3cae3..ab7aff9 100644
--- a/ctdb/tests/src/test_mutex_raw.c
+++ b/ctdb/tests/src/test_mutex_raw.c
@@ -38,21 +38,11 @@
* If no pid is printed, then no process is holding the mutex.
*/
-#include <stdio.h>
-#include <unistd.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <sys/fcntl.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/wait.h>
-#include <sched.h>
-#include <sys/mman.h>
-#include <pthread.h>
-#include <errno.h>
-#include <stdbool.h>
-
-int pthread_mutex_consistent_np(pthread_mutex_t *);
+#include "replace.h"
+#include "system/filesys.h"
+#include "system/wait.h"
+#include "system/shmem.h"
+#include "system/threads.h"
static void set_realtime(void)
{
@@ -99,7 +89,7 @@ static void run_child(const char *filename)
again:
ret = pthread_mutex_lock(mutex);
if (ret == EOWNERDEAD) {
- ret = pthread_mutex_consistent_np(mutex);
+ ret = pthread_mutex_consistent(mutex);
} else if (ret == EAGAIN) {
goto again;
}
@@ -172,7 +162,7 @@ int main(int argc, const char **argv)
if (strcmp(argv[2], "debug") == 0) {
ret = pthread_mutex_trylock(mutex);
if (ret == EOWNERDEAD) {
- ret = pthread_mutex_consistent_np(mutex);
+ ret = pthread_mutex_consistent(mutex);
if (ret == 0) {
pthread_mutex_unlock(mutex);
}
diff --git a/ctdb/wscript b/ctdb/wscript
index b9a3072..13384c8 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -830,10 +830,11 @@ def build(bld):
ib_deps,
install_path='${CTDB_TEST_LIBEXECDIR}')
- bld.SAMBA_BINARY('test_mutex_raw',
- source='tests/src/test_mutex_raw.c',
- deps='pthread',
- install_path='${CTDB_TEST_LIBEXECDIR}')
+ if bld.env.HAVE_ROBUST_MUTEXES:
+ bld.SAMBA_BINARY('test_mutex_raw',
+ source='tests/src/test_mutex_raw.c',
+ deps='pthread',
+ install_path='${CTDB_TEST_LIBEXECDIR}')
test_subdirs = [
'complex',
@@ -849,8 +850,13 @@ def build(bld):
'tool'
]
+ if bld.env.standalone_ctdb:
+ testdir = 'tests'
+ else:
+ testdir = 'ctdb/tests'
+
for t in test_subdirs:
- files = SUBDIR_MODE('tests/%s' % t, trim_path='tests')
+ files = SUBDIR_MODE('%s/%s' % (testdir, t), trim_path=testdir)
for fmode in files:
bld.INSTALL_FILES(bld.env.CTDB_TEST_DATADIR, 'tests/%s' % fmode[0],
destname=fmode[0], chmod=fmode[1])
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
index 58e7f52..c667695 100644
--- a/docs-xml/manpages/idmap_ad.8.xml
+++ b/docs-xml/manpages/idmap_ad.8.xml
@@ -70,23 +70,34 @@
For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0
please choose "sfu20".
- Please note that primary group membership is currently always calculated
- via the "primaryGroupID" LDAP attribute.
+ Please note that the behavior of primary group membership is
+ controlled by the <emphasis>unix_primary_group</emphasis> option.
</para></listitem>
</varlistentry>
<varlistentry>
<term>unix_primary_group = yes/no</term>
<listitem><para>
- Defines whether to retrieve the user's primary group
- from the SFU attributes.
- </para></listitem>
+ Defines whether the user's primary group is fetched from the SFU
+ attributes or the AD primary group. If set to
+ <parameter>yes</parameter> the primary group membership is fetched
+ from the LDAP attributes (gidNumber).
+ If set to <parameter>no</parameter> the primary group membership is
+ calculated via the "primaryGroupID" LDAP attribute.
+ </para>
+ <para>Default: no</para>
+ </listitem>
</varlistentry>
<varlistentry>
<term>unix_nss_info = yes/no</term>
<listitem><para>
- Defines whether to retrieve the login shell and
- home directory from the SFU attributes.
- </para></listitem>
+ If set to <parameter>yes</parameter> winbind will retrieve the login
+ shell and home directory from the LDAP attributes. If set to
+ <parameter>no</parameter> the or the AD LDAP entry lacks the SFU
+ attributes the options <emphasis>template shell</emphasis> and
+ <emphasis>template homedir</emphasis> are used.
+ </para>
+ <para>Default: no</para>
+ </listitem>
</varlistentry>
</variablelist>
</refsect1>
diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml b/docs-xml/smbdotconf/security/smbencrypt.xml
index 0f08966..32a22cb 100644
--- a/docs-xml/smbdotconf/security/smbencrypt.xml
+++ b/docs-xml/smbdotconf/security/smbencrypt.xml
@@ -180,7 +180,11 @@
<listitem>
<para>
Setting it to <emphasis>off</emphasis> globally will
- completely disable the encryption feature.
+ completely disable the encryption feature for all
+ connections. Setting <parameter>smb encrypt =
+ required</parameter> for individual shares (while it's
+ globally off) will deny access to this shares for all
+ clients.
</para>
</listitem>
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index c3af8a5..d08054f 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -58,6 +58,10 @@ interface drsuapi
DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP = 0x80000000
} drsuapi_DrsOptions;
+ typedef [public,bitmap32bit] bitmap {
+ DRSUAPI_DRS_GET_TGT = 0x00000001
+ } drsuapi_DrsMoreOptions;
+
/* see DRS_MSG_REPMOD_V1 */
typedef [public,bitmap32bit] bitmap {
DRSUAPI_DRS_UPDATE_FLAGS = 0x00000001,
@@ -573,7 +577,7 @@ interface drsuapi
drsuapi_DsReplicaOIDMapping_Ctr mapping_ctr;
} drsuapi_DsGetNCChangesRequest8;
- typedef struct {
+ typedef [public] struct {
GUID destination_dsa_guid;
GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
[ref] drsuapi_DsReplicaObjectIdentifier *naming_context;
@@ -587,7 +591,7 @@ interface drsuapi
drsuapi_DsPartialAttributeSet *partial_attribute_set;
drsuapi_DsPartialAttributeSet *partial_attribute_set_ex;
drsuapi_DsReplicaOIDMapping_Ctr mapping_ctr;
- uint32 more_flags;
+ drsuapi_DrsMoreOptions more_flags;
} drsuapi_DsGetNCChangesRequest10;
typedef [switch_type(uint32)] union {
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 3fcfbc0..22819de 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -59,6 +59,7 @@ class dbcheck(object):
self.fix_all_string_dn_component_mismatch = False
self.fix_all_GUID_dn_component_mismatch = False
self.fix_all_SID_dn_component_mismatch = False
+ self.fix_all_old_dn_string_component_mismatch = False
self.fix_all_metadata = False
self.fix_time_metadata = False
self.fix_undead_linked_attributes = False
@@ -574,6 +575,23 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
"Failed to fix %s on attribute %s" % (errstr, attrname)):
self.report("Fixed %s on attribute %s" % (errstr, attrname))
+ def err_dn_string_component_old(self, dn, attrname, val, dsdb_dn, correct_dn):
+ """handle a DN string being incorrect"""
+ self.report("NOTE: old (due to rename or delete) DN string component for %s in object %s - %s" % (attrname, dn, val))
+ dsdb_dn.dn = correct_dn
+
+ if not self.confirm_all('Change DN to %s?' % str(dsdb_dn),
+ 'fix_all_old_dn_string_component_mismatch'):
+ self.report("Not fixing old string component")
+ return
+ m = ldb.Message()
+ m.dn = dn
+ m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
+ m['new_value'] = ldb.MessageElement(str(dsdb_dn), ldb.FLAG_MOD_ADD, attrname)
+ if self.do_modify(m, ["show_recycled:1"],
+ "Failed to fix old DN string on attribute %s" % (attrname)):
+ self.report("Fixed old DN string on attribute %s" % (attrname))
+
def err_dn_component_target_mismatch(self, dn, attrname, val, dsdb_dn, correct_dn, mismatch_type):
"""handle a DN string being incorrect"""
self.report("ERROR: incorrect DN %s component for %s in object %s - %s" % (mismatch_type, attrname, dn, val))
@@ -914,12 +932,16 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
if rmd_flags & 1:
continue
- # check the DN matches in string form
- if str(res[0].dn) != str(dsdb_dn.dn):
- error_count += 1
- self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,
- res[0].dn, "string")
- continue
+ # assert the DN matches in string form, where a reverse
+ # link exists, otherwise (below) offer to fix it as a non-error.
+ # The string form is essentially only kept for forensics,
+ # as we always re-resolve by GUID in normal operations.
+ if reverse_link_name is not None:
+ if str(res[0].dn) != str(dsdb_dn.dn):
+ error_count += 1
+ self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,
+ res[0].dn, "string")
+ continue
if res[0].dn.get_extended_component("GUID") != dsdb_dn.dn.get_extended_component("GUID"):
error_count += 1
@@ -933,9 +955,18 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
res[0].dn, "SID")
continue
+ # Now we have checked the GUID and SID, offer to fix old
+ # DN strings as a non-error (for forward links with no
+ # backlink). Samba does not maintain this string
+ # otherwise, so we don't increment error_count.
+ if reverse_link_name is None:
+ if str(res[0].dn) != str(dsdb_dn.dn):
+ self.err_dn_string_component_old(obj.dn, attrname, val, dsdb_dn,
+ res[0].dn)
+ continue
- # check the reverse_link is correct if there should be one
- if reverse_link_name is not None:
+ else:
+ # check the reverse_link is correct if there should be one
match_count = 0
if reverse_link_name in res[0]:
for v in res[0][reverse_link_name]:
diff --git a/python/samba/join.py b/python/samba/join.py
index c56f8d9..4eb8c58 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -165,6 +165,12 @@ class dc_join(object):
ctx.tmp_samdb = None
+ ctx.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
+ drsuapi.DRSUAPI_DRS_PER_SYNC |
+ drsuapi.DRSUAPI_DRS_GET_ANC |
+ drsuapi.DRSUAPI_DRS_GET_NC_SIZE |
+ drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+
# these elements are optional
ctx.never_reveal_sid = None
ctx.reveal_sid = None
@@ -891,13 +897,11 @@ class dc_join(object):
# Replicate first the critical object for the basedn
if not ctx.domain_replica_flags & drsuapi.DRSUAPI_DRS_CRITICAL_ONLY:
print "Replicating critical objects from the base DN of the domain"
- ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC
+ ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
- else:
- ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
@@ -1226,11 +1230,7 @@ def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_
ctx.connection_dn = "CN=RODC Connection (FRS),%s" % ctx.ntds_dn
ctx.secure_channel_type = misc.SEC_CHAN_RODC
ctx.RODC = True
- ctx.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
- drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
+ ctx.replica_flags |= ( drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP)
ctx.domain_replica_flags = ctx.replica_flags
if domain_critical_only:
@@ -1260,12 +1260,8 @@ def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_na
ctx.SPNs.append('E3514235-4B06-11D1-AB04-00C04FC2DCD2/$NTDSGUID/%s' % ctx.dnsdomain)
ctx.secure_channel_type = misc.SEC_CHAN_BDC
- ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
- drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+ ctx.replica_flags |= (drsuapi.DRSUAPI_DRS_WRIT_REP |
+ drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS)
ctx.domain_replica_flags = ctx.replica_flags
if domain_critical_only:
ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
@@ -1285,12 +1281,8 @@ def join_clone(logger=None, server=None, creds=None, lp=None,
lp.set("realm", ctx.realm)
logger.info("realm is %s" % ctx.realm)
- ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
- drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+ ctx.replica_flags |= (drsuapi.DRSUAPI_DRS_WRIT_REP |
+ drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS)
if not include_secrets:
ctx.replica_flags |= drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
ctx.domain_replica_flags = ctx.replica_flags
@@ -1341,12 +1333,8 @@ def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
ctx.SPNs.append('E3514235-4B06-11D1-AB04-00C04FC2DCD2/$NTDSGUID/%s' % ctx.dnsdomain)
ctx.secure_channel_type = misc.SEC_CHAN_BDC
- ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
- drsuapi.DRSUAPI_DRS_INIT_SYNC |
- drsuapi.DRSUAPI_DRS_PER_SYNC |
- drsuapi.DRSUAPI_DRS_GET_ANC |
- drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS |
- drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+ ctx.replica_flags |= (drsuapi.DRSUAPI_DRS_WRIT_REP |
+ drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS)
ctx.domain_replica_flags = ctx.replica_flags
ctx.do_join()
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 9661828..b4081e6 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -298,9 +298,9 @@ class cmd_domain_provision(Command):
partitions_only=None,
targetdir=None,
ol_mmr_urls=None,
- use_xattrs=None,
+ use_xattrs="auto",
slapd_path=None,
- use_ntvfs=None,
+ use_ntvfs=False,
use_rfc2307=None,
ldap_backend_nosync=None,
ldap_backend_extra_port=None,
@@ -413,9 +413,9 @@ class cmd_domain_provision(Command):
if use_xattrs == "yes":
eadb = False
- elif use_xattrs == "auto" and use_ntvfs == False or use_ntvfs == None:
+ elif use_xattrs == "auto" and use_ntvfs == False:
eadb = False
- elif use_ntvfs == False or use_ntvfs == None:
+ elif use_ntvfs == False:
raise CommandError("--use-xattrs=no requires --use-ntvfs (not supported for production use). "
"Please re-run with --use-xattrs omitted.")
elif use_xattrs == "auto" and not lp.get("posix:eadb"):
@@ -1491,7 +1491,7 @@ class cmd_domain_classicupgrade(Command):
takes_args = ["smbconf"]
def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None,
- quiet=False, verbose=False, use_xattrs=None, sambaopts=None, versionopts=None,
+ quiet=False, verbose=False, use_xattrs="auto", sambaopts=None, versionopts=None,
dns_backend=None, use_ntvfs=False):
if not os.path.exists(smbconf):
@@ -1532,9 +1532,9 @@ class cmd_domain_classicupgrade(Command):
eadb = True
if use_xattrs == "yes":
eadb = False
- elif use_xattrs == "auto" and use_ntvfs == False or use_ntvfs == None:
+ elif use_xattrs == "auto" and use_ntvfs == False:
eadb = False
- elif use_ntvfs == False or use_ntvfs == None:
+ elif use_ntvfs == False:
raise CommandError("--use-xattrs=no requires --use-ntvfs (not supported for production use). "
"Please re-run with --use-xattrs omitted.")
elif use_xattrs == "auto" and not s3conf.get("posix:eadb"):
--
Samba Shared Repository
More information about the samba-cvs
mailing list