summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml2
-rw-r--r--examples/LDAP/samba.schema.at.IBM-DS4
-rw-r--r--examples/LDAP/samba.schema.oc.IBM-DS2
-rw-r--r--lib/replace/crypt.m42
-rw-r--r--lib/replace/dlfcn.m42
-rw-r--r--lib/replace/libreplace.m42
-rw-r--r--lib/replace/libreplace_network.m414
-rw-r--r--lib/replace/repdir.m44
-rw-r--r--lib/replace/strptime.m42
-rw-r--r--lib/replace/timegm.m42
-rw-r--r--librpc/gen_ndr/ndr_schannel.c272
-rw-r--r--librpc/gen_ndr/ndr_schannel.h9
-rw-r--r--librpc/gen_ndr/schannel.h29
-rw-r--r--librpc/idl/schannel.idl34
-rw-r--r--pidl/tests/Util.pm1
-rwxr-xr-xpidl/tests/ndr_string.pl16
-rw-r--r--source3/include/proto.h17
-rw-r--r--source3/libsmb/clireadwrite.c122
-rw-r--r--source3/libsmb/nterr.c1
-rw-r--r--source3/modules/vfs_aio_fork.c3
-rw-r--r--source3/rpc_client/cli_lsarpc.c189
-rw-r--r--source3/rpc_parse/parse_prs.c2
-rw-r--r--source3/rpc_server/srv_netlog_nt.c2
-rw-r--r--source3/rpc_server/srv_pipe.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c2
-rw-r--r--source4/auth/gensec/schannel.c110
-rw-r--r--source4/dsdb/common/util.c146
-rw-r--r--source4/dsdb/config.mk3
-rw-r--r--source4/dsdb/repl/drepl_notify.c428
-rw-r--r--source4/dsdb/repl/drepl_out_helpers.c4
-rw-r--r--source4/dsdb/repl/drepl_out_pull.c3
-rw-r--r--source4/dsdb/repl/drepl_periodic.c1
-rw-r--r--source4/dsdb/repl/drepl_service.c10
-rw-r--r--source4/dsdb/repl/drepl_service.h37
-rw-r--r--source4/dsdb/samdb/ldb_modules/partition.c19
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c372
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba3sam.c1
-rwxr-xr-xsource4/heimdal_build/asn1_deps.pl49
-rw-r--r--source4/heimdal_build/internal.mk3
-rw-r--r--source4/lib/ldb/pyldb.c12
-rwxr-xr-xsource4/lib/ldb/tests/python/api.py4
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c15
-rw-r--r--source4/scripting/python/samba/provision.py12
-rw-r--r--source4/setup/provision_configuration.ldif33
-rw-r--r--source4/setup/provision_group_policy.ldif6
45 files changed, 1452 insertions, 555 deletions
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml
index 337ae3d794..e2a0abcfd8 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml
@@ -810,7 +810,7 @@ net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d
Versions of Samba-3 prior to 3.0.23 automatically create default group mapping for the
<literal>Domain Admins, Domain Users</literal> and <literal>Domain Guests</literal> Windows
groups, but do not map them to UNIX GIDs. This was a cause of administrative confusion and
- trouble. Commencing with Samba-3.0.23 this annomaly has been fixed - thus all Windows groups
+ trouble. Commencing with Samba-3.0.23 this anomaly has been fixed - thus all Windows groups
must now be manually and explicitly created and mapped to a valid UNIX GID by the Samba
administrator.
</para></note>
diff --git a/examples/LDAP/samba.schema.at.IBM-DS b/examples/LDAP/samba.schema.at.IBM-DS
index 4f4c0567a9..3730a92115 100644
--- a/examples/LDAP/samba.schema.at.IBM-DS
+++ b/examples/LDAP/samba.schema.at.IBM-DS
@@ -73,10 +73,6 @@ IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.54 DBNAME( 'sambaPasswordHistory' 'sam
attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
-attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
attributetypes=( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetypes=( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
diff --git a/examples/LDAP/samba.schema.oc.IBM-DS b/examples/LDAP/samba.schema.oc.IBM-DS
index de3cfb6f71..736d586d92 100644
--- a/examples/LDAP/samba.schema.oc.IBM-DS
+++ b/examples/LDAP/samba.schema.oc.IBM-DS
@@ -19,5 +19,3 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DES
objectclasses=( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
objectclasses=( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL DESC 'Samba Trust Password' MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ))
-
-objectclasses=( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaAccountPolicy' SUP top STRUCTURAL DESC 'Samba Account Policy' MUST ( sambaAccountPolicyName $ sambaAccountPolicyValue ) MAY ( description ) )
diff --git a/lib/replace/crypt.m4 b/lib/replace/crypt.m4
index 684c3519f2..fae2a58685 100644
--- a/lib/replace/crypt.m4
+++ b/lib/replace/crypt.m4
@@ -3,4 +3,4 @@
AC_CHECK_HEADERS(crypt.h)
AC_SEARCH_LIBS_EXT(crypt, [crypt], CRYPT_LIBS,
[ AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function]) ],
- [ LIBREPLACEOBJ="${LIBREPLACEOBJ} crypt.o" ])
+ [ LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/crypt.o" ])
diff --git a/lib/replace/dlfcn.m4 b/lib/replace/dlfcn.m4
index 42f56f26be..722e0246b7 100644
--- a/lib/replace/dlfcn.m4
+++ b/lib/replace/dlfcn.m4
@@ -23,7 +23,7 @@ AC_VERIFY_C_PROTOTYPE([void *dlopen(const char* filename, unsigned int flags)],
])
if test x"${libreplace_cv_dlfcn}" = x"yes";then
- LIBREPLACEOBJ="${LIBREPLACEOBJ} dlfcn.o"
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/dlfcn.o"
fi
LIBDL="$LIBS"
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 7815901032..af8587938d 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -16,7 +16,7 @@ done
if test x"$libreplacedir" = "x"; then
AC_MSG_ERROR([cannot find libreplace in $libreplacepaths])
fi
-LIBREPLACEOBJ="replace.o"
+LIBREPLACEOBJ="$libreplacedir/replace.o"
AC_SUBST(LIBREPLACEOBJ)
AC_CANONICAL_BUILD
diff --git a/lib/replace/libreplace_network.m4 b/lib/replace/libreplace_network.m4
index 2af02312ab..b7d15eaddb 100644
--- a/lib/replace/libreplace_network.m4
+++ b/lib/replace/libreplace_network.m4
@@ -173,7 +173,7 @@ LIBS="${LIBREPLACE_NETWORK_LIBS}"
libreplace_SAVE_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -I$libreplacedir"
-AC_CHECK_FUNCS(socketpair,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} socketpair.o"])
+AC_CHECK_FUNCS(socketpair,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/socketpair.o"])
AC_CACHE_CHECK([for broken inet_ntoa],libreplace_cv_REPLACE_INET_NTOA,[
AC_TRY_RUN([
@@ -193,14 +193,14 @@ exit(1);}],
AC_CHECK_FUNCS(inet_ntoa,[],[libreplace_cv_REPLACE_INET_NTOA=yes])
if test x"$libreplace_cv_REPLACE_INET_NTOA" = x"yes"; then
AC_DEFINE(REPLACE_INET_NTOA,1,[Whether inet_ntoa should be replaced])
- LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} inet_ntoa.o"
+ LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/inet_ntoa.o"
fi
-AC_CHECK_FUNCS(inet_aton,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} inet_aton.o"])
+AC_CHECK_FUNCS(inet_aton,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/inet_aton.o"])
-AC_CHECK_FUNCS(inet_ntop,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} inet_ntop.o"])
+AC_CHECK_FUNCS(inet_ntop,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/inet_ntop.o"])
-AC_CHECK_FUNCS(inet_pton,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} inet_pton.o"])
+AC_CHECK_FUNCS(inet_pton,[],[LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/inet_pton.o"])
dnl test for getaddrinfo/getnameinfo
AC_CACHE_CHECK([for getaddrinfo],libreplace_cv_HAVE_GETADDRINFO,[
@@ -232,7 +232,7 @@ if test x"$libreplace_cv_HAVE_GETADDRINFO" = x"yes"; then
AC_DEFINE(HAVE_FREEADDRINFO,1,[Whether the system has freeaddrinfo])
AC_DEFINE(HAVE_GAI_STRERROR,1,[Whether the system has gai_strerror])
else
- LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} getaddrinfo.o"
+ LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/getaddrinfo.o"
fi
AC_CHECK_HEADERS([ifaddrs.h])
@@ -287,7 +287,7 @@ AC_TRY_RUN([
if test x"$libreplace_cv_HAVE_IFACE_GETIFADDRS" = x"yes"; then
iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is available])
else
- LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} getifaddrs.o"
+ LIBREPLACE_NETWORK_OBJS="${LIBREPLACE_NETWORK_OBJS} $libreplacedir/getifaddrs.o"
fi
diff --git a/lib/replace/repdir.m4 b/lib/replace/repdir.m4
index fb3f414c95..682ab44c56 100644
--- a/lib/replace/repdir.m4
+++ b/lib/replace/repdir.m4
@@ -45,7 +45,7 @@ fi
if test x"$libreplace_cv_READDIR_GETDIRENTRIES" = x"yes"; then
AC_DEFINE(REPLACE_READDIR,1,[replace readdir])
AC_DEFINE(REPLACE_READDIR_GETDIRENTRIES,1,[replace readdir using getdirentries()])
- LIBREPLACEOBJ="${LIBREPLACEOBJ} repdir_getdirentries.o"
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/repdir_getdirentries.o"
libreplace_cv_READDIR_NEEDED=no
fi
@@ -68,7 +68,7 @@ fi
if test x"$libreplace_cv_READDIR_GETDENTS" = x"yes"; then
AC_DEFINE(REPLACE_READDIR,1,[replace readdir])
AC_DEFINE(REPLACE_READDIR_GETDENTS,1,[replace readdir using getdents()])
- LIBREPLACEOBJ="${LIBREPLACEOBJ} repdir_getdents.o"
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/repdir_getdents.o"
libreplace_cv_READDIR_NEEDED=no
fi
diff --git a/lib/replace/strptime.m4 b/lib/replace/strptime.m4
index da22fc5a97..b1a56b4aab 100644
--- a/lib/replace/strptime.m4
+++ b/lib/replace/strptime.m4
@@ -9,5 +9,5 @@ AC_CACHE_CHECK([whether strptime is available and works],libreplace_cv_STRPTIME_
])
if test x"$libreplace_cv_STRPTIME_OK" != x"yes"; then
AC_DEFINE(REPLACE_STRPTIME,1,[Whether strptime should be replaced])
- LIBREPLACEOBJ="${LIBREPLACEOBJ} strptime.o"
+ LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/strptime.o"
fi
diff --git a/lib/replace/timegm.m4 b/lib/replace/timegm.m4
index 59f3ae0521..9b76d0c727 100644
--- a/lib/replace/timegm.m4
+++ b/lib/replace/timegm.m4
@@ -1 +1 @@
-AC_CHECK_FUNCS(timegm,[],[LIBREPLACEOBJ="${LIBREPLACEOBJ} timegm.o"])
+AC_CHECK_FUNCS(timegm,[],[LIBREPLACEOBJ="${LIBREPLACEOBJ} $libreplacedir/timegm.o"])
diff --git a/librpc/gen_ndr/ndr_schannel.c b/librpc/gen_ndr/ndr_schannel.c
index 4bbb56a8b0..e9adcf619b 100644
--- a/librpc/gen_ndr/ndr_schannel.c
+++ b/librpc/gen_ndr/ndr_schannel.c
@@ -5,278 +5,6 @@
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_nbt.h"
-static enum ndr_err_code ndr_push_schannel_bind_3(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind_3 *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->domain));
- ndr->flags = _flags_save_string;
- }
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->workstation));
- ndr->flags = _flags_save_string;
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_schannel_bind_3(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind_3 *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->domain));
- ndr->flags = _flags_save_string;
- }
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->workstation));
- ndr->flags = _flags_save_string;
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_schannel_bind_3(struct ndr_print *ndr, const char *name, const struct schannel_bind_3 *r)
-{
- ndr_print_struct(ndr, name, "schannel_bind_3");
- ndr->depth++;
- ndr_print_string(ndr, "domain", r->domain);
- ndr_print_string(ndr, "workstation", r->workstation);
- ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_schannel_bind_23(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind_23 *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->domain));
- ndr->flags = _flags_save_string;
- }
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->workstation));
- ndr->flags = _flags_save_string;
- }
- NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->dnsdomain));
- NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->dnsworkstation));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_schannel_bind_23(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind_23 *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->domain));
- ndr->flags = _flags_save_string;
- }
- {
- uint32_t _flags_save_string = ndr->flags;
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
- NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->workstation));
- ndr->flags = _flags_save_string;
- }
- NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->dnsdomain));
- NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->dnsworkstation));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_schannel_bind_23(struct ndr_print *ndr, const char *name, const struct schannel_bind_23 *r)
-{
- ndr_print_struct(ndr, name, "schannel_bind_23");
- ndr->depth++;
- ndr_print_string(ndr, "domain", r->domain);
- ndr_print_string(ndr, "workstation", r->workstation);
- ndr_print_nbt_string(ndr, "dnsdomain", r->dnsdomain);
- ndr_print_nbt_string(ndr, "dnsworkstation", r->dnsworkstation);
- ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_schannel_bind_info(struct ndr_push *ndr, int ndr_flags, const union schannel_bind_info *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- int level = ndr_push_get_switch_value(ndr, r);
- switch (level) {
- case 3: {
- NDR_CHECK(ndr_push_schannel_bind_3(ndr, NDR_SCALARS, &r->info3));
- break; }
-
- case 23: {
- NDR_CHECK(ndr_push_schannel_bind_23(ndr, NDR_SCALARS, &r->info23));
- break; }
-
- default:
- return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u at %s", level, __location__);
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- int level = ndr_push_get_switch_value(ndr, r);
- switch (level) {
- case 3:
- break;
-
- case 23:
- break;
-
- default:
- return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u at %s", level, __location__);
- }
- }
- return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_schannel_bind_info(struct ndr_pull *ndr, int ndr_flags, union schannel_bind_info *r)
-{
- int level;
- level = ndr_pull_get_switch_value(ndr, r);
- if (ndr_flags & NDR_SCALARS) {
- switch (level) {
- case 3: {
- NDR_CHECK(ndr_pull_schannel_bind_3(ndr, NDR_SCALARS, &r->info3));
- break; }
-
- case 23: {
- NDR_CHECK(ndr_pull_schannel_bind_23(ndr, NDR_SCALARS, &r->info23));
- break; }
-
- default:
- return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u at %s", level, __location__);
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case 3:
- break;
-
- case 23:
- break;
-
- default:
- return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u at %s", level, __location__);
- }
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_schannel_bind_info(struct ndr_print *ndr, const char *name, const union schannel_bind_info *r)
-{
- int level;
- level = ndr_print_get_switch_value(ndr, r);
- ndr_print_union(ndr, name, level, "schannel_bind_info");
- switch (level) {
- case 3:
- ndr_print_schannel_bind_3(ndr, "info3", &r->info3);
- break;
-
- case 23:
- ndr_print_schannel_bind_23(ndr, "info23", &r->info23);
- break;
-
- default:
- ndr_print_bad_level(ndr, name, level);
- }
-}
-
-_PUBLIC_ enum ndr_err_code ndr_push_schannel_bind(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->bind_type));
- NDR_CHECK(ndr_push_set_switch_value(ndr, &r->u, r->bind_type));
- NDR_CHECK(ndr_push_schannel_bind_info(ndr, NDR_SCALARS, &r->u));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ enum ndr_err_code ndr_pull_schannel_bind(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->bind_type));
- NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->u, r->bind_type));
- NDR_CHECK(ndr_pull_schannel_bind_info(ndr, NDR_SCALARS, &r->u));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_schannel_bind(struct ndr_print *ndr, const char *name, const struct schannel_bind *r)
-{
- ndr_print_struct(ndr, name, "schannel_bind");
- ndr->depth++;
- ndr_print_uint32(ndr, "unknown1", r->unknown1);
- ndr_print_uint32(ndr, "bind_type", r->bind_type);
- ndr_print_set_switch_value(ndr, &r->u, r->bind_type);
- ndr_print_schannel_bind_info(ndr, "u", &r->u);
- ndr->depth--;
-}
-
-_PUBLIC_ enum ndr_err_code ndr_push_schannel_bind_ack(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind_ack *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown3));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ enum ndr_err_code ndr_pull_schannel_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind_ack *r)
-{
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3));
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_schannel_bind_ack(struct ndr_print *ndr, const char *name, const struct schannel_bind_ack *r)
-{
- ndr_print_struct(ndr, name, "schannel_bind_ack");
- ndr->depth++;
- ndr_print_uint32(ndr, "unknown1", r->unknown1);
- ndr_print_uint32(ndr, "unknown2", r->unknown2);
- ndr_print_uint32(ndr, "unknown3", r->unknown3);
- ndr->depth--;
-}
-
_PUBLIC_ enum ndr_err_code ndr_push_netlogon_creds_CredentialState(struct ndr_push *ndr, int ndr_flags, const struct netlogon_creds_CredentialState *r)
{
{
diff --git a/librpc/gen_ndr/ndr_schannel.h b/librpc/gen_ndr/ndr_schannel.h
index ed4093366a..63ee1e4cc9 100644
--- a/librpc/gen_ndr/ndr_schannel.h
+++ b/librpc/gen_ndr/ndr_schannel.h
@@ -8,15 +8,6 @@
#include "../librpc/ndr/ndr_schannel.h"
#define NDR_SCHANNEL_CALL_COUNT (0)
-void ndr_print_schannel_bind_3(struct ndr_print *ndr, const char *name, const struct schannel_bind_3 *r);
-void ndr_print_schannel_bind_23(struct ndr_print *ndr, const char *name, const struct schannel_bind_23 *r);
-void ndr_print_schannel_bind_info(struct ndr_print *ndr, const char *name, const union schannel_bind_info *r);
-enum ndr_err_code ndr_push_schannel_bind(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind *r);
-enum ndr_err_code ndr_pull_schannel_bind(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind *r);
-void ndr_print_schannel_bind(struct ndr_print *ndr, const char *name, const struct schannel_bind *r);
-enum ndr_err_code ndr_push_schannel_bind_ack(struct ndr_push *ndr, int ndr_flags, const struct schannel_bind_ack *r);
-enum ndr_err_code ndr_pull_schannel_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct schannel_bind_ack *r);
-void ndr_print_schannel_bind_ack(struct ndr_print *ndr, const char *name, const struct schannel_bind_ack *r);
enum ndr_err_code ndr_push_netlogon_creds_CredentialState(struct ndr_push *ndr, int ndr_flags, const struct netlogon_creds_CredentialState *r);
enum ndr_err_code ndr_pull_netlogon_creds_CredentialState(struct ndr_pull *ndr, int ndr_flags, struct netlogon_creds_CredentialState *r);
void ndr_print_netlogon_creds_CredentialState(struct ndr_print *ndr, const char *name, const struct netlogon_creds_CredentialState *r);
diff --git a/librpc/gen_ndr/schannel.h b/librpc/gen_ndr/schannel.h
index 6a85af2f46..c07212fea6 100644
--- a/librpc/gen_ndr/schannel.h
+++ b/librpc/gen_ndr/schannel.h
@@ -9,35 +9,6 @@
#ifndef _HEADER_schannel
#define _HEADER_schannel
-struct schannel_bind_3 {
- const char * domain;/* [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] */
- const char * workstation;/* [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] */
-};
-
-struct schannel_bind_23 {
- const char * domain;/* [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] */
- const char * workstation;/* [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] */
- const char * dnsdomain;
- const char * dnsworkstation;
-};
-
-union schannel_bind_info {
- struct schannel_bind_3 info3;/* [case(3)] */
- struct schannel_bind_23 info23;/* [case(23)] */
-}/* [nodiscriminant] */;
-
-struct schannel_bind {
- uint32_t unknown1;
- uint32_t bind_type;
- union schannel_bind_info u;/* [switch_is(bind_type)] */
-}/* [public] */;
-
-struct schannel_bind_ack {
- uint32_t unknown1;
- uint32_t unknown2;
- uint32_t unknown3;
-}/* [public] */;
-
struct netlogon_creds_CredentialState {
uint32_t negotiate_flags;
uint8_t session_key[16];
diff --git a/librpc/idl/schannel.idl b/librpc/idl/schannel.idl
index d9b230d70b..a30e2928e0 100644
--- a/librpc/idl/schannel.idl
+++ b/librpc/idl/schannel.idl
@@ -12,40 +12,6 @@ import "netlogon.idl", "nbt.idl";
]
interface schannel
{
- /*
- a schannel bind blob - used in dcerpc auth_info
- on a schannel
- */
- typedef struct {
- astring domain;
- astring workstation;
- } schannel_bind_3;
-
- typedef struct {
- astring domain;
- astring workstation;
- nbt_string dnsdomain;
- nbt_string dnsworkstation;
- } schannel_bind_23;
-
- typedef [nodiscriminant] union {
- [case (3)] schannel_bind_3 info3;
- [case (23)] schannel_bind_23 info23;
- } schannel_bind_info;
-
- typedef [public] struct {
- uint32 unknown1; /* seems to need to be 0 */
- uint32 bind_type;
- [switch_is(bind_type)] schannel_bind_info u;
- } schannel_bind;
-
- /* a bind_ack blob */
- typedef [public] struct {
- uint32 unknown1; /* 1 */
- uint32 unknown2; /* 0 */
- uint32 unknown3; /* 0x006c0000 */
- } schannel_bind_ack;
-
/* this structure is used internally in the NETLOGON server */
typedef [public,flag(NDR_PAHEX)] struct {
diff --git a/pidl/tests/Util.pm b/pidl/tests/Util.pm
index cfc5cf3a99..ff876ec039 100644
--- a/pidl/tests/Util.pm
+++ b/pidl/tests/Util.pm
@@ -77,7 +77,6 @@ SKIP: {
my $main = "
#define uint_t unsigned int
-#define _GNU_SOURCE
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
diff --git a/pidl/tests/ndr_string.pl b/pidl/tests/ndr_string.pl
index faecbbf4c5..7b76c7b295 100755
--- a/pidl/tests/ndr_string.pl
+++ b/pidl/tests/ndr_string.pl
@@ -70,7 +70,7 @@ test_samba4_ndr("string-wchar-fixed-array-01",
0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00,
\'f\', 0x00, \'o\', 0x00,
- \'o\', 0x00, 0x00, 0x00
+ \'o\', 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00
};
DATA_BLOB b = { data, sizeof(data) };
@@ -86,16 +86,16 @@ test_samba4_ndr("string-wchar-fixed-array-01",
if (r.in.str == NULL)
return 2;
- if (r.in.str.l1 == 0x00000001)
+ if (r.in.str->l1 != 0x00000001)
return 3;
if (strncmp(str.str, "foo", 3) != 0)
return 4;
- if (r.in.str.str[4] != 0)
+ if (r.in.str->str[4] != 0)
return 5;
- if (r.in.str.l3 == 0x00000002)
+ if (r.in.str->l2 != 0x00000002)
return 6;
');
@@ -114,9 +114,9 @@ test_samba4_ndr("string-wchar-fixed-array-02",
0x00, 0x00, 0x00, 0x00,
0x06, 0x00, 0x00, 0x00,
\'f\', 0x00, \'o\', 0x00,
- \'o\', 0x00, \'b\', 0x00
+ \'o\', 0x00, \'b\', 0x00,
\'a\', 0x00, \'r\', 0x00,
- 0x00, 0x00, 0x00, 0x00
+ 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00
};
DATA_BLOB b = { data, sizeof(data) };
@@ -146,9 +146,9 @@ test_samba4_ndr("string-wchar-fixed-array-03",
0x00, 0x00, 0x00, 0x00,
0x07, 0x00, 0x00, 0x00,
\'f\', 0x00, \'o\', 0x00,
- \'o\', 0x00, \'b\', 0x00
+ \'o\', 0x00, \'b\', 0x00,
\'a\', 0x00, \'r\', 0x00,
- 0x00, 0x00, 0x00, 0x00
+ 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00
};
DATA_BLOB b = { data, sizeof(data) };
diff --git a/source3/include/proto.h b/source3/include/proto.h
index abc76e8e02..5da13ca0d7 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5203,6 +5203,14 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
char ***pdomains,
char ***pnames,
enum lsa_SidType **ptypes);
+NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const DOM_SID *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes);
NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *pol, int num_names,
@@ -5211,6 +5219,15 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
int level,
DOM_SID **sids,
enum lsa_SidType **types);
+NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol, int num_names,
+ const char **names,
+ const char ***dom_names,
+ int level,
+ DOM_SID **sids,
+ enum lsa_SidType **types);
+
bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid);
/* The following definitions come from rpc_client/cli_netlogon.c */
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 27f9e4fd98..b6901961d0 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -230,6 +230,120 @@ NTSTATUS cli_read_andx_recv(struct tevent_req *req, ssize_t *received,
return NT_STATUS_OK;
}
+struct cli_readall_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+ off_t start_offset;
+ size_t size;
+ size_t received;
+ uint8_t *buf;
+};
+
+static void cli_readall_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_readall_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ off_t offset, size_t size)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_readall_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_readall_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->fnum = fnum;
+ state->start_offset = offset;
+ state->size = size;
+ state->received = 0;
+ state->buf = NULL;
+
+ subreq = cli_read_andx_send(state, ev, cli, fnum, offset, size);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_readall_done, req);
+ return req;
+}
+
+static void cli_readall_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_readall_state *state = tevent_req_data(
+ req, struct cli_readall_state);
+ ssize_t received;
+ uint8_t *buf;
+ NTSTATUS status;
+
+ status = cli_read_andx_recv(subreq, &received, &buf);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if ((state->received == 0) && (received == state->size)) {
+ /* Ideal case: Got it all in one run */
+ state->buf = buf;
+ state->received += received;
+ tevent_req_done(req);
+ return;
+ }
+
+ /*
+ * We got a short read, issue a read for the
+ * rest. Unfortunately we have to allocate the buffer
+ * ourselves now, as our caller expects to receive a single
+ * buffer. cli_read_andx does it from the buffer received from
+ * the net, but with a short read we have to put it together
+ * from several reads.
+ */
+
+ if (state->buf == NULL) {
+ state->buf = talloc_array(state, uint8_t, state->size);
+ if (tevent_req_nomem(state->buf, req)) {
+ return;
+ }
+ }
+ memcpy(state->buf + state->received, buf, received);
+ state->received += received;
+
+ TALLOC_FREE(subreq);
+
+ if (state->received >= state->size) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = cli_read_andx_send(state, state->ev, state->cli, state->fnum,
+ state->start_offset + state->received,
+ state->size - state->received);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_readall_done, req);
+}
+
+static NTSTATUS cli_readall_recv(struct tevent_req *req, ssize_t *received,
+ uint8_t **rcvbuf)
+{
+ struct cli_readall_state *state = tevent_req_data(
+ req, struct cli_readall_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *received = state->received;
+ *rcvbuf = state->buf;
+ return NT_STATUS_OK;
+}
+
struct cli_pull_subreq {
struct tevent_req *req;
ssize_t received;
@@ -368,7 +482,7 @@ struct tevent_req *cli_pull_send(TALLOC_CTX *mem_ctx,
size_left = size - state->requested;
request_thistime = MIN(size_left, state->chunk_size);
- subreq->req = cli_read_andx_send(
+ subreq->req = cli_readall_send(
state->reqs, ev, cli, fnum,
state->start_offset + state->requested,
request_thistime);
@@ -413,8 +527,8 @@ static void cli_pull_read_done(struct tevent_req *subreq)
return;
}
- status = cli_read_andx_recv(subreq, &pull_subreq->received,
- &pull_subreq->buf);
+ status = cli_readall_recv(subreq, &pull_subreq->received,
+ &pull_subreq->buf);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(state->req, status);
return;
@@ -472,7 +586,7 @@ static void cli_pull_read_done(struct tevent_req *subreq)
+ state->requested),
state->top_req));
- new_req = cli_read_andx_send(
+ new_req = cli_readall_send(
state->reqs, state->ev, state->cli,
state->fnum,
state->start_offset + state->requested,
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index e8d6621d1b..197d5bd730 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -543,6 +543,7 @@ static const nt_err_code_struct nt_errs[] =
{ "NT_STATUS_RPC_NT_CALL_FAILED", NT_STATUS_RPC_NT_CALL_FAILED },
{ "NT_STATUS_RPC_NT_PROTOCOL_ERROR", NT_STATUS_RPC_NT_PROTOCOL_ERROR },
{ "NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE", NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE },
+ { "NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED", NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED },
{ NULL, NT_STATUS(0) }
};
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index 4468fe097f..c725fa6b90 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -343,6 +343,9 @@ static void aio_child_loop(int sockfd, struct mmap_area *map)
ret_struct.size = sys_pread(
fd, (void *)map->ptr, cmd_struct.n,
cmd_struct.offset);
+#ifdef ENABLE_BUILD_FARM_HACKS
+ ret_struct.size = MAX(1, ret_struct.size * 0.9);
+#endif
}
else {
ret_struct.size = sys_pwrite(
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 68fd96faa8..aa883d3cf1 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -114,7 +114,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
const DOM_SID *sids,
char **domains,
char **names,
- enum lsa_SidType *types)
+ enum lsa_SidType *types,
+ bool use_lookupsids3)
{
NTSTATUS result = NT_STATUS_OK;
TALLOC_CTX *tmp_ctx = NULL;
@@ -147,13 +148,41 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
}
}
- result = rpccli_lsa_LookupSids(cli, mem_ctx,
- pol,
- &sid_array,
- &ref_domains,
- &lsa_names,
- level,
- &count);
+ if (use_lookupsids3) {
+ struct lsa_TransNameArray2 lsa_names2;
+ uint32_t n;
+
+ result = rpccli_lsa_LookupSids3(cli, mem_ctx,
+ &sid_array,
+ &ref_domains,
+ &lsa_names2,
+ level,
+ &count,
+ 0,
+ 0);
+
+ if (!NT_STATUS_IS_ERR(result)) {
+ lsa_names.count = lsa_names2.count;
+ lsa_names.names = talloc_array(mem_ctx, struct lsa_TranslatedName, lsa_names.count);
+ if (!lsa_names.names) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (n=0; n < lsa_names.count; n++) {
+ lsa_names.names[n].sid_type = lsa_names2.names[n].sid_type;
+ lsa_names.names[n].name = lsa_names2.names[n].name;
+ lsa_names.names[n].sid_index = lsa_names2.names[n].sid_index;
+ }
+ }
+
+ } else {
+ result = rpccli_lsa_LookupSids(cli, mem_ctx,
+ pol,
+ &sid_array,
+ &ref_domains,
+ &lsa_names,
+ level,
+ &count);
+ }
DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
nt_errstr(result), count));
@@ -233,14 +262,15 @@ done:
* at 20480 for win2k3, but we keep it at a save 1000 for now. */
#define LOOKUP_SIDS_HUNK_SIZE 1000
-NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const DOM_SID *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes)
+static NTSTATUS rpccli_lsa_lookup_sids_generic(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const DOM_SID *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes,
+ bool use_lookupsids3)
{
NTSTATUS result = NT_STATUS_OK;
int sids_left = 0;
@@ -299,7 +329,8 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
hunk_sids,
hunk_domains,
hunk_names,
- hunk_types);
+ hunk_types,
+ use_lookupsids3);
if (!NT_STATUS_IS_OK(hunk_result) &&
!NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) &&
@@ -340,25 +371,54 @@ fail:
return result;
}
-/** Lookup a list of names */
+NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const DOM_SID *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes)
+{
+ return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids,
+ pdomains, pnames, ptypes, false);
+}
-NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
- struct policy_handle *pol, int num_names,
- const char **names,
- const char ***dom_names,
- int level,
- DOM_SID **sids,
- enum lsa_SidType **types)
+ struct policy_handle *pol,
+ int num_sids,
+ const DOM_SID *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes)
+{
+ return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids,
+ pdomains, pnames, ptypes, true);
+}
+
+/** Lookup a list of names */
+
+static NTSTATUS rpccli_lsa_lookup_names_generic(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol, int num_names,
+ const char **names,
+ const char ***dom_names,
+ int level,
+ DOM_SID **sids,
+ enum lsa_SidType **types,
+ bool use_lookupnames4)
{
NTSTATUS result;
int i;
struct lsa_String *lsa_names = NULL;
struct lsa_RefDomainList *domains = NULL;
struct lsa_TransSidArray sid_array;
+ struct lsa_TransSidArray3 sid_array3;
uint32_t count = 0;
ZERO_STRUCT(sid_array);
+ ZERO_STRUCT(sid_array3);
lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
if (!lsa_names) {
@@ -369,14 +429,26 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
init_lsa_String(&lsa_names[i], names[i]);
}
- result = rpccli_lsa_LookupNames(cli, mem_ctx,
- pol,
- num_names,
- lsa_names,
- &domains,
- &sid_array,
- level,
- &count);
+ if (use_lookupnames4) {
+ result = rpccli_lsa_LookupNames4(cli, mem_ctx,
+ num_names,
+ lsa_names,
+ &domains,
+ &sid_array3,
+ level,
+ &count,
+ 0,
+ 0);
+ } else {
+ result = rpccli_lsa_LookupNames(cli, mem_ctx,
+ pol,
+ num_names,
+ lsa_names,
+ &domains,
+ &sid_array,
+ level,
+ &count);
+ }
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
@@ -423,10 +495,17 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
}
for (i = 0; i < num_names; i++) {
- uint32_t dom_idx = sid_array.sids[i].sid_index;
- uint32_t dom_rid = sid_array.sids[i].rid;
+ uint32_t dom_idx;
DOM_SID *sid = &(*sids)[i];
+ if (use_lookupnames4) {
+ dom_idx = sid_array3.sids[i].sid_index;
+ (*types)[i] = sid_array3.sids[i].sid_type;
+ } else {
+ dom_idx = sid_array.sids[i].sid_index;
+ (*types)[i] = sid_array.sids[i].sid_type;
+ }
+
/* Translate optimised sid through domain index array */
if (dom_idx == 0xffffffff) {
@@ -436,14 +515,16 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
continue;
}
- sid_copy(sid, domains->domains[dom_idx].sid);
+ if (use_lookupnames4) {
+ sid_copy(sid, sid_array3.sids[i].sid);
+ } else {
+ sid_copy(sid, domains->domains[dom_idx].sid);
- if (dom_rid != 0xffffffff) {
- sid_append_rid(sid, dom_rid);
+ if (sid_array.sids[i].rid != 0xffffffff) {
+ sid_append_rid(sid, sid_array.sids[i].rid);
+ }
}
- (*types)[i] = sid_array.sids[i].sid_type;
-
if (dom_names == NULL) {
continue;
}
@@ -455,3 +536,31 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
return result;
}
+
+NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol, int num_names,
+ const char **names,
+ const char ***dom_names,
+ int level,
+ DOM_SID **sids,
+ enum lsa_SidType **types)
+{
+ return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names,
+ names, dom_names, level, sids,
+ types, false);
+}
+
+NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol, int num_names,
+ const char **names,
+ const char ***dom_names,
+ int level,
+ DOM_SID **sids,
+ enum lsa_SidType **types)
+{
+ return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names,
+ names, dom_names, level, sids,
+ types, true);
+}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index d428c3aa9e..c5c0c02090 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1087,7 +1087,7 @@ static void schannel_digest(struct schannel_auth_struct *a,
SSVAL(sig,0,verf->SignatureAlgorithm);
SSVAL(sig,2,verf->SealAlgorithm);
SSVAL(sig,4,verf->Pad);
- SSVAL(sig,8,verf->Flags);
+ SSVAL(sig,6,verf->Flags);
/* verfiy the signature on the packet by MD5 over various bits */
MD5Init(&ctx3);
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index f21c80e327..07a0b971a0 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1150,7 +1150,7 @@ NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
struct netr_LogonSamLogonEx *r)
{
NTSTATUS status;
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
become_root();
status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 7be0a0d2d2..ce7df63972 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -2199,11 +2199,13 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
return False;
}
- blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), data_len);
+ blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len);
ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
(ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,("failed to pull NL_AUTH_SIGNATURE\n"));
+ dump_data(2, blob.data, blob.length);
return false;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 2d50280ac8..058bd12f61 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -773,7 +773,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
struct samr_alias_info *ainfo;
NTSTATUS status;
SEC_DESC * psd = NULL;
- size_t sd_size;
+ size_t sd_size = 0;
cinfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 8e56f671d7..15d64436e3 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
dcerpc schannel operations
@@ -10,12 +10,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -36,24 +36,26 @@ static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t
return 32;
}
-static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
+static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
NTSTATUS status;
enum ndr_err_code ndr_err;
- struct schannel_bind bind_schannel;
- struct schannel_bind_ack bind_schannel_ack;
+ struct NL_AUTH_MESSAGE bind_schannel;
+ struct NL_AUTH_MESSAGE bind_schannel_ack;
struct netlogon_creds_CredentialState *creds;
struct ldb_context *schannel_ldb;
const char *workstation;
const char *domain;
+ uint32_t required_flags;
+
*out = data_blob(NULL, 0);
switch (gensec_security->gensec_role) {
@@ -65,71 +67,78 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
state->creds = talloc_reference(state, cli_credentials_get_netlogon_creds(gensec_security->credentials));
- bind_schannel.unknown1 = 0;
+ bind_schannel.MessageType = NL_NEGOTIATE_REQUEST;
#if 0
/* to support this we'd need to have access to the full domain name */
- bind_schannel.bind_type = 23;
- bind_schannel.u.info23.domain = cli_credentials_get_domain(gensec_security->credentials);
- bind_schannel.u.info23.workstation = cli_credentials_get_workstation(gensec_security->credentials);
- bind_schannel.u.info23.dnsdomain = cli_credentials_get_realm(gensec_security->credentials);
+ /* 0x17, 23 */
+ bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
+ NL_FLAG_UTF8_DNS_DOMAIN_NAME |
+ NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME;
+ bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
+ bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials);
+ bind_schannel.utf8_dns_domain = cli_credentials_get_realm(gensec_security->credentials);
/* w2k3 refuses us if we use the full DNS workstation?
why? perhaps because we don't fill in the dNSHostName
attribute in the machine account? */
- bind_schannel.u.info23.dnsworkstation = cli_credentials_get_workstation(gensec_security->credentials);
+ bind_schannel.utf8_netbios_computer = cli_credentials_get_workstation(gensec_security->credentials);
#else
- bind_schannel.bind_type = 3;
- bind_schannel.u.info3.domain = cli_credentials_get_domain(gensec_security->credentials);
- bind_schannel.u.info3.workstation = cli_credentials_get_workstation(gensec_security->credentials);
+ bind_schannel.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
+ bind_schannel.oem_netbios_domain.a = cli_credentials_get_domain(gensec_security->credentials);
+ bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials);
#endif
-
- ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
+
+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
gensec_security->settings->iconv_convenience, &bind_schannel,
- (ndr_push_flags_fn_t)ndr_push_schannel_bind);
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
DEBUG(3, ("Could not create schannel bind: %s\n",
nt_errstr(status)));
return status;
}
-
+
state->state = SCHANNEL_STATE_UPDATE_1;
return NT_STATUS_MORE_PROCESSING_REQUIRED;
case GENSEC_SERVER:
-
+
+ required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
+ NL_FLAG_OEM_NETBIOS_DOMAIN_NAME;
+
if (state->state != SCHANNEL_STATE_START) {
/* no third leg on this protocol */
return NT_STATUS_INVALID_PARAMETER;
}
-
+
/* parse the schannel startup blob */
ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx,
gensec_security->settings->iconv_convenience,
- &bind_schannel,
- (ndr_pull_flags_fn_t)ndr_pull_schannel_bind);
+ &bind_schannel,
+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
DEBUG(3, ("Could not parse incoming schannel bind: %s\n",
nt_errstr(status)));
return status;
}
-
- if (bind_schannel.bind_type == 23) {
- workstation = bind_schannel.u.info23.workstation;
- domain = bind_schannel.u.info23.domain;
- } else {
- workstation = bind_schannel.u.info3.workstation;
- domain = bind_schannel.u.info3.domain;
+
+ if (!(required_flags == (bind_schannel.Flags & required_flags))) {
+ return NT_STATUS_INVALID_PARAMETER;
}
-
+
+ workstation = bind_schannel.oem_netbios_computer.a;
+ domain = bind_schannel.oem_netbios_domain.a;
+
if (strcasecmp_m(domain, lp_workgroup(gensec_security->settings->lp_ctx)) != 0) {
DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
domain, lp_workgroup(gensec_security->settings->lp_ctx)));
-
+
return NT_STATUS_LOGON_FAILURE;
}
- schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
+ schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
gensec_security->settings->lp_ctx);
if (!schannel_ldb) {
return NT_STATUS_ACCESS_DENIED;
@@ -149,13 +158,16 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
state->creds = talloc_reference(state, creds);
- bind_schannel_ack.unknown1 = 1;
- bind_schannel_ack.unknown2 = 0;
- bind_schannel_ack.unknown3 = 0x6c0000;
-
- ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
+ bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
+ bind_schannel_ack.Flags = 0;
+ bind_schannel_ack.Buffer.dummy = 0x6c0000; /* actually I think
+ * this does not have
+ * any meaning here
+ * - gd */
+
+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
gensec_security->settings->iconv_convenience, &bind_schannel_ack,
- (ndr_push_flags_fn_t)ndr_push_schannel_bind_ack);
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
DEBUG(3, ("Could not return schannel bind ack for client %s: %s\n",
@@ -181,7 +193,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
_PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_CredentialState **creds)
-{
+{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
*creds = talloc_reference(mem_ctx, state->creds);
@@ -190,15 +202,15 @@ _PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
}
return NT_STATUS_OK;
}
-
-/**
+
+/**
* Returns anonymous credentials for schannel, matching Win2k3.
*
*/
static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
- struct auth_session_info **_session_info)
+ struct auth_session_info **_session_info)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, _session_info);
@@ -220,7 +232,7 @@ static NTSTATUS schannel_start(struct gensec_security *gensec_security)
return NT_STATUS_OK;
}
-static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
+static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
{
NTSTATUS status;
struct schannel_state *state;
@@ -232,7 +244,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
state = (struct schannel_state *)gensec_security->private_data;
state->initiator = false;
-
+
return NT_STATUS_OK;
}
@@ -248,7 +260,7 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
state = (struct schannel_state *)gensec_security->private_data;
state->initiator = true;
-
+
return NT_STATUS_OK;
}
@@ -256,7 +268,7 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
static bool schannel_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
- if (feature & (GENSEC_FEATURE_SIGN |
+ if (feature & (GENSEC_FEATURE_SIGN |
GENSEC_FEATURE_SEAL)) {
return true;
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index b5005444cc..c2636e127f 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2257,3 +2257,149 @@ failed:
}
+/*
+ load the uSNHighest attribute from the @REPLCHANGED object for a
+ partition
+ */
+int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn, uint64_t *uSN)
+{
+ struct ldb_request *req;
+ int ret;
+ TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ struct dsdb_control_current_partition *p_ctrl;
+ struct ldb_result *res;
+
+ res = talloc_zero(tmp_ctx, struct ldb_result);
+ if (!res) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+ ldb_dn_new(tmp_ctx, ldb, "@REPLCHANGED"),
+ LDB_SCOPE_BASE,
+ NULL, NULL,
+ NULL,
+ res, ldb_search_default_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ p_ctrl = talloc(req, struct dsdb_control_current_partition);
+ if (p_ctrl == NULL) {
+ talloc_free(res);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+ p_ctrl->dn = dn;
+
+
+ ret = ldb_request_add_control(req,
+ DSDB_CONTROL_CURRENT_PARTITION_OID,
+ false, p_ctrl);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* Run the new request */
+ ret = ldb_request(ldb, req);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
+
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (res->count < 1) {
+ *uSN = 0;
+ } else {
+ *uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNHighest", 0);
+ }
+
+ talloc_free(tmp_ctx);
+
+ return LDB_SUCCESS;
+}
+
+/*
+ save the uSNHighest attribute in the @REPLCHANGED object for a
+ partition
+ */
+int dsdb_save_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn, uint64_t uSN)
+{
+ struct ldb_request *req;
+ struct ldb_message *msg;
+ struct dsdb_control_current_partition *p_ctrl;
+ int ret;
+
+ msg = ldb_msg_new(ldb);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ msg->dn = ldb_dn_new(msg, ldb, "@REPLCHANGED");
+ if (msg->dn == NULL) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_msg_add_fmt(msg, "uSNHighest", "%llu", (unsigned long long)uSN);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+
+ p_ctrl = talloc(msg, struct dsdb_control_current_partition);
+ if (p_ctrl == NULL) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+ p_ctrl->dn = dn;
+
+ ret = ldb_build_mod_req(&req, ldb, msg,
+ msg,
+ NULL,
+ NULL, ldb_op_default_callback,
+ NULL);
+again:
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+
+ ret = ldb_request_add_control(req,
+ DSDB_CONTROL_CURRENT_PARTITION_OID,
+ false, p_ctrl);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+
+ /* Run the new request */
+ ret = ldb_request(ldb, req);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ ret = ldb_build_add_req(&req, ldb, msg,
+ msg,
+ NULL,
+ NULL, ldb_op_default_callback,
+ NULL);
+ goto again;
+ }
+
+ talloc_free(msg);
+
+ return ret;
+}
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index eb26f5b433..4150ba0d54 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -62,7 +62,8 @@ DREPL_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/repl/, \
drepl_periodic.o \
drepl_partitions.o \
drepl_out_pull.o \
- drepl_out_helpers.o)
+ drepl_out_helpers.o \
+ drepl_notify.o)
$(eval $(call proto_header_template,$(dsdbsrcdir)/repl/drepl_service_proto.h,$(DREPL_SRV_OBJ_FILES:.o=.c)))
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
new file mode 100644
index 0000000000..73280917c5
--- /dev/null
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -0,0 +1,428 @@
+/*
+ Unix SMB/CIFS mplementation.
+
+ DSDB replication service periodic notification handling
+
+ Copyright (C) Andrew Tridgell 2009
+ based on drepl_periodic
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "smbd/service.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/repl/drepl_service.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/composite/composite.h"
+
+
+struct dreplsrv_op_notify_state {
+ struct composite_context *creq;
+
+ struct dreplsrv_out_connection *conn;
+
+ struct dreplsrv_drsuapi_connection *drsuapi;
+
+ struct drsuapi_DsBindInfoCtr bind_info_ctr;
+ struct drsuapi_DsBind bind_r;
+ struct dreplsrv_notify_operation *op;
+};
+
+/*
+ receive a DsReplicaSync reply
+ */
+static void dreplsrv_op_notify_replica_sync_recv(struct rpc_request *req)
+{
+ struct dreplsrv_op_notify_state *st = talloc_get_type(req->async.private_data,
+ struct dreplsrv_op_notify_state);
+ struct composite_context *c = st->creq;
+ struct drsuapi_DsReplicaSync *r = talloc_get_type(req->ndr.struct_ptr,
+ struct drsuapi_DsReplicaSync);
+
+ c->status = dcerpc_ndr_request_recv(req);
+ if (!composite_is_ok(c)) return;
+
+ if (!W_ERROR_IS_OK(r->out.result)) {
+ composite_error(c, werror_to_ntstatus(r->out.result));
+ return;
+ }
+
+ composite_done(c);
+}
+
+/*
+ send a DsReplicaSync
+*/
+static void dreplsrv_op_notify_replica_sync_send(struct dreplsrv_op_notify_state *st)
+{
+ struct composite_context *c = st->creq;
+ struct dreplsrv_partition *partition = st->op->source_dsa->partition;
+ struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi;
+ struct rpc_request *req;
+ struct drsuapi_DsReplicaSync *r;
+
+ r = talloc_zero(st, struct drsuapi_DsReplicaSync);
+ if (composite_nomem(r, c)) return;
+
+ r->in.bind_handle = &drsuapi->bind_handle;
+ r->in.level = 1;
+ r->in.req.req1.naming_context = &partition->nc;
+ r->in.req.req1.source_dsa_guid = st->op->service->ntds_guid;
+ r->in.req.req1.options =
+ DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION |
+ DRSUAPI_DS_REPLICA_SYNC_WRITEABLE |
+ DRSUAPI_DS_REPLICA_SYNC_ALL_SOURCES;
+
+
+ req = dcerpc_drsuapi_DsReplicaSync_send(drsuapi->pipe, r, r);
+ composite_continue_rpc(c, req, dreplsrv_op_notify_replica_sync_recv, st);
+}
+
+/*
+ called when we have an established connection
+ */
+static void dreplsrv_op_notify_connect_recv(struct composite_context *creq)
+{
+ struct dreplsrv_op_notify_state *st = talloc_get_type(creq->async.private_data,
+ struct dreplsrv_op_notify_state);
+ struct composite_context *c = st->creq;
+
+ c->status = dreplsrv_out_drsuapi_recv(creq);
+ if (!composite_is_ok(c)) return;
+
+ dreplsrv_op_notify_replica_sync_send(st);
+}
+
+/*
+ start the ReplicaSync async call
+ */
+static struct composite_context *dreplsrv_op_notify_send(struct dreplsrv_notify_operation *op)
+{
+ struct composite_context *c;
+ struct composite_context *creq;
+ struct dreplsrv_op_notify_state *st;
+
+ c = composite_create(op, op->service->task->event_ctx);
+ if (c == NULL) return NULL;
+
+ st = talloc_zero(c, struct dreplsrv_op_notify_state);
+ if (composite_nomem(st, c)) return c;
+
+ st->creq = c;
+ st->op = op;
+
+ creq = dreplsrv_out_drsuapi_send(op->source_dsa->conn);
+ composite_continue(c, creq, dreplsrv_op_notify_connect_recv, st);
+
+ return c;
+}
+
+static void dreplsrv_notify_del_repsTo(struct dreplsrv_notify_operation *op)
+{
+ uint32_t count;
+ struct repsFromToBlob *reps;
+ WERROR werr;
+ struct dreplsrv_service *s = op->service;
+ int i;
+
+ werr = dsdb_loadreps(s->samdb, op, op->source_dsa->partition->dn, "repsTo", &reps, &count);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed to load repsTo for %s\n",
+ ldb_dn_get_linearized(op->source_dsa->partition->dn)));
+ return;
+ }
+
+ for (i=0; i<count; i++) {
+ if (GUID_compare(&reps[i].ctr.ctr1.source_dsa_obj_guid,
+ &op->source_dsa->repsFrom1->source_dsa_obj_guid) == 0) {
+ memmove(&reps[i], &reps[i+1],
+ sizeof(reps[i])*(count-(i+1)));
+ count--;
+ }
+ }
+
+ werr = dsdb_savereps(s->samdb, op, op->source_dsa->partition->dn, "repsTo", reps, count);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed to save repsTo for %s\n",
+ ldb_dn_get_linearized(op->source_dsa->partition->dn)));
+ return;
+ }
+}
+
+/*
+ called when a notify operation has completed
+ */
+static void dreplsrv_notify_op_callback(struct dreplsrv_notify_operation *op)
+{
+ NTSTATUS status;
+ struct dreplsrv_service *s = op->service;
+
+ status = composite_wait(op->creq);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("dreplsrv_notify: Failed to send DsReplicaSync to %s - %s\n",
+ op->source_dsa->repsFrom1->other_info->dns_name,
+ nt_errstr(status)));
+ } else {
+ DEBUG(2,("dreplsrv_notify: DsReplicaSync OK for %s\n",
+ op->source_dsa->repsFrom1->other_info->dns_name));
+ op->source_dsa->notify_uSN = op->uSN;
+ /* delete the repsTo for this replication partner in the
+ partition, as we have successfully told him to sync */
+ dreplsrv_notify_del_repsTo(op);
+ }
+ talloc_free(op->creq);
+
+ talloc_free(op);
+ s->ops.n_current = NULL;
+ dreplsrv_notify_run_ops(s);
+}
+
+
+static void dreplsrv_notify_op_callback_creq(struct composite_context *creq)
+{
+ struct dreplsrv_notify_operation *op = talloc_get_type(creq->async.private_data,
+ struct dreplsrv_notify_operation);
+ dreplsrv_notify_op_callback(op);
+}
+
+/*
+ run any pending replica sync calls
+ */
+void dreplsrv_notify_run_ops(struct dreplsrv_service *s)
+{
+ struct dreplsrv_notify_operation *op;
+
+ if (s->ops.n_current || s->ops.current) {
+ /* if there's still one running, we're done */
+ return;
+ }
+
+ if (!s->ops.notifies) {
+ /* if there're no pending operations, we're done */
+ return;
+ }
+
+ op = s->ops.notifies;
+ s->ops.n_current = op;
+ DLIST_REMOVE(s->ops.notifies, op);
+
+ op->creq = dreplsrv_op_notify_send(op);
+ if (!op->creq) {
+ dreplsrv_notify_op_callback(op);
+ return;
+ }
+
+ op->creq->async.fn = dreplsrv_notify_op_callback_creq;
+ op->creq->async.private_data = op;
+}
+
+
+/*
+ find a source_dsa for a given guid
+ */
+static struct dreplsrv_partition_source_dsa *dreplsrv_find_source_dsa(struct dreplsrv_partition *p,
+ struct GUID *guid)
+{
+ struct dreplsrv_partition_source_dsa *s;
+
+ for (s=p->sources; s; s=s->next) {
+ if (GUID_compare(&s->repsFrom1->source_dsa_obj_guid, guid) == 0) {
+ return s;
+ }
+ }
+ return NULL;
+}
+
+
+/*
+ schedule a replicaSync message
+ */
+static WERROR dreplsrv_schedule_notify_sync(struct dreplsrv_service *service,
+ struct dreplsrv_partition *p,
+ struct repsFromToBlob *reps,
+ TALLOC_CTX *mem_ctx,
+ uint64_t uSN)
+{
+ struct dreplsrv_notify_operation *op;
+ struct dreplsrv_partition_source_dsa *s;
+
+ s = dreplsrv_find_source_dsa(p, &reps->ctr.ctr1.source_dsa_obj_guid);
+ if (s == NULL) {
+ DEBUG(0,(__location__ ": Unable to find source_dsa for %s\n",
+ GUID_string(mem_ctx, &reps->ctr.ctr1.source_dsa_obj_guid)));
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ op = talloc_zero(mem_ctx, struct dreplsrv_notify_operation);
+ W_ERROR_HAVE_NO_MEMORY(op);
+
+ op->service = service;
+ op->source_dsa = s;
+ op->uSN = uSN;
+
+ DLIST_ADD_END(service->ops.notifies, op, struct dreplsrv_notify_operation *);
+ talloc_steal(service, op);
+ return WERR_OK;
+}
+
+/*
+ see if a partition has a hugher uSN than what is in the repsTo and
+ if so then send a DsReplicaSync
+ */
+static WERROR dreplsrv_notify_check(struct dreplsrv_service *s,
+ struct dreplsrv_partition *p,
+ TALLOC_CTX *mem_ctx)
+{
+ uint32_t count=0;
+ struct repsFromToBlob *reps;
+ WERROR werr;
+ uint64_t uSN;
+ int ret, i;
+
+ werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsTo", &reps, &count);
+ if (count == 0) {
+ werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsFrom", &reps, &count);
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed to load repsTo for %s\n",
+ ldb_dn_get_linearized(p->dn)));
+ return werr;
+ }
+
+ /* loads the partition uSNHighest */
+ ret = dsdb_load_partition_usn(s->samdb, p->dn, &uSN);
+ if (ret != LDB_SUCCESS || uSN == 0) {
+ /* nothing to do */
+ return WERR_OK;
+ }
+
+ /* see if any of our partners need some of our objects */
+ for (i=0; i<count; i++) {
+ struct dreplsrv_partition_source_dsa *sdsa;
+ sdsa = dreplsrv_find_source_dsa(p, &reps[i].ctr.ctr1.source_dsa_obj_guid);
+ if (sdsa == NULL) continue;
+ if (sdsa->notify_uSN < uSN) {
+ /* we need to tell this partner to replicate
+ with us */
+ werr = dreplsrv_schedule_notify_sync(s, p, &reps[i], mem_ctx, uSN);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed to setup notify to %s for %s\n",
+ reps[i].ctr.ctr1.other_info->dns_name,
+ ldb_dn_get_linearized(p->dn)));
+ return werr;
+ }
+ }
+ }
+
+ return WERR_OK;
+}
+
+/*
+ see if any of the partitions have changed, and if so then send a
+ DsReplicaSync to all the replica partners in the repsTo object
+ */
+static WERROR dreplsrv_notify_check_all(struct dreplsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+ WERROR status;
+ struct dreplsrv_partition *p;
+
+ for (p = s->partitions; p; p = p->next) {
+ status = dreplsrv_notify_check(s, p, mem_ctx);
+ W_ERROR_NOT_OK_RETURN(status);
+ }
+
+ return WERR_OK;
+}
+
+static void dreplsrv_notify_run(struct dreplsrv_service *service);
+
+static void dreplsrv_notify_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+ struct timeval t, void *ptr)
+{
+ struct dreplsrv_service *service = talloc_get_type(ptr, struct dreplsrv_service);
+ WERROR status;
+
+ service->notify.te = NULL;
+
+ dreplsrv_notify_run(service);
+
+ status = dreplsrv_notify_schedule(service, service->notify.interval);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(service->task, win_errstr(status));
+ return;
+ }
+}
+
+WERROR dreplsrv_notify_schedule(struct dreplsrv_service *service, uint32_t next_interval)
+{
+ TALLOC_CTX *tmp_mem;
+ struct tevent_timer *new_te;
+ struct timeval next_time;
+
+ /* prevent looping */
+ if (next_interval == 0) next_interval = 1;
+
+ next_time = timeval_current_ofs(next_interval, 50);
+
+ if (service->notify.te) {
+ /*
+ * if the timestamp of the new event is higher,
+ * as current next we don't need to reschedule
+ */
+ if (timeval_compare(&next_time, &service->notify.next_event) > 0) {
+ return WERR_OK;
+ }
+ }
+
+ /* reset the next scheduled timestamp */
+ service->notify.next_event = next_time;
+
+ new_te = event_add_timed(service->task->event_ctx, service,
+ service->notify.next_event,
+ dreplsrv_notify_handler_te, service);
+ W_ERROR_HAVE_NO_MEMORY(new_te);
+
+ tmp_mem = talloc_new(service);
+ DEBUG(2,("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n",
+ next_interval,
+ (service->notify.te?"re":""),
+ nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
+ talloc_free(tmp_mem);
+
+ talloc_free(service->notify.te);
+ service->notify.te = new_te;
+
+ return WERR_OK;
+}
+
+static void dreplsrv_notify_run(struct dreplsrv_service *service)
+{
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_new(service);
+ dreplsrv_notify_check_all(service, mem_ctx);
+ talloc_free(mem_ctx);
+
+ dreplsrv_run_pending_ops(service);
+ dreplsrv_notify_run_ops(service);
+}
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index e90f2783b1..168aacdde9 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -48,7 +48,7 @@ struct dreplsrv_out_drsuapi_state {
static void dreplsrv_out_drsuapi_connect_recv(struct composite_context *creq);
-static struct composite_context *dreplsrv_out_drsuapi_send(struct dreplsrv_out_connection *conn)
+struct composite_context *dreplsrv_out_drsuapi_send(struct dreplsrv_out_connection *conn)
{
struct composite_context *c;
struct composite_context *creq;
@@ -165,7 +165,7 @@ static void dreplsrv_out_drsuapi_bind_recv(struct rpc_request *req)
composite_done(c);
}
-static NTSTATUS dreplsrv_out_drsuapi_recv(struct composite_context *c)
+NTSTATUS dreplsrv_out_drsuapi_recv(struct composite_context *c)
{
NTSTATUS status;
struct dreplsrv_out_drsuapi_state *st = talloc_get_type(c->private_data,
diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c
index 54dbd29730..b073d265c3 100644
--- a/source4/dsdb/repl/drepl_out_pull.c
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -125,6 +125,7 @@ done:
talloc_free(op);
s->ops.current = NULL;
dreplsrv_run_pending_ops(s);
+ dreplsrv_notify_run_ops(s);
}
static void dreplsrv_pending_op_callback_creq(struct composite_context *creq)
@@ -140,7 +141,7 @@ void dreplsrv_run_pending_ops(struct dreplsrv_service *s)
time_t t;
NTTIME now;
- if (s->ops.current) {
+ if (s->ops.current || s->ops.n_current) {
/* if there's still one running, we're done */
return;
}
diff --git a/source4/dsdb/repl/drepl_periodic.c b/source4/dsdb/repl/drepl_periodic.c
index 2cfcb310dc..377cecbe99 100644
--- a/source4/dsdb/repl/drepl_periodic.c
+++ b/source4/dsdb/repl/drepl_periodic.c
@@ -110,4 +110,5 @@ static void dreplsrv_periodic_run(struct dreplsrv_service *service)
dreplsrv_refresh_partitions(service);
dreplsrv_run_pending_ops(service);
+ dreplsrv_notify_run_ops(service);
}
diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c
index eb49da3d41..cb415b65e6 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -196,6 +196,16 @@ static void dreplsrv_task_init(struct task_server *task)
return;
}
+ service->notify.interval = lp_parm_int(task->lp_ctx, NULL, "dreplsrv",
+ "notify_interval", 5); /* in seconds */
+ status = dreplsrv_notify_schedule(service, service->notify.interval);
+ if (!W_ERROR_IS_OK(status)) {
+ task_server_terminate(task, talloc_asprintf(task,
+ "dreplsrv: Failed to setup notify schedule: %s\n",
+ win_errstr(status)));
+ return;
+ }
+
irpc_add_name(task->msg_ctx, "dreplsrv");
IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service);
diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h
index a9eea30719..0f9684fa78 100644
--- a/source4/dsdb/repl/drepl_service.h
+++ b/source4/dsdb/repl/drepl_service.h
@@ -69,6 +69,9 @@ struct dreplsrv_partition_source_dsa {
struct repsFromToBlob _repsFromBlob;
struct repsFromTo1 *repsFrom1;
+ /* the last uSN when we sent a notify */
+ uint64_t notify_uSN;
+
/* the reference to the source_dsa and its outgoing connection */
struct dreplsrv_out_connection *conn;
};
@@ -107,6 +110,17 @@ struct dreplsrv_out_operation {
struct composite_context *creq;
};
+struct dreplsrv_notify_operation {
+ struct dreplsrv_notify_operation *prev, *next;
+
+ struct dreplsrv_service *service;
+ uint64_t uSN;
+
+ struct dreplsrv_partition_source_dsa *source_dsa;
+
+ struct composite_context *creq;
+};
+
struct dreplsrv_service {
/* the whole drepl service is in one task */
struct task_server *task;
@@ -150,6 +164,23 @@ struct dreplsrv_service {
struct tevent_timer *te;
} periodic;
+ /* some stuff for notify processing */
+ struct {
+ /*
+ * the interval between notify runs
+ */
+ uint32_t interval;
+
+ /*
+ * the timestamp for the next event,
+ * this is the timstamp passed to event_add_timed()
+ */
+ struct timeval next_event;
+
+ /* here we have a reference to the timed event the schedules the notifies */
+ struct tevent_timer *te;
+ } notify;
+
/*
* the list of partitions we need to replicate
*/
@@ -166,6 +197,12 @@ struct dreplsrv_service {
/* the list of pending operations */
struct dreplsrv_out_operation *pending;
+
+ /* the list of pending notify operations */
+ struct dreplsrv_notify_operation *notifies;
+
+ /* an active notify operation */
+ struct dreplsrv_notify_operation *n_current;
} ops;
};
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index d4a69952e8..79d11fd958 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -161,6 +161,10 @@ static struct dsdb_partition *find_partition(struct partition_private_data *data
}
}
+ if (dn == NULL) {
+ return NULL;
+ }
+
/* Look at base DN */
/* Figure out which partition it is under */
/* Skip the lot if 'data' isn't here yet (initialisation) */
@@ -470,10 +474,10 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re
static int partition_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_control **saved_controls;
-
/* Find backend */
struct partition_private_data *data = talloc_get_type(module->private_data,
struct partition_private_data);
+
/* issue request */
/* (later) consider if we should be searching multiple
@@ -483,6 +487,17 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_control *domain_scope_control = ldb_request_get_control(req, LDB_CONTROL_DOMAIN_SCOPE_OID);
struct ldb_search_options_control *search_options = NULL;
+ struct dsdb_partition *p;
+
+ p = find_partition(data, NULL, req);
+ if (p != NULL) {
+ /* the caller specified what partition they want the
+ * search - just pass it on
+ */
+ return ldb_next_request(p->module, req);
+ }
+
+
if (search_control) {
search_options = talloc_get_type(search_control->data, struct ldb_search_options_control);
}
@@ -765,7 +780,7 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque
struct ldb_result *res;
struct dsdb_partition *p;
- p = find_partition(NULL, NULL, req);
+ p = find_partition(data, NULL, req);
if (p != NULL) {
/* the caller specified what partition they want the
* sequence number operation on - just pass it on
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 2a16c2bb82..f9411fe95f 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -47,7 +47,14 @@
#include "lib/util/dlinklist.h"
struct replmd_private {
+ TALLOC_CTX *la_ctx;
struct la_entry *la_list;
+ uint32_t num_ncs;
+ struct nc_entry {
+ struct ldb_dn *dn;
+ struct GUID guid;
+ uint64_t mod_usn;
+ } *ncs;
};
struct la_entry {
@@ -71,6 +78,188 @@ struct replmd_replicated_request {
struct ldb_message *search_msg;
};
+
+/*
+ initialise the module
+ allocate the private structure and build the list
+ of partition DNs for use by replmd_notify()
+ */
+static int replmd_init(struct ldb_module *module)
+{
+ struct replmd_private *replmd_private;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ replmd_private = talloc_zero(module, struct replmd_private);
+ if (replmd_private == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ldb_module_set_private(module, replmd_private);
+
+ return ldb_next_init(module);
+}
+
+
+static int nc_compare(struct nc_entry *n1, struct nc_entry *n2)
+{
+ return ldb_dn_compare(n1->dn, n2->dn);
+}
+
+/*
+ build the list of partition DNs for use by replmd_notify()
+ */
+static int replmd_load_NCs(struct ldb_module *module)
+{
+ const char *attrs[] = { "namingContexts", NULL };
+ struct ldb_result *res = NULL;
+ int i, ret;
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_context *ldb;
+ struct ldb_message_element *el;
+ struct replmd_private *replmd_private =
+ talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+
+ if (replmd_private->ncs != NULL) {
+ return LDB_SUCCESS;
+ }
+
+ ldb = ldb_module_get_ctx(module);
+ tmp_ctx = talloc_new(module);
+
+ /* load the list of naming contexts */
+ ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, ""),
+ LDB_SCOPE_BASE, attrs, NULL);
+ if (ret != LDB_SUCCESS ||
+ res->count != 1) {
+ DEBUG(0,(__location__ ": Failed to load rootDSE\n"));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ el = ldb_msg_find_element(res->msgs[0], "namingContexts");
+ if (el == NULL) {
+ DEBUG(0,(__location__ ": Failed to load namingContexts\n"));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ replmd_private->num_ncs = el->num_values;
+ replmd_private->ncs = talloc_array(replmd_private, struct nc_entry,
+ replmd_private->num_ncs);
+ if (replmd_private->ncs == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ replmd_private->ncs[i].dn =
+ ldb_dn_from_ldb_val(replmd_private->ncs,
+ ldb, &el->values[i]);
+ replmd_private->ncs[i].mod_usn = 0;
+ }
+
+ talloc_free(res);
+
+ /* now find the GUIDs of each of those DNs */
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ const char *attrs2[] = { "objectGUID", NULL };
+ ret = ldb_search(ldb, tmp_ctx, &res, replmd_private->ncs[i].dn,
+ LDB_SCOPE_BASE, attrs2, NULL);
+ if (ret != LDB_SUCCESS ||
+ res->count != 1) {
+ /* this happens when the schema is first being
+ setup */
+ talloc_free(replmd_private->ncs);
+ replmd_private->ncs = NULL;
+ replmd_private->num_ncs = 0;
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+ replmd_private->ncs[i].guid =
+ samdb_result_guid(res->msgs[0], "objectGUID");
+ talloc_free(res);
+ }
+
+ /* sort the NCs into order, most to least specific */
+ qsort(replmd_private->ncs, replmd_private->num_ncs,
+ sizeof(replmd_private->ncs[0]), QSORT_CAST nc_compare);
+
+
+ talloc_free(tmp_ctx);
+
+ return LDB_SUCCESS;
+}
+
+
+/*
+ * notify the repl task that a object has changed. The notifies are
+ * gathered up in the replmd_private structure then written to the
+ * @REPLCHANGED object in each partition during the prepare_commit
+ */
+static int replmd_notify(struct ldb_module *module, struct ldb_dn *dn, uint64_t uSN)
+{
+ int ret, i;
+ struct replmd_private *replmd_private =
+ talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+
+ ret = replmd_load_NCs(module);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ if (replmd_private->num_ncs == 0) {
+ return LDB_SUCCESS;
+ }
+
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ if (ldb_dn_compare_base(replmd_private->ncs[i].dn, dn) == 0) {
+ break;
+ }
+ }
+ if (i == replmd_private->num_ncs) {
+ DEBUG(0,(__location__ ": DN not within known NCs '%s'\n",
+ ldb_dn_get_linearized(dn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (uSN > replmd_private->ncs[i].mod_usn) {
+ replmd_private->ncs[i].mod_usn = uSN;
+ }
+
+ return LDB_SUCCESS;
+}
+
+
+/*
+ * update a @REPLCHANGED record in each partition if there have been
+ * any writes of replicated data in the partition
+ */
+static int replmd_notify_store(struct ldb_module *module)
+{
+ int i;
+ struct replmd_private *replmd_private =
+ talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ int ret;
+
+ if (replmd_private->ncs[i].mod_usn == 0) {
+ /* this partition has not changed in this
+ transaction */
+ continue;
+ }
+
+ ret = dsdb_save_partition_usn(ldb, replmd_private->ncs[i].dn,
+ replmd_private->ncs[i].mod_usn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to save partition uSN for %s\n",
+ ldb_dn_get_linearized(replmd_private->ncs[i].dn)));
+ return ret;
+ }
+ }
+
+ return LDB_SUCCESS;
+}
+
+
/*
created a replmd_replicated_request context
*/
@@ -458,6 +647,11 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
return ret;
}
+ ret = replmd_notify(module, msg->dn, seq_num);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
/* go on with the call chain */
return ldb_next_request(module, down_req);
}
@@ -505,6 +699,7 @@ static int replmd_update_rpmd_element(struct ldb_context *ldb,
return LDB_ERR_OPERATIONS_ERROR;
}
omd->ctr.ctr1.count++;
+ ZERO_STRUCT(omd->ctr.ctr1.array[i]);
}
/* Get a new sequence number from the backend. We only do this
@@ -519,7 +714,7 @@ static int replmd_update_rpmd_element(struct ldb_context *ldb,
}
md1 = &omd->ctr.ctr1.array[i];
- md1->version = 1;
+ md1->version++;
md1->attid = a->attributeID_id;
md1->originating_change_time = now;
md1->originating_invocation_id = *our_invocation_id;
@@ -534,8 +729,8 @@ static int replmd_update_rpmd_element(struct ldb_context *ldb,
* object. This is needed for DRS replication, as the merge on the
* client is based on this object
*/
-static int replmd_update_rpmd(struct ldb_context *ldb, struct ldb_message *msg,
- uint64_t *seq_num)
+static int replmd_update_rpmd(struct ldb_module *module,
+ struct ldb_message *msg, uint64_t *seq_num)
{
const struct ldb_val *omd_value;
enum ndr_err_code ndr_err;
@@ -548,6 +743,9 @@ static int replmd_update_rpmd(struct ldb_context *ldb, struct ldb_message *msg,
int ret;
const char *attrs[] = { "replPropertyMetaData" , NULL };
struct ldb_result *res;
+ struct ldb_context *ldb;
+
+ ldb = ldb_module_get_ctx(module);
our_invocation_id = samdb_ntds_invocation_id(ldb);
if (!our_invocation_id) {
@@ -631,6 +829,11 @@ static int replmd_update_rpmd(struct ldb_context *ldb, struct ldb_message *msg,
return ret;
}
+ ret = replmd_notify(module, msg->dn, *seq_num);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
el->num_values = 1;
el->values = md_value;
}
@@ -691,7 +894,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
* attribute was changed
*/
- ret = replmd_update_rpmd(ldb, msg, &seq_num);
+ ret = replmd_update_rpmd(module, msg, &seq_num);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -729,6 +932,102 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, down_req);
}
+
+/*
+ handle a rename request
+
+ On a rename we need to do an extra ldb_modify which sets the
+ whenChanged and uSNChanged attributes
+ */
+static int replmd_rename(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+ int ret, i;
+ time_t t = time(NULL);
+ uint64_t seq_num = 0;
+ struct ldb_message *msg;
+ struct replmd_private *replmd_private =
+ talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+
+ /* do not manipulate our control entries */
+ if (ldb_dn_is_special(req->op.mod.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ ldb = ldb_module_get_ctx(module);
+
+ ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_rename\n");
+
+ /* Get a sequence number from the backend */
+ ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ msg = ldb_msg_new(req);
+ if (msg == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ msg->dn = req->op.rename.olddn;
+
+ if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+ if (add_uint64_element(msg, "uSNChanged", seq_num) != LDB_SUCCESS) {
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
+
+ ret = ldb_modify(ldb, msg);
+ talloc_free(msg);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = replmd_load_NCs(module);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* now update the highest uSNs of the partitions that are
+ affected. Note that two partitions could be changing */
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ if (ldb_dn_compare_base(replmd_private->ncs[i].dn,
+ req->op.rename.olddn) == 0) {
+ break;
+ }
+ }
+ if (i == replmd_private->num_ncs) {
+ DEBUG(0,(__location__ ": rename olddn outside tree? %s\n",
+ ldb_dn_get_linearized(req->op.rename.olddn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ replmd_private->ncs[i].mod_usn = seq_num;
+
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ if (ldb_dn_compare_base(replmd_private->ncs[i].dn,
+ req->op.rename.newdn) == 0) {
+ break;
+ }
+ }
+ if (i == replmd_private->num_ncs) {
+ DEBUG(0,(__location__ ": rename newdn outside tree? %s\n",
+ ldb_dn_get_linearized(req->op.rename.newdn)));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ replmd_private->ncs[i].mod_usn = seq_num;
+
+ /* go on with the call chain */
+ return ldb_next_request(module, req);
+}
+
+
static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret)
{
return ret;
@@ -829,6 +1128,11 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
return replmd_replicated_request_error(ar, ret);
}
+ ret = replmd_notify(ar->module, msg->dn, seq_num);
+ if (ret != LDB_SUCCESS) {
+ return replmd_replicated_request_error(ar, ret);
+ }
+
/*
* the meta data array is already sorted by the caller
*/
@@ -1105,6 +1409,11 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
}
+ ret = replmd_notify(ar->module, msg->dn, seq_num);
+ if (ret != LDB_SUCCESS) {
+ return replmd_replicated_request_error(ar, ret);
+ }
+
if (DEBUGLVL(4)) {
char *s = ldb_ldif_message_string(ldb, ar, LDB_CHANGETYPE_MODIFY, msg);
DEBUG(4, ("DRS replication modify message:\n%s\n", s));
@@ -1684,18 +1993,17 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct
for (i=0; i<ar->objs->linked_attributes_count; i++) {
struct la_entry *la_entry;
- if (replmd_private == NULL) {
- DEBUG(0,(__location__ ": repl_meta_data not called from within a transaction\n"));
- return LDB_ERR_OPERATIONS_ERROR;
+ if (replmd_private->la_ctx == NULL) {
+ replmd_private->la_ctx = talloc_new(replmd_private);
}
-
- la_entry = talloc(replmd_private, struct la_entry);
+ la_entry = talloc(replmd_private->la_ctx, struct la_entry);
if (la_entry == NULL) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
la_entry->la = talloc(la_entry, struct drsuapi_DsReplicaLinkedAttribute);
if (la_entry->la == NULL) {
+ talloc_free(la_entry);
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -1891,15 +2199,17 @@ static int replmd_extended(struct ldb_module *module, struct ldb_request *req)
static int replmd_start_transaction(struct ldb_module *module)
{
/* create our private structure for this transaction */
+ int i;
struct replmd_private *replmd_private = talloc_get_type(ldb_module_get_private(module),
struct replmd_private);
- talloc_free(replmd_private);
- replmd_private = talloc(module, struct replmd_private);
- if (replmd_private == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ talloc_free(replmd_private->la_ctx);
replmd_private->la_list = NULL;
- ldb_module_set_private(module, replmd_private);
+ replmd_private->la_ctx = NULL;
+
+ for (i=0; i<replmd_private->num_ncs; i++) {
+ replmd_private->ncs[i].mod_usn = 0;
+ }
+
return ldb_next_start_trans(module);
}
@@ -1911,23 +2221,32 @@ static int replmd_prepare_commit(struct ldb_module *module)
{
struct replmd_private *replmd_private =
talloc_get_type(ldb_module_get_private(module), struct replmd_private);
- struct la_entry *la;
+ struct la_entry *la, *prev;
+ int ret;
/* walk the list backwards, to do the first entry first, as we
* added the entries with DLIST_ADD() which puts them at the
* start of the list */
for (la = replmd_private->la_list; la && la->next; la=la->next) ;
- for (; la; la=la->prev) {
- int ret;
+ for (; la; la=prev) {
+ prev = la->prev;
+ DLIST_REMOVE(replmd_private->la_list, la);
ret = replmd_process_linked_attribute(module, la);
if (ret != LDB_SUCCESS) {
return ret;
}
}
- talloc_free(replmd_private);
- ldb_module_set_private(module, NULL);
+ talloc_free(replmd_private->la_ctx);
+ replmd_private->la_list = NULL;
+ replmd_private->la_ctx = NULL;
+
+ /* possibly change @REPLCHANGED */
+ ret = replmd_notify_store(module);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
return ldb_next_prepare_commit(module);
}
@@ -1936,17 +2255,20 @@ static int replmd_del_transaction(struct ldb_module *module)
{
struct replmd_private *replmd_private =
talloc_get_type(ldb_module_get_private(module), struct replmd_private);
- talloc_free(replmd_private);
- ldb_module_set_private(module, NULL);
+ talloc_free(replmd_private->la_ctx);
+ replmd_private->la_list = NULL;
+ replmd_private->la_ctx = NULL;
return ldb_next_del_trans(module);
}
_PUBLIC_ const struct ldb_module_ops ldb_repl_meta_data_module_ops = {
.name = "repl_meta_data",
- .add = replmd_add,
- .modify = replmd_modify,
- .extended = replmd_extended,
+ .init_context = replmd_init,
+ .add = replmd_add,
+ .modify = replmd_modify,
+ .rename = replmd_rename,
+ .extended = replmd_extended,
.start_transaction = replmd_start_transaction,
.prepare_commit = replmd_prepare_commit,
.del_transaction = replmd_del_transaction,
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c
index 59cb9de717..f5ddff95ed 100644
--- a/source4/dsdb/samdb/ldb_modules/samba3sam.c
+++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c
@@ -24,7 +24,6 @@
* sambaTrustPassword
* sambaUnixIdPool
* sambaIdmapEntry
- * sambaAccountPolicy
* sambaSidEntry
* sambaAcctFlags -> systemFlags ?
* sambaPasswordHistory -> ntPwdHistory*/
diff --git a/source4/heimdal_build/asn1_deps.pl b/source4/heimdal_build/asn1_deps.pl
index 9da0787012..504f66d535 100755
--- a/source4/heimdal_build/asn1_deps.pl
+++ b/source4/heimdal_build/asn1_deps.pl
@@ -1,7 +1,7 @@
#!/usr/bin/perl
# Generate make dependency rules for asn1 files
# Jelmer Vernooij <jelmer@samba.org> 2005
-# Andrew Bartlett <abartlet@samba.org> 2006
+# Andrew Bartlett <abartlet@samba.org> 2006-2009
# Stefan Metzmacher <metze@samba.org> 2007
# GPL
@@ -11,12 +11,6 @@ my $file = shift;
my $prefix = shift;
my $dirname = shift;
my $options = join(' ', @ARGV);
-my $x_file;
-my @x_files = ();
-my $c_file;
-my @c_files = ();
-my $o_file;
-my @o_files = ();
my $import;
my @imports = ();
my $dep;
@@ -29,31 +23,27 @@ if (not defined $options) {
my $header = "$dirname/$prefix.h";
my $headerx = "$dirname/$prefix.hx";
+my $o_file = "$dirname/asn1_$prefix.o";
+my $c_file = "$dirname/asn1_$prefix.c";
+my $x_file = "$dirname/asn1_$prefix.x";
+my $output_file = "$dirname/" . $prefix . "_asn1_files";
print "basics:: $header\n";
+print "$output_file: \$(heimdalsrcdir)/$file \$(ASN1C)\n";
+print "\t\@echo \"Compiling ASN1 file \$(heimdalsrcdir)/$file\"\n";
+print "\t\@\$(heimdalbuildsrcdir)/asn1_compile_wrapper.sh \$(builddir) $dirname \$(ASN1C) \$(call abspath,\$(heimdalsrcdir)/$file) $prefix $options --one-code-file\n\n";
+print "$headerx: $output_file\n";
print "$header: $headerx\n";
print "\t\@cp $headerx $header\n";
-print "$headerx: \$(heimdalsrcdir)/$file \$(ASN1C)\n";
-print "\t\@echo \"Compiling ASN1 file \$(heimdalsrcdir)/$file\"\n";
-print "\t\@\$(heimdalbuildsrcdir)/asn1_compile_wrapper.sh \$(builddir) $dirname \$(ASN1C) \$(call abspath,\$(heimdalsrcdir)/$file) $prefix $options\n\n";
+print "$x_file: $header\n";
+print "$c_file: $x_file\n";
+print "\t\@echo \"#include \\\"config.h\\\"\" > $c_file && cat $x_file >> $c_file\n\n";
open(IN,"heimdal/$file") or die("Can't open heimdal/$file: $!");
my @lines = <IN>;
close(IN);
foreach my $line (@lines) {
- if ($line =~ /^([\w]+[\w\-]+)(\s+OBJECT IDENTIFIER)?\s*::=/) {
- my $output = $1;
- $output =~ s/-/_/g;
- $c_file = "$dirname/asn1_$output.c";
- $x_file = "$dirname/asn1_$output.x";
- $o_file = "$dirname/asn1_$output.o";
- print "$x_file: $header\n";
- print "$c_file: $dirname/asn1_$output.x\n";
- print "\t\@echo \"#include \\\"config.h\\\"\" > $c_file && cat $x_file >> $c_file\n\n";
- push @x_files, $x_file;
- push @c_files, $c_file;
- push @o_files, $o_file;
- } elsif ($line =~ /^(\s*IMPORT)([\w\,\s])*(\s+FROM\s+)([\w]+[\w\-]+);/) {
+ if ($line =~ /^(\s*IMPORT)([\w\,\s])*(\s+FROM\s+)([\w]+[\w\-]+);/) {
$import = $line;
chomp $import;
push @imports, $import;
@@ -94,21 +84,16 @@ print "CFLAGS = -Iheimdal_build -Iheimdal/lib/roken -I$dirname\n";
print "PUBLIC_DEPENDENCIES = $depstr\n\n";
print "HEIMDAL_".uc($prefix)."_OBJ_FILES = ";
-foreach $o_file (@o_files) {
- print "\\\n\t$o_file";
-}
+print "\\\n\t$o_file";
print "\n\n";
print "clean:: \n";
print "\t\@echo \"Deleting ASN1 output files generated from $file\"\n";
+print "\t\@rm -f $output_file\n";
print "\t\@rm -f $header\n";
-foreach $c_file (@c_files) {
- print "\t\@rm -f $c_file\n";
-}
-foreach $x_file (@x_files) {
- print "\t\@rm -f $x_file\n";
-}
+print "\t\@rm -f $c_file\n";
+print "\t\@rm -f $x_file\n";
print "\t\@rm -f $dirname/$prefix\_files\n";
print "\t\@rm -f $dirname/$prefix\.h\n";
print "\n";
diff --git a/source4/heimdal_build/internal.mk b/source4/heimdal_build/internal.mk
index 61159ab94e..a2b5df7257 100644
--- a/source4/heimdal_build/internal.mk
+++ b/source4/heimdal_build/internal.mk
@@ -114,7 +114,7 @@ $(eval $(call heimdal_proto_header_template, \
# Start SUBSYSTEM HEIMDAL_GSSAPI
[SUBSYSTEM::HEIMDAL_GSSAPI]
CFLAGS = -I$(heimdalbuildsrcdir) -I$(heimdalsrcdir)/lib/gssapi -I$(heimdalsrcdir)/lib/gssapi/gssapi -I$(heimdalsrcdir)/lib/gssapi/spnego -I$(heimdalsrcdir)/lib/gssapi/krb5 -I$(heimdalsrcdir)/lib/gssapi/mech
-PRIVATE_DEPENDENCIES = HEIMDAL_HCRYPTO HEIMDAL_HEIM_ASN1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_ROKEN HEIMDAL_KRB5
+PRIVATE_DEPENDENCIES = HEIMDAL_HCRYPTO HEIMDAL_HEIM_ASN1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 HEIMDAL_ROKEN HEIMDAL_KRB5
# End SUBSYSTEM HEIMDAL_GSSAPI
#######################
@@ -250,7 +250,6 @@ HEIMDAL_GSSAPI_OBJ_FILES = \
$(heimdalsrcdir)/lib/gssapi/mech/gss_release_name.o \
$(heimdalsrcdir)/lib/gssapi/mech/gss_set_cred_option.o \
$(heimdalsrcdir)/lib/gssapi/mech/gss_pseudo_random.o \
- $(heimdalsrcdir)/lib/gssapi/asn1_GSSAPIContextToken.o \
$(heimdalbuildsrcdir)/gssapi-glue.o
#######################
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index 3f7fa2f395..b4f03dc538 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -1758,8 +1758,13 @@ static PyObject *py_ldb_msg_keys(PyLdbMessageObject *self)
static PyObject *py_ldb_msg_getitem_helper(PyLdbMessageObject *self, PyObject *py_name)
{
struct ldb_message_element *el;
- char *name = PyString_AsString(py_name);
+ char *name;
struct ldb_message *msg = PyLdbMessage_AsMessage(self);
+ if (!PyString_Check(py_name)) {
+ PyErr_SetNone(PyExc_TypeError);
+ return NULL;
+ }
+ name = PyString_AsString(py_name);
if (!strcmp(name, "dn"))
return PyLdbDn_FromDn(msg->dn);
el = ldb_msg_find_element(msg, name);
@@ -1786,8 +1791,11 @@ static PyObject *py_ldb_msg_get(PyLdbMessageObject *self, PyObject *args)
return NULL;
ret = py_ldb_msg_getitem_helper(self, name);
- if (ret == NULL)
+ if (ret == NULL) {
+ if (PyErr_Occurred())
+ return NULL;
Py_RETURN_NONE;
+ }
return ret;
}
diff --git a/source4/lib/ldb/tests/python/api.py b/source4/lib/ldb/tests/python/api.py
index 88983ac738..133bd180c1 100755
--- a/source4/lib/ldb/tests/python/api.py
+++ b/source4/lib/ldb/tests/python/api.py
@@ -480,6 +480,10 @@ class LdbMsgTests(unittest.TestCase):
self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "@BASEINFO")
self.assertEquals("@BASEINFO", self.msg.get("dn").__str__())
+ def test_get_invalid(self):
+ self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "@BASEINFO")
+ self.assertRaises(TypeError, self.msg.get, 42)
+
def test_get_other(self):
self.msg["foo"] = ["bar"]
self.assertEquals("bar", self.msg.get("foo")[0])
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 6f7637a970..165e485d45 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -94,12 +94,13 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
attids[n] = md.ctr.ctr1.array[i].attid;
n++;
}
- if (n == 0) {
- /* nothing to send */
- talloc_free(obj->meta_data_ctr);
- obj->meta_data_ctr = NULL;
- return WERR_OK;
- }
+
+ /*
+ note that if n==0 we still need to send the change, as it
+ could be a rename, which changes the uSNChanged, but not any
+ of the replicated attributes
+ */
+
obj->meta_data_ctr->count = n;
obj->object.identifier = talloc(obj, struct drsuapi_DsReplicaObjectIdentifier);
@@ -315,7 +316,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
ncRoot_dn = ldb_dn_new(mem_ctx, sam_ctx, ncRoot->dn);
ret = drsuapi_search_with_extended_dn(sam_ctx, mem_ctx, &site_res,
ncRoot_dn, LDB_SCOPE_SUBTREE, attrs,
- "uSNChanged>=%llu",
+ "(uSNChanged>=%llu)",
(unsigned long long)(r->in.req->req8.highwatermark.highest_usn+1));
if (ret != LDB_SUCCESS) {
return WERR_DS_DRA_INTERNAL_ERROR;
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 19149e92e2..e21a3cbee1 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1040,10 +1040,14 @@ def provision(setup_dir, message, session_info,
if domainsid is None:
domainsid = security.random_sid()
+ # create/adapt the group policy GUIDs
if policyguid is None:
policyguid = str(uuid.uuid4())
+ policyguid = policyguid.upper()
if policyguid_dc is None:
policyguid_dc = str(uuid.uuid4())
+ policyguid_dc = policyguid_dc.upper()
+
if adminpass is None:
adminpass = glue.generate_random_str(12)
if krbtgtpass is None:
@@ -1191,16 +1195,16 @@ def provision(setup_dir, message, session_info,
os.makedirs(policy_path, 0755)
open(os.path.join(policy_path, "GPT.INI"), 'w').write(
"[General]\r\nVersion=65544")
- os.makedirs(os.path.join(policy_path, "Machine"), 0755)
- os.makedirs(os.path.join(policy_path, "User"), 0755)
+ os.makedirs(os.path.join(policy_path, "MACHINE"), 0755)
+ os.makedirs(os.path.join(policy_path, "USER"), 0755)
policy_path_dc = os.path.join(paths.sysvol, names.dnsdomain, "Policies",
"{" + policyguid_dc + "}")
os.makedirs(policy_path_dc, 0755)
open(os.path.join(policy_path_dc, "GPT.INI"), 'w').write(
"[General]\r\nVersion=2")
- os.makedirs(os.path.join(policy_path_dc, "Machine"), 0755)
- os.makedirs(os.path.join(policy_path_dc, "User"), 0755)
+ os.makedirs(os.path.join(policy_path_dc, "MACHINE"), 0755)
+ os.makedirs(os.path.join(policy_path_dc, "USER"), 0755)
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0755)
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 35faed84bb..71f9949f67 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -2,7 +2,8 @@
# Configuration Naming Context
###############################
-# Display specifiers are in "display-specifiers/DisplaySpecifiers-Win2k8R2.txt"
+# Display specifiers are located in
+# display-specifiers/DisplaySpecifiers-Win2k8R2.txt"
# This file is parsed during provision using the ms_display_specifiers.py
# script.
@@ -746,6 +747,32 @@ objectClass: top
objectClass: applicationSiteSettings
objectClass: licensingSiteSettings
+dn: CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransportContainer
+systemFlags: -2147483648
+
+dn: CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransport
+transportAddressAttribute: dNSHostName
+transportDLLName: ismip.dll
+
+dn: CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: siteLink
+cost: 100
+replInterval: 180
+siteList: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+systemFlags: 1073741824
+
+dn: CN=SMTP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransport
+transportAddressAttribute: mailAddress
+transportDLLName: ismsmtp.dll
+options: 1
+
dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: applicationSiteSettings
@@ -756,7 +783,3 @@ objectClass: top
objectClass: serversContainer
systemFlags: 33554432
-dn: CN=Subnets,CN=Sites,${CONFIGDN}
-objectClass: top
-objectClass: subnetContainer
-systemFlags: -1073741824
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 00f0bee4cc..6f58bd4a38 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -14,17 +14,20 @@ gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
11D1-A7CC-0000F87571E3}]
+isCriticalSystemObject: TRUE
nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
systemFlags: -1946157056
dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+isCriticalSystemObject: TRUE
systemFlags: -1946157056
dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+isCriticalSystemObject: TRUE
systemFlags: -1946157056
dn: CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
@@ -38,16 +41,19 @@ versionNumber: 2
flags: 0
gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
FB-11D0-A0D0-00A0C90F574B}]
+isCriticalSystemObject: TRUE
nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
systemFlags: -1946157056
dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+isCriticalSystemObject: TRUE
systemFlags: -1946157056
dn: CN=Machine,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+isCriticalSystemObject: TRUE
systemFlags: -1946157056