Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.
Andrew Bartlett
|
|
We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 06:57:43 UTC 2010 on sn-devel-104
|
|
|
|
Otherwise we'll requeue the same notify events on and on.
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies
$8 = {prev = 0xe4cb30, next = 0x1a25440, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next
$9 = {prev = 0x80e000, next = 0x1b7bf70, service = 0x1b52190, uSN = 123589,
source_dsa = 0x1a2d930, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next->next
$10 = {prev = 0x1a25440, next = 0x1d0c310, service = 0x1b52190, uSN = 1587,
source_dsa = 0x13d3210, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next->next->next
$11 = {prev = 0x1b7bf70, next = 0x1ba1420, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next
$12 = {prev = 0x1d0c310, next = 0x1c43510, service = 0x1b52190, uSN = 123589,
source_dsa = 0x1a2d930, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next->next
$13 = {prev = 0x1ba1420, next = 0xed97b0, service = 0x1b52190, uSN = 1587,
source_dsa = 0x13d3210, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next->next->next
$14 = {prev = 0x1c43510, next = 0xe4ce80, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
We can reuse this operations, while they're not yet started.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov 5 07:15:04 UTC 2010 on sn-devel-104
|
|
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
|
|
This includes dom_sid.h and security_token.h and will be moved
to the top level shortly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
|
|
|
|
|
|
this is required when talking to RODCs (for notify calls), and is good
practice for all DCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we use the ADD_REF bit in getncchanges instead
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
we were incorrectly avoiding a getncchanges when WRIT_REP was not set
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
|
|
this ensures we always mark ourselves as writeable when we are not
an RODC
|
|
this avoids a list walk in the calling code
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
we find the NC root then load the uptodateness vector and highwater
mark, if available, from there
|
|
This functionality is needed for DsCrackNames ListRoles command also.
|
|
Test suite for fsmo is extended with a test case for naming master too.
|
|
replica
This fixes the problem when we fail to replicate with
a partner DC that has a newer Schema with attributeSchema
objects with OIDs that we don't have in our local prefixMap.
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a RODC we must supply a partial attribute set in the
getncchanges call
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the repl_secret code needs to set it to avoid too many duplicate
attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
initiate a repl secret extended op when requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
|
|
this is needed to get the repsFrom DNS entry right
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is not part of the rid allocation logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Multiple calls are allowed to run in parallel as long as they don't
conflict.
This also cleans up the variable names in the extended op calls.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa
Conflicts:
source4/dsdb/repl/drepl_ridalloc.c
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
|
|
|
|
|
|
In most cases this will transfer of schema master role to
look like a synchronous operation.
|
|
the IRPC API has changed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
It schedules a getncchanges with extended op 6, to be used when a modify request on
becomeROLEMaster atteibute on rootDSE is received.
|
|
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to
become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute
in its database with the new owner, and replicates the change to the candidate, who then becomes the
owner.
The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who
kindly helped to debug it.
|
|
structures can be used for other extended ops
|
|
run the operation
Operation was scheduled already, so we need to call
the callback function for it to be able to do its job.
For instance, if we are blocking an rpc call until an
operation is completed and there is no memory, then
client will be blocked without knowing what is going on
with the server.
|
|
|
|
and remove few trailing white spaces
|
|
There are many spots where this function may fail
and I find it very useful to know where exactly function
fails and what are the input parameters during testing.
REPLICA_SYNC_FAIL() macro now dumps an error message
so we may remove extra DEBUG() dump in implementation.
|
|
|
|
Sorry for the 'custom' definition first time
|
|
see: MS-DRSR - 4.1.23.2
Note: Synchronious replication not implemented yet.
|
|
|