Age | Commit message (Collapse) | Author | Files | Lines |
|
the one we want to use
|
|
|
|
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
To replicate application partitions (e.g. DNS partitions) consult
msDs-hasMasterNCs attribute as well. Also, make sure we don't add
same partition twice in the list. hasMasterNCs and msDs-hasMasterNCs
have domain, configuration and schema partitions common.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this sets DSDB_REPL_FLAG_PARTIAL_REPLICA when replicating a RODC
partition, which tells the replication code to map instanceType to
remove the INSTANCE_TYPE_WRITE bit
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this adds a flag to dsdb_origin_objects_commit that tells it to create
a new NC based on the nCName in a crossRef object
|
|
|
|
when we receive objects to a partial replica, we need to change the
incoming instanceType to not include the INSTANCE_TYPE_WRITE
flag. Partial replicas unset this flag.
|
|
this sets the appropriate flags for replication with FULL_SYNC and
partial replica replications
|
|
|
|
when we find a NC via a DN string, fill in the GUID and SID so the
caller can properly report them
|
|
this allows us to use the DN from a hasPartialReplicaNCs attribute to
create a reps1 object
|
|
we need to create a temporary dsa object to allow the replication task
to replicate a NC that is not listed in a repsFrom attribute
|
|
we need to use the hasMasterNCs and hasPartialReplicaNCs attributes on
our NTDS object to get the list of NCs to replicate, instead of using
the rootDSE. This is needed to support replicating of GC partial
replicas, which are not listed in the rootDSE
|
|
if we are replicating a partial replica, then we need to supply the
partial attribute set we want to replicate to the server
|
|
another multi-domain fix
|
|
|
|
This happens if we have a custom schema - we need to build up the schema until
it loads, by converting more objects.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed May 11 21:03:59 CEST 2011 on sn-devel-104
|
|
This avoid symbol and structure conflicts between Samba3 and Samba4,
and chooses a less generic name.
Andrew Bartlett
|
|
this gives the administrator a proper error message on the command
line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We don't need all object attributes resolved and converted for a working
schema to be functional.
|
|
during replicated object convert stage.
The problem is that we may have loops in schema graph and we can't
resolve those loops in just one pass. Ignoring some attributes
conversion will allow us to have a functional schema cache that we
can use later to resolve all attribute OIDs on another pass
|
|
run_pending_ops directly
Executing dreplsrv_run_pending_ops() directly may cause a segfault
as in case of failure, the _drepl_replica_sync_done_cb() callback
gets called *before* drepl_replica_sync() returns. In such case,
irpc message gets freed twice - once when irpc_send_reply() gets called
and once when drepl_replica_sync() returns
|
|
last success
|
|
1. Take into account DSA options - we should not send replication
requests in case OUTBOUND_REPLICATION is disabled
2. Use replication flags for the operation to determine if
a forced replication is requested
3. In case outbound replication is disabled and we don't have
DRSUAPI_DRS_SYNC_FORCED flag set, then we should record
WERR_DS_DRA_SINK_DISABLED error as a last replication result
|
|
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
everything is OK
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
|
|
We need to do this as dsdb_reference_schema() function
clears "use_global_schema" ldb flag.
Basically what is going to happen is that after dsdb_reference_schema()
global_schema pointer will continue to point at old schema cache,
while "dsdb_schema" for LDB will point at the working_schema.
After replication is done, we reset "dsdb_schema" for the ldb
with an updated Schema cache, but this leaves global_schema pointer
with its old value, which is not up to date.
So we need to call dsdb_make_schema_global() again so that global_schema
points to a valid Schema cache.
|
|
working_schema is a shallow copy of current schema and thus
depends on part of it. So we want it to be around as long as
working_schema is used.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
|
|
|
|
Without this check, receiving empty replica leads to a situation
where we left with a working_schema attached to the ldb.
The problem here is that working_schema is not fully functional
schema cache and keeping it attached to the ldb may lead
to modules failing to accomplish their jobs
|
|
|
|
while committing objects
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
|
|
return NULL
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Dec 1 17:14:01 CET 2010 on sn-devel-104
|
|
Schema is changed and it is quite possible we won't be able
to decode replicated objects using current Schema cache we have.
Thus, when replicating Schema, we will make a temporary Schema
cache, working_schema, so that we can fully decode objects
we recieve.
|
|
It is heavily based on implementation in libnet_vampire_cb_apply_schema()
function, except that it actually creates a new copy of the supplied
initial_schema + resolving all incoming objects and add them to
supplied initial_schema.
We are going to need this 'working_schema' later so we are able
to fully resolve all objects we receive on wire during DRS replication.
Working schema created is to be used only as an index to search in.
It is not supposed to be set to an ldb_context as it doesn't
contain all information for classSchema and attributeSchema objects.
|
|
This allows us to use schema that is different than the one
set to 'ldb' to decode objects.
|
|
This is needed to fix a Tru64 "cc" warning regarding "enum drepl_role_master".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 28 12:46:19 CET 2010 on sn-devel-104
|
|
|
|
Detected by Tru64 "cc".
|
|
Also detected by Tru64 "cc".
|
|
specifications
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
|