Age | Commit message (Collapse) | Author | Files | Lines |
|
Schema is changed and it is quite possible we won't be able
to decode replicated objects using current Schema cache we have.
Thus, when replicating Schema, we will make a temporary Schema
cache, working_schema, so that we can fully decode objects
we recieve.
|
|
It is heavily based on implementation in libnet_vampire_cb_apply_schema()
function, except that it actually creates a new copy of the supplied
initial_schema + resolving all incoming objects and add them to
supplied initial_schema.
We are going to need this 'working_schema' later so we are able
to fully resolve all objects we receive on wire during DRS replication.
Working schema created is to be used only as an index to search in.
It is not supposed to be set to an ldb_context as it doesn't
contain all information for classSchema and attributeSchema objects.
|
|
This allows us to use schema that is different than the one
set to 'ldb' to decode objects.
|
|
This is needed to fix a Tru64 "cc" warning regarding "enum drepl_role_master".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 28 12:46:19 CET 2010 on sn-devel-104
|
|
|
|
Detected by Tru64 "cc".
|
|
Also detected by Tru64 "cc".
|
|
specifications
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
|
|
this isn't needed any more
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 17 13:41:51 UTC 2010 on sn-devel-104
|
|
when a replication fails, we should add the failure to repsFrom
when a notify fails, we need to save it to repsTo
this ensures showrepl always shows the latest status
|
|
when there was a continuous sequence of notify ops, we could leave the
replication ops starving. This ensures we run whichever was queued
first
|
|
|
|
dsdb_replicated_objects_convert/
It is part of dsdb_replicated_* family of functions
|
|
dsdb_replicated_objects_commit
It is part of dsdb_replicated_* family of functions
|
|
It is used in dsdb_origin_objects_commit() func,
hence the dsdb_origin_ prefix
|
|
|
|
This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.
Andrew Bartlett
|
|
We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 06:57:43 UTC 2010 on sn-devel-104
|
|
|
|
Otherwise we'll requeue the same notify events on and on.
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies
$8 = {prev = 0xe4cb30, next = 0x1a25440, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next
$9 = {prev = 0x80e000, next = 0x1b7bf70, service = 0x1b52190, uSN = 123589,
source_dsa = 0x1a2d930, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next->next
$10 = {prev = 0x1a25440, next = 0x1d0c310, service = 0x1b52190, uSN = 1587,
source_dsa = 0x13d3210, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *) 0x1b52190)->ops.notifies->next->next->next
$11 = {prev = 0x1b7bf70, next = 0x1ba1420, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next
$12 = {prev = 0x1d0c310, next = 0x1c43510, service = 0x1b52190, uSN = 123589,
source_dsa = 0x1a2d930, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next->next
$13 = {prev = 0x1ba1420, next = 0xed97b0, service = 0x1b52190, uSN = 1587,
source_dsa = 0x13d3210, is_urgent = false, replica_flags = 29}
(gdb) p *((struct dreplsrv_service *)
0x1b52190)->ops.notifies->next->next->next->next->next->next
$14 = {prev = 0x1c43510, next = 0xe4ce80, service = 0x1b52190, uSN = 123905,
source_dsa = 0x164c100, is_urgent = false, replica_flags = 29}
We can reuse this operations, while they're not yet started.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov 5 07:15:04 UTC 2010 on sn-devel-104
|
|
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
|
|
This includes dom_sid.h and security_token.h and will be moved
to the top level shortly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
|
|
|
|
|
|
this is required when talking to RODCs (for notify calls), and is good
practice for all DCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we use the ADD_REF bit in getncchanges instead
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
we were incorrectly avoiding a getncchanges when WRIT_REP was not set
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
|
|
this ensures we always mark ourselves as writeable when we are not
an RODC
|
|
this avoids a list walk in the calling code
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
we find the NC root then load the uptodateness vector and highwater
mark, if available, from there
|
|
This functionality is needed for DsCrackNames ListRoles command also.
|
|
Test suite for fsmo is extended with a test case for naming master too.
|
|
replica
This fixes the problem when we fail to replicate with
a partner DC that has a newer Schema with attributeSchema
objects with OIDs that we don't have in our local prefixMap.
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a RODC we must supply a partial attribute set in the
getncchanges call
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the repl_secret code needs to set it to avoid too many duplicate
attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
initiate a repl secret extended op when requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
|
|
this is needed to get the repsFrom DNS entry right
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is not part of the rid allocation logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Multiple calls are allowed to run in parallel as long as they don't
conflict.
This also cleans up the variable names in the extended op calls.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa
Conflicts:
source4/dsdb/repl/drepl_ridalloc.c
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
|
|
|