From 958e5b190884d2876e6d2e80a69d03b8f922c471 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 24 Jan 2006 21:26:55 +0000 Subject: [PATCH] r13121: Tag 4.0.0TP1 --- STATUS | 1 + WHATSNEW.txt | 8 + source/VERSION | 11 +- source/auth/credentials/credentials_files.c | 29 ++- source/auth/credentials/credentials_krb5.c | 14 -- source/auth/kerberos/kerberos_util.c | 4 +- source/auth/kerberos/krb5_init_context.c | 2 - source/heimdal/lib/hdb/hdb-protos.h | 6 - source/heimdal/lib/hdb/hdb.c | 5 +- source/heimdal/lib/hdb/keytab.c | 276 ---------------------------- source/heimdal/lib/krb5/krb5.h | 3 - source/heimdal_build/config.mk | 2 - source/kdc/config.mk | 15 +- source/kdc/hdb-ldb.c | 21 +-- source/kdc/kdc.c | 9 +- source/kdc/kdc.h | 4 +- source/kdc/kpasswdd.c | 5 +- source/lib/ldb/include/ldb.h | 2 +- source/lib/version.c | 9 +- source/nbt_server/wins/wins_hook.c | 64 +------ source/nbt_server/wins/winsdb.c | 132 +------------ source/nbt_server/wins/winsserver.c | 48 ++--- source/script/mkversion.sh | 30 +-- source/setup/secrets.ldif | 8 +- source/wrepl_server/wrepl_apply_records.c | 48 ++--- source/wrepl_server/wrepl_out_push.c | 10 +- source/wrepl_server/wrepl_server.h | 4 +- 27 files changed, 101 insertions(+), 669 deletions(-) delete mode 100644 source/heimdal/lib/hdb/keytab.c diff --git a/STATUS b/STATUS index 3e72ef68855..6bbc5809d76 100644 --- a/STATUS +++ b/STATUS @@ -1,2 +1,3 @@ This file documents the features that are known to work or known to still need work in the current version of Samba 4. + diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6f359ef38bf..75122d367be 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -99,6 +99,14 @@ KNOWN ISSUES - Domain logons (using Kerberos) from windows clients incorrectly state that the password expires today. +- When migrating a domain from Windows AD to Samba4, clients must be rebooted before they will login + +- In this same migration situation, Samba4's kpasswd server will not have correct keys (preventing Samba3 joins to such a domain) + +- Samba4 is unable to join Samba4 as a member server (domain member operation is unsupported in general), and may fail Kerberos based, SMB signed connections from Samba4's smb clients. + +- Apple's MAC OSX is not a supported client + RUNNING Samba4 ============== diff --git a/source/VERSION b/source/VERSION index 77d832624b3..8427924957d 100644 --- a/source/VERSION +++ b/source/VERSION @@ -1,12 +1,6 @@ ######################################################## # SAMBA Version # # # -# Samba versions are as follows # -# 3.0.x New production series # -# 3.0.x{tp,pre,rc}y Preview/Testing & RC # -# 3.0.x[a-z] Patch releases # -# 3.0.x[a-z]-VENDOR-z Vendor patch releases # -# # # script/mkversion.sh # # will use this file to create # # include/version.h # @@ -44,10 +38,10 @@ SAMBA_VERSION_REVISION= # # # ..tp # # # -# e.g. SAMBA_VERSION_TP_RELEASE=1 # +# e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "4.0.0tp1" # ######################################################## -SAMBA_VERSION_TP_RELEASE=2 +SAMBA_VERSION_TP_RELEASE=1 ######################################################## # For 'pre' releases the version will be # @@ -116,4 +110,3 @@ SAMBA_VERSION_RELEASE_NICKNAME= # -> "CVS 3.0.0rc2-VendorVersion" # ######################################################## SAMBA_VERSION_VENDOR_SUFFIX= -SAMBA_VERSION_VENDOR_PATCH= diff --git a/source/auth/credentials/credentials_files.c b/source/auth/credentials/credentials_files.c index 53350b8ed0a..219869cf3ae 100644 --- a/source/auth/credentials/credentials_files.c +++ b/source/auth/credentials/credentials_files.c @@ -267,12 +267,17 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, cli_credentials_set_nt_hash(cred, &hash, CRED_SPECIFIED); } else { - cli_credentials_set_password(cred, NULL, CRED_SPECIFIED); + + DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n", + cli_credentials_get_domain(cred))); + + /* set anonymous as the fallback, if the machine account won't work */ + cli_credentials_set_anonymous(cred); + + talloc_free(mem_ctx); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - } else { - cli_credentials_set_password(cred, password, CRED_SPECIFIED); } - domain = ldb_msg_find_string(msgs[0], "flatname", NULL); if (domain) { @@ -285,6 +290,9 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, } cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED); + if (password) { + cli_credentials_set_password(cred, password, CRED_SPECIFIED); + } cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0)); @@ -409,14 +417,13 @@ NTSTATUS cli_credentials_update_all_keytabs(TALLOC_CTX *parent_ctx) return NT_STATUS_ACCESS_DENIED; } - /* search for the secret record, but only of things we can - * actually update */ + /* search for the secret record */ ldb_ret = gendb_search(ldb, mem_ctx, NULL, &msgs, attrs, - "(&(objectClass=kerberosSecret)(|(secret=*)(ntPwdHash=*)))"); + "objectClass=kerberosSecret"); if (ldb_ret == -1) { - DEBUG(1, ("Error looking for kerberos type secrets to push into a keytab:: %s", ldb_errstring(ldb))); + DEBUG(1, ("Error looking for kerberos type secrets to push into a keytab")); talloc_free(mem_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -435,13 +442,15 @@ NTSTATUS cli_credentials_update_all_keytabs(TALLOC_CTX *parent_ctx) if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to read secrets for keytab update for %s\n", filter)); - continue; + talloc_free(mem_ctx); + return status; } ret = cli_credentials_update_keytab(creds); if (ret != 0) { DEBUG(1, ("Failed to update keytab for %s\n", filter)); - continue; + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; } } return NT_STATUS_OK; diff --git a/source/auth/credentials/credentials_krb5.c b/source/auth/credentials/credentials_krb5.c index 29b70d9a537..5f40ca10467 100644 --- a/source/auth/credentials/credentials_krb5.c +++ b/source/auth/credentials/credentials_krb5.c @@ -43,20 +43,6 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred, return 0; } -/* This needs to be called directly after the cli_credentials_init(), - * otherwise we might have problems with the krb5 context already - * being here. - */ -NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, - struct smb_krb5_context *smb_krb5_context) -{ - if (!talloc_reference(cred, smb_krb5_context)) { - return NT_STATUS_NO_MEMORY; - } - cred->smb_krb5_context = smb_krb5_context; - return NT_STATUS_OK; -} - int cli_credentials_set_from_ccache(struct cli_credentials *cred, enum credentials_obtained obtained) { diff --git a/source/auth/kerberos/kerberos_util.c b/source/auth/kerberos/kerberos_util.c index 776b591ba43..ad0e18b2e74 100644 --- a/source/auth/kerberos/kerberos_util.c +++ b/source/auth/kerberos/kerberos_util.c @@ -397,9 +397,9 @@ static int create_keytab(TALLOC_CTX *parent_ctx, const struct samr_Password *mach_pwd; mach_pwd = cli_credentials_get_nt_hash(machine_account, mem_ctx); if (!mach_pwd) { + talloc_free(mem_ctx); DEBUG(1, ("create_keytab: Domain trust informaton for account %s not available\n", cli_credentials_get_principal(machine_account, mem_ctx))); - talloc_free(mem_ctx); return EINVAL; } ret = krb5_keyblock_init(smb_krb5_context->krb5_context, @@ -410,7 +410,6 @@ static int create_keytab(TALLOC_CTX *parent_ctx, DEBUG(1, ("create_keytab: krb5_keyblock_init failed: %s\n", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); - talloc_free(mem_ctx); return ret; } @@ -517,7 +516,6 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, switch (ret) { case 0: break; - case HEIM_ERR_OPNOTSUPP: case ENOENT: case KRB5_KT_END: /* no point enumerating if there isn't anything here */ diff --git a/source/auth/kerberos/krb5_init_context.c b/source/auth/kerberos/krb5_init_context.c index 830c8035248..8e52ac5e3f2 100644 --- a/source/auth/kerberos/krb5_init_context.c +++ b/source/auth/kerberos/krb5_init_context.c @@ -448,8 +448,6 @@ static void smb_krb5_send_and_recv_close_func(krb5_context context, void *data) return ret; } - (*smb_krb5_context)->krb5_context->mem_ctx = *smb_krb5_context; - talloc_steal(parent_ctx, *smb_krb5_context); talloc_free(tmp_ctx); diff --git a/source/heimdal/lib/hdb/hdb-protos.h b/source/heimdal/lib/hdb/hdb-protos.h index 67e19f7e4a0..c221175e410 100644 --- a/source/heimdal/lib/hdb/hdb-protos.h +++ b/source/heimdal/lib/hdb/hdb-protos.h @@ -491,12 +491,6 @@ hdb_ldapi_create ( const char */*arg*/); krb5_error_code -hdb_ldb_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code hdb_list_builtin ( krb5_context /*context*/, char **/*list*/); diff --git a/source/heimdal/lib/hdb/hdb.c b/source/heimdal/lib/hdb/hdb.c index 406a50ecbd1..5631d053329 100644 --- a/source/heimdal/lib/hdb/hdb.c +++ b/source/heimdal/lib/hdb/hdb.c @@ -55,9 +55,6 @@ static struct hdb_method methods[] = { {"ldap:", hdb_ldap_create}, {"ldapi:", hdb_ldapi_create}, #endif -#ifdef _SAMBA_BUILD_ - {"ldb:", hdb_ldb_create}, -#endif {NULL, NULL} }; @@ -398,6 +395,6 @@ hdb_create(krb5_context context, HDB **db, const char *filename) h = find_dynamic_method (context, filename, &residual); #endif if (h == NULL) - krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename); + krb5_errx(context, 1, "No database support! (hdb_create)"); return (*h->create)(context, db, residual); } diff --git a/source/heimdal/lib/hdb/keytab.c b/source/heimdal/lib/hdb/keytab.c deleted file mode 100644 index 21ee2f4274c..00000000000 --- a/source/heimdal/lib/hdb/keytab.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -/* keytab backend for HDB databases */ - -RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $"); - -struct hdb_data { - char *dbname; - char *mkey; -}; - -/* - * the format for HDB keytabs is: - * HDB:[database:file:mkey] - */ - -static krb5_error_code -hdb_resolve(krb5_context context, const char *name, krb5_keytab id) -{ - struct hdb_data *d; - const char *db, *mkey; - - d = malloc(sizeof(*d)); - if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - db = name; - mkey = strrchr(name, ':'); - if(mkey == NULL || mkey[1] == '\0') { - if(*name == '\0') - d->dbname = NULL; - else { - d->dbname = strdup(name); - if(d->dbname == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } - d->mkey = NULL; - } else { - if((mkey - db) == 0) { - d->dbname = NULL; - } else { - d->dbname = malloc(mkey - db); - if(d->dbname == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memmove(d->dbname, db, mkey - db); - d->dbname[mkey - db] = '\0'; - } - d->mkey = strdup(mkey + 1); - if(d->mkey == NULL) { - free(d->dbname); - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } - id->data = d; - return 0; -} - -static krb5_error_code -hdb_close(krb5_context context, krb5_keytab id) -{ - struct hdb_data *d = id->data; - - free(d->dbname); - free(d->mkey); - free(d); - return 0; -} - -static krb5_error_code -hdb_get_name(krb5_context context, - krb5_keytab id, - char *name, - size_t namesize) -{ - struct hdb_data *d = id->data; - - snprintf(name, namesize, "%s%s%s", - d->dbname ? d->dbname : "", - (d->dbname || d->mkey) ? ":" : "", - d->mkey ? d->mkey : ""); - return 0; -} - -static void -set_config (krb5_context context, - const krb5_config_binding *binding, - const char **dbname, - const char **mkey) -{ - *dbname = krb5_config_get_string(context, binding, "dbname", NULL); - *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL); -} - -/* - * try to figure out the database (`dbname') and master-key (`mkey') - * that should be used for `principal'. - */ - -static void -find_db (krb5_context context, - const char **dbname, - const char **mkey, - krb5_const_principal principal) -{ - const krb5_config_binding *top_bind = NULL; - const krb5_config_binding *default_binding = NULL; - const krb5_config_binding *db; - krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal)); - - *dbname = *mkey = NULL; - - while ((db = - krb5_config_get_next(context, - NULL, - &top_bind, - krb5_config_list, - "kdc", - "database", - NULL)) != NULL) { - const char *p; - - p = krb5_config_get_string (context, db, "realm", NULL); - if (p == NULL) { - if(default_binding) { - krb5_warnx(context, "WARNING: more than one realm-less " - "database specification"); - krb5_warnx(context, "WARNING: using the first encountered"); - } else - default_binding = db; - } else if (strcmp (*prealm, p) == 0) { - set_config (context, db, dbname, mkey); - break; - } - } - if (*dbname == NULL && default_binding != NULL) - set_config (context, default_binding, dbname, mkey); - if (*dbname == NULL) - *dbname = HDB_DEFAULT_DB; -} - -/* - * find the keytab entry in `id' for `principal, kvno, enctype' and return - * it in `entry'. return 0 or an error code - */ - -static krb5_error_code -hdb_get_entry(krb5_context context, - krb5_keytab id, - krb5_const_principal principal, - krb5_kvno kvno, - krb5_enctype enctype, - krb5_keytab_entry *entry) -{ - hdb_entry_ex ent; - krb5_error_code ret; - struct hdb_data *d = id->data; - int i; - HDB *db; - const char *dbname = d->dbname; - const char *mkey = d->mkey; - - if (dbname == NULL) - find_db (context, &dbname, &mkey, principal); - - ret = hdb_create (context, &db, dbname); - if (ret) - return ret; - ret = hdb_set_master_keyfile (context, db, mkey); - if (ret) { - (*db->hdb_destroy)(context, db); - return ret; - } - - ret = (*db->hdb_open)(context, db, O_RDONLY, 0); - if (ret) { - (*db->hdb_destroy)(context, db); - return ret; - } - - ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_SERVER, &ent); - - /* Shutdown the hdb on error */ - if(ret == HDB_ERR_NOENTRY) { - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return KRB5_KT_NOTFOUND; - } else if (ret) { - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return ret; - } - if(kvno && ent.entry.kvno != kvno) { - /* The order here matters, we must free these in this order - * due to hdb-ldb and Samba4's talloc */ - hdb_free_entry(context, &ent); - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return KRB5_KT_NOTFOUND; - } - if(enctype == 0) - if(ent.entry.keys.len > 0) - enctype = ent.entry.keys.val[0].key.keytype; - ret = KRB5_KT_NOTFOUND; - for(i = 0; i < ent.entry.keys.len; i++) { - if(ent.entry.keys.val[i].key.keytype == enctype) { - krb5_copy_principal(context, principal, &entry->principal); - entry->vno = ent.entry.kvno; - krb5_copy_keyblock_contents(context, - &ent.entry.keys.val[i].key, - &entry->keyblock); - ret = 0; - break; - } - } - /* The order here matters, we must free these in this order - * due to hdb-ldb and Samba4's talloc */ - hdb_free_entry(context, &ent); - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return ret; -} - -krb5_kt_ops hdb_kt_ops = { - "HDB", - hdb_resolve, - hdb_get_name, - hdb_close, - hdb_get_entry, - NULL, /* start_seq_get */ - NULL, /* next_entry */ - NULL, /* end_seq_get */ - NULL, /* add */ - NULL /* remove */ -}; diff --git a/source/heimdal/lib/krb5/krb5.h b/source/heimdal/lib/krb5/krb5.h index 98148176004..adee4708e6f 100644 --- a/source/heimdal/lib/krb5/krb5.h +++ b/source/heimdal/lib/krb5/krb5.h @@ -451,9 +451,6 @@ typedef struct krb5_context_data { int large_msg_size; krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */ struct send_and_recv *send_and_recv; /* Alternate functions for KDC communication */ - void *mem_ctx; /* Some parts of Samba4 need a valid - memory context (under the event - context) to use */ } krb5_context_data; enum { diff --git a/source/heimdal_build/config.mk b/source/heimdal_build/config.mk index 0e652665268..0d901258b33 100644 --- a/source/heimdal_build/config.mk +++ b/source/heimdal_build/config.mk @@ -23,7 +23,6 @@ OBJ_FILES = \ ../heimdal/lib/hdb/hdb.o \ ../heimdal/lib/hdb/ext.o \ ../heimdal/lib/hdb/keys.o \ - ../heimdal/lib/hdb/keytab.o \ ../heimdal/lib/hdb/mkey.o \ ../heimdal/lib/hdb/ndbm.o \ ../heimdal/lib/hdb/asn1_Event.o \ @@ -41,7 +40,6 @@ OBJ_FILES = \ ../heimdal/lib/hdb/asn1_Salt.o \ ../heimdal/lib/hdb/asn1_hdb_entry.o \ ../heimdal/lib/hdb/hdb_err.o -REQUIRED_SUBSYSTEMS = HDB_LDB NOPROTO = YES # End SUBSYSTEM HEIMDAL_HDB ####################### diff --git a/source/kdc/config.mk b/source/kdc/config.mk index 32f10c93a5d..f1aef75df5f 100644 --- a/source/kdc/config.mk +++ b/source/kdc/config.mk @@ -6,21 +6,10 @@ NOPROTO = YES OBJ_FILES = \ kdc.o \ + pac-glue.o \ + hdb-ldb.o \ kpasswdd.o REQUIRED_SUBSYSTEMS = \ LIBLDB KERBEROS_LIB HEIMDAL_KDC HEIMDAL_HDB # End SUBSYSTEM KDC ####################### - -####################### -# Start SUBSYSTEM KDC -[SUBSYSTEM::HDB_LDB] -NOPROTO = YES -OBJ_FILES = \ - hdb-ldb.o \ - pac-glue.o -REQUIRED_SUBSYSTEMS = \ - LIBLDB KERBEROS_LIB HEIMDAL_HDB -# End SUBSYSTEM KDC -####################### - diff --git a/source/kdc/hdb-ldb.c b/source/kdc/hdb-ldb.c index a155e24e7e5..43009c1c1bd 100644 --- a/source/kdc/hdb-ldb.c +++ b/source/kdc/hdb-ldb.c @@ -948,13 +948,8 @@ static krb5_error_code LDB_destroy(krb5_context context, HDB *db) return 0; } -/* This interface is to be called by the KDC, which is expecting Samba - * calling conventions. It is also called by a wrapper - * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb - * code */ - -NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, - krb5_context context, struct HDB **db, const char *arg) +NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx, + krb5_context context, struct HDB **db, const char *arg) { NTSTATUS nt_status; struct auth_session_info *session_info; @@ -1013,15 +1008,3 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - -krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - /* Disgusting, ugly hack, but it means one less private hook */ - nt_status = kdc_hdb_ldb_create(context->mem_ctx, context, db, arg); - - if (NT_STATUS_IS_OK(nt_status)) { - return 0; - } - return EINVAL; -} diff --git a/source/kdc/kdc.c b/source/kdc/kdc.c index 4b958fdce8c..12672bee530 100644 --- a/source/kdc/kdc.c +++ b/source/kdc/kdc.c @@ -570,18 +570,13 @@ static void kdc_task_init(struct task_server *task) } kdc->config->num_db = 1; - status = kdc_hdb_ldb_create(kdc, kdc->smb_krb5_context->krb5_context, - &kdc->config->db[0], NULL); + status = hdb_ldb_create(kdc, kdc->smb_krb5_context->krb5_context, + &kdc->config->db[0], NULL); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc: hdb_ldb_create (setup KDC database) failed"); return; } - ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); - if(ret) { - task_server_terminate(task, "kdc: failed to register hdb keytab"); - return; - } /* start listening on the configured network interfaces */ status = kdc_startup_interfaces(kdc); if (!NT_STATUS_IS_OK(status)) { diff --git a/source/kdc/kdc.h b/source/kdc/kdc.h index df6c5889e69..1038c7df957 100644 --- a/source/kdc/kdc.h +++ b/source/kdc/kdc.h @@ -29,8 +29,8 @@ struct kdc_server; -NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, - krb5_context context, struct HDB **db, const char *arg); +NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx, + krb5_context context, struct HDB **db, const char *arg); BOOL kpasswdd_process(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, DATA_BLOB *input, diff --git a/source/kdc/kpasswdd.c b/source/kdc/kpasswdd.c index 8e6448435b7..05aced904dd 100644 --- a/source/kdc/kpasswdd.c +++ b/source/kdc/kpasswdd.c @@ -457,10 +457,7 @@ BOOL kpasswdd_process(struct kdc_server *kdc, DEBUG(1, ("Failed to init server credentials\n")); return False; } - - /* We want the credentials subsystem to use the krb5 context - * we already have, rather than a new context */ - cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context); + cli_credentials_set_conf(server_credentials); nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw"); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source/lib/ldb/include/ldb.h b/source/lib/ldb/include/ldb.h index 9a637ff9d5a..770d23c6387 100644 --- a/source/lib/ldb/include/ldb.h +++ b/source/lib/ldb/include/ldb.h @@ -362,7 +362,7 @@ struct ldb_attrib_handler { #define LDB_SYNTAX_OBJECTCLASS "LDB_SYNTAX_OBJECTCLASS" /* sorting helpers */ -typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque); +typedef int (*ldb_qsort_cmp_fn_t) (const void *, const void *, const void *); /** OID for the paged results control. This control is included in the diff --git a/source/lib/version.c b/source/lib/version.c index b7aa81a0817..a5733a953dc 100644 --- a/source/lib/version.c +++ b/source/lib/version.c @@ -35,11 +35,6 @@ const char *samba_version_string(void) #else const char *vendor_suffix = NULL; #endif -#ifdef SAMBA_VERSION_VENDOR_PATCH - const char *vendor_patch = SAMBA_VERSION_VENDOR_PATCH; -#else - const char *vendor_patch = NULL; -#endif static char *samba_version; static BOOL init_samba_version; @@ -48,12 +43,10 @@ const char *samba_version_string(void) } samba_version = talloc_asprintf(talloc_autofree_context(), - "%s%s%s%s%s%s%s%s", + "%s%s%s%s%s%s", official_string, (vendor_suffix?"-":""), (vendor_suffix?vendor_suffix:""), - (vendor_patch?"-":""), - (vendor_patch?vendor_patch:""), (release_nickname?" (":""), (release_nickname?release_nickname:""), (release_nickname?")":"")); diff --git a/source/nbt_server/wins/wins_hook.c b/source/nbt_server/wins/wins_hook.c index 53b30c23923..4c798fc18c3 100644 --- a/source/nbt_server/wins/wins_hook.c +++ b/source/nbt_server/wins/wins_hook.c @@ -24,72 +24,24 @@ #include "includes.h" #include "nbt_server/nbt_server.h" #include "nbt_server/wins/winsdb.h" -#include "system/filesys.h" static const char *wins_hook_action_string(enum wins_hook_action action) { switch (action) { - case WINS_HOOK_ADD: return "add"; - case WINS_HOOK_MODIFY: return "refresh"; - case WINS_HOOK_DELETE: return "delete"; + case WINS_HOOK_ADD: return "WINS_HOOK_ADD"; + case WINS_HOOK_MODIFY: return "WINS_HOOK_MODIFY"; + case WINS_HOOK_DELETE: return "WINS_HOOK_DELETE"; } - return "unknown"; + return "WINS_HOOK_ACTION_UNKNOWN"; } -void wins_hook(struct winsdb_handle *h, const struct winsdb_record *rec, enum wins_hook_action action) +void wins_hook(struct winsdb_handle *h, struct winsdb_record *rec, enum wins_hook_action action) { const char *script = lp_wins_hook(); - uint32_t i, length; - int child; - char *cmd = NULL; - TALLOC_CTX *tmp_mem = NULL; - if (!script || !script[0]) return; - tmp_mem = talloc_new(h); - if (!tmp_mem) goto failed; - - length = winsdb_addr_list_length(rec->addresses); - - if (action == WINS_HOOK_MODIFY && length < 1) { - action = WINS_HOOK_DELETE; - } - - cmd = talloc_asprintf(tmp_mem, - "%s %s %s %02x %ld", - script, - wins_hook_action_string(action), - rec->name->name, - rec->name->type, - rec->expire_time); - if (!cmd) goto failed; - - for (i=0; rec->addresses[i]; i++) { - cmd = talloc_asprintf_append(cmd, " %s", rec->addresses[i]->address); - if (!cmd) goto failed; - } - - DEBUG(10,("call wins hook '%s'\n", cmd)); - - /* signal handling in posix really sucks - doing this in a library - affects the whole app, but what else to do?? */ - signal(SIGCHLD, SIG_IGN); - - child = fork(); - if (child == (pid_t)-1) { - goto failed; - } - - if (child == 0) { -/* TODO: close file handles */ - execl("/bin/sh", "sh", "-c", cmd, NULL); - _exit(0); - } - - talloc_free(tmp_mem); - return; -failed: - talloc_free(tmp_mem); - DEBUG(0,("FAILED: calling wins hook '%s'\n", script)); + DEBUG(0,("TODO: call wins hook '%s' '%s' for name '%s'\n", + script, wins_hook_action_string(action), + nbt_name_string(rec, rec->name))); } diff --git a/source/nbt_server/wins/winsdb.c b/source/nbt_server/wins/winsdb.c index 60c2ab0e4fe..625d4e68dcb 100644 --- a/source/nbt_server/wins/winsdb.c +++ b/source/nbt_server/wins/winsdb.c @@ -353,134 +353,11 @@ struct winsdb_addr **winsdb_addr_list_make(TALLOC_CTX *mem_ctx) return addresses; } -static int winsdb_addr_sort_list (struct winsdb_addr **p1, struct winsdb_addr **p2, void *opaque) +struct winsdb_addr **winsdb_addr_list_add(struct winsdb_addr **addresses, const char *address, + const char *wins_owner, time_t expire_time) { - struct winsdb_addr *a1 = talloc_get_type(*p1, struct winsdb_addr); - struct winsdb_addr *a2 = talloc_get_type(*p2, struct winsdb_addr); - struct winsdb_handle *h= talloc_get_type(opaque, struct winsdb_handle); - BOOL a1_owned = False; - BOOL a2_owned = False; - - /* - * first the owned addresses with the newest to the oldest address - * then the replica addresses with the newest to the oldest address - */ - if (a2->expire_time != a1->expire_time) { - return a2->expire_time - a1->expire_time; - } - - if (strcmp(a2->wins_owner, h->local_owner) == 0) { - a2_owned = True; - } - - if (strcmp(a1->wins_owner, h->local_owner) == 0) { - a1_owned = True; - } - - return a2_owned - a1_owned; -} - -struct winsdb_addr **winsdb_addr_list_add(struct winsdb_handle *h, const struct winsdb_record *rec, - struct winsdb_addr **addresses, const char *address, - const char *wins_owner, time_t expire_time, - BOOL is_name_registration) -{ - struct winsdb_addr *old_addr = NULL; - size_t len = 0; - size_t i; - BOOL found_old_replica = False; - - /* - * count the addresses and maybe - * find an old entry for the new address - */ - for (i=0; addresses[i]; i++) { - if (old_addr) continue; - if (strcmp(addresses[i]->address, address) == 0) { - old_addr = addresses[i]; - } - } - len = i; - - /* - * the address is already there - * and we can replace it - */ - if (old_addr) { - goto remove_old_addr; - } - - /* - * if we don't have 25 addresses already, - * we can just add the new address - */ - if (len < 25) { - goto add_new_addr; - } - - /* - * if we haven't found the address, - * and we have already have 25 addresses - * if so then we need to do the following: - * - if it isn't a name registration, then just ignore the new address - * - if it is a name registration, then first search for - * the oldest replica and if there's no replica address - * search the oldest owned address - */ - if (!is_name_registration) { - return addresses; - } - - /* - * find the oldest replica address, if there's no replica - * record at all, find the oldest owned address - */ - for (i=0; addresses[i]; i++) { - BOOL cur_is_replica = False; - /* find out if the current address is a replica */ - if (strcmp(addresses[i]->wins_owner, h->local_owner) != 0) { - cur_is_replica = True; - } - - /* - * if we already found a replica address and the current address - * is not a replica, then skip it - */ - if (found_old_replica && !cur_is_replica) continue; - - /* - * if we found the first replica address, reset the address - * that would be replaced - */ - if (!found_old_replica && cur_is_replica) { - found_old_replica = True; - old_addr = addresses[i]; - continue; - } - - /* - * if the first address isn't a replica, just start with - * the first one - */ - if (!old_addr) { - old_addr = addresses[i]; - continue; - } - - /* - * see if we find an older address - */ - if (addresses[i]->expire_time < old_addr->expire_time) { - old_addr = addresses[i]; - continue; - } - } - -remove_old_addr: - winsdb_addr_list_remove(addresses, old_addr->address); - len --; + size_t len = winsdb_addr_list_length(addresses); -add_new_addr: addresses = talloc_realloc(addresses, addresses, struct winsdb_addr *, len + 2); if (!addresses) return NULL; @@ -506,8 +383,6 @@ add_new_addr: addresses[len+1] = NULL; - ldb_qsort(addresses, len+1 , sizeof(addresses[0]), h, (ldb_qsort_cmp_fn_t)winsdb_addr_sort_list); - return addresses; } @@ -520,6 +395,7 @@ void winsdb_addr_list_remove(struct winsdb_addr **addresses, const char *address break; } } + if (!addresses[i]) return; for (; addresses[i]; i++) { addresses[i] = addresses[i+1]; diff --git a/source/nbt_server/wins/winsserver.c b/source/nbt_server/wins/winsserver.c index 7f674299966..5cc3a51a007 100644 --- a/source/nbt_server/wins/winsserver.c +++ b/source/nbt_server/wins/winsserver.c @@ -90,12 +90,10 @@ static uint8_t wins_register_new(struct nbt_name_socket *nbtsock, rec.addresses = winsdb_addr_list_make(packet); if (rec.addresses == NULL) return NBT_RCODE_SVR; - rec.addresses = winsdb_addr_list_add(winssrv->wins_db, - &rec, rec.addresses, + rec.addresses = winsdb_addr_list_add(rec.addresses, address, winssrv->wins_db->local_owner, - rec.expire_time, - True); + rec.expire_time); if (rec.addresses == NULL) return NBT_RCODE_SVR; DEBUG(4,("WINS: accepted registration of %s with address %s\n", @@ -125,13 +123,8 @@ static uint8_t wins_update_ttl(struct nbt_name_socket *nbtsock, rec->registered_by = src->addr; if (winsdb_addr) { - rec->addresses = winsdb_addr_list_add(winssrv->wins_db, - rec, rec->addresses, - winsdb_addr->address, - winssrv->wins_db->local_owner, - rec->expire_time, - True); - if (rec->addresses == NULL) return NBT_RCODE_SVR; + winsdb_addr->wins_owner = winssrv->wins_db->local_owner; + winsdb_addr->expire_time = rec->expire_time; } if (strcmp(winssrv->wins_db->local_owner, rec->wins_owner) != 0) { @@ -161,12 +154,10 @@ static uint8_t wins_sgroup_merge(struct nbt_name_socket *nbtsock, rec->expire_time = time(NULL) + ttl; rec->registered_by = src->addr; - rec->addresses = winsdb_addr_list_add(winssrv->wins_db, - rec, rec->addresses, + rec->addresses = winsdb_addr_list_add(rec->addresses, address, winssrv->wins_db->local_owner, - rec->expire_time, - True); + rec->expire_time); if (rec->addresses == NULL) return NBT_RCODE_SVR; DEBUG(5,("WINS: sgroup merge of %s at %s\n", @@ -253,25 +244,18 @@ static void wins_wack_allow(struct wack_state *s) break; } if (found) { - rec->addresses = winsdb_addr_list_add(s->winssrv->wins_db, - rec, rec->addresses, - s->reg_address, - s->winssrv->wins_db->local_owner, - rec->expire_time, - True); - if (rec->addresses == NULL) goto failed; + rec->addresses[i]->wins_owner = s->winssrv->wins_db->local_owner; + rec->addresses[i]->expire_time = rec->expire_time; continue; } winsdb_addr_list_remove(rec->addresses, rec->addresses[i]->address); } - rec->addresses = winsdb_addr_list_add(s->winssrv->wins_db, - rec, rec->addresses, + rec->addresses = winsdb_addr_list_add(rec->addresses, s->reg_address, s->winssrv->wins_db->local_owner, - rec->expire_time, - True); + rec->expire_time); if (rec->addresses == NULL) goto failed; /* if we have more than one address, this becomes implicit a MHOMED record */ @@ -639,24 +623,16 @@ static void nbtd_winsserver_query(struct nbt_name_socket *nbtsock, if (addresses_1b && addresses_1b[0]) { const char **addresses_1c = addresses; uint32_t i; - uint32_t num_addrs; addresses = str_list_add(NULL, addresses_1b[0]); if (!addresses) { goto notfound; } talloc_steal(packet, addresses); - num_addrs = 1; for (i=0; addresses_1c[i]; i++) { if (strcmp(addresses_1b[0], addresses_1c[i]) == 0) continue; - /* - * stop when we already have 25 addresses - */ - if (num_addrs >= 25) break; - - num_addrs++; addresses = str_list_add(addresses, addresses_1c[i]); if (!addresses) { goto notfound; @@ -667,7 +643,7 @@ static void nbtd_winsserver_query(struct nbt_name_socket *nbtsock, if (rec->type == WREPL_TYPE_SGROUP) { nb_flags |= NBT_NM_GROUP; } else { - nb_flags |= (rec->node <<13); + nb_flags |= (rec->node <<13); } found: @@ -729,7 +705,7 @@ static void nbtd_winsserver_release(struct nbt_name_socket *nbtsock, if (!winsdb_addr_list_check(rec->addresses, src->addr)) { int i; DEBUG(4,("WINS: silently ignoring attempted name release on %s from %s\n", nbt_name_string(rec, rec->name), src->addr)); - DEBUGADD(4, ("Registered Addresses: \n")); + DEBUGADD(4, ("Registered Addressss: \n")); for (i=0; rec->addresses && rec->addresses[i]; i++) { DEBUGADD(4, ("%s\n", rec->addresses[i]->address)); } diff --git a/source/script/mkversion.sh b/source/script/mkversion.sh index 7f42eded238..814b47e9d04 100755 --- a/source/script/mkversion.sh +++ b/source/script/mkversion.sh @@ -20,7 +20,9 @@ SAMBA_VERSION_RELEASE=`sed -n 's/^SAMBA_VERSION_RELEASE=//p' $SOURCE_DIR$VERSION SAMBA_VERSION_REVISION=`sed -n 's/^SAMBA_VERSION_REVISION=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_TP_RELEASE=`sed -n 's/^SAMBA_VERSION_TP_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_PRE_RELEASE=`sed -n 's/^SAMBA_VERSION_PRE_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_RC_RELEASE=`sed -n 's/^SAMBA_VERSION_RC_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_IS_SVN_SNAPSHOT=`sed -n 's/^SAMBA_VERSION_IS_SVN_SNAPSHOT=//p' $SOURCE_DIR$VERSION_FILE` @@ -28,7 +30,6 @@ SAMBA_VERSION_IS_SVN_SNAPSHOT=`sed -n 's/^SAMBA_VERSION_IS_SVN_SNAPSHOT=//p' $SO SAMBA_VERSION_RELEASE_NICKNAME=`sed -n 's/^SAMBA_VERSION_RELEASE_NICKNAME=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_VENDOR_SUFFIX=`sed -n 's/^SAMBA_VERSION_VENDOR_SUFFIX=//p' $SOURCE_DIR$VERSION_FILE` -SAMBA_VERSION_VENDOR_PATCH=`sed -n 's/^SAMBA_VERSION_VENDOR_PATCH=//p' $SOURCE_DIR$VERSION_FILE` echo "/* Autogenerated by script/mkversion.sh */" > $OUTPUT_FILE @@ -37,16 +38,9 @@ echo "#define SAMBA_VERSION_MINOR ${SAMBA_VERSION_MINOR}" >> $OUTPUT_FILE echo "#define SAMBA_VERSION_RELEASE ${SAMBA_VERSION_RELEASE}" >> $OUTPUT_FILE -## -## start with "3.0.22" -## SAMBA_VERSION_STRING="${SAMBA_VERSION_MAJOR}.${SAMBA_VERSION_MINOR}.${SAMBA_VERSION_RELEASE}" -## -## maybe add "3.0.22a" or "4.0.0tp11" or "3.0.22pre1" or "3.0.22rc1" -## We do not do pre or rc version on patch/letter releases -## if test -n "${SAMBA_VERSION_REVISION}";then SAMBA_VERSION_STRING="${SAMBA_VERSION_STRING}${SAMBA_VERSION_REVISION}" echo "#define SAMBA_VERSION_REVISION \"${SAMBA_VERSION_REVISION}\"" >> $OUTPUT_FILE @@ -54,18 +48,12 @@ elif test -n "${SAMBA_VERSION_TP_RELEASE}";then SAMBA_VERSION_STRING="${SAMBA_VERSION_STRING}tp${SAMBA_VERSION_TP_RELEASE}" echo "#define SAMBA_VERSION_TP_RELEASE ${SAMBA_VERSION_TP_RELEASE}" >> $OUTPUT_FILE elif test -n "${SAMBA_VERSION_PRE_RELEASE}";then - ## maybe add "3.0.22pre2" SAMBA_VERSION_STRING="${SAMBA_VERSION_STRING}pre${SAMBA_VERSION_PRE_RELEASE}" echo "#define SAMBA_VERSION_PRE_RELEASE ${SAMBA_VERSION_PRE_RELEASE}" >> $OUTPUT_FILE elif test -n "${SAMBA_VERSION_RC_RELEASE}";then SAMBA_VERSION_STRING="${SAMBA_VERSION_STRING}rc${SAMBA_VERSION_RC_RELEASE}" echo "#define SAMBA_VERSION_RC_RELEASE ${SAMBA_VERSION_RC_RELEASE}" >> $OUTPUT_FILE -fi - -## -## SVN revision number? -## -if test x"${SAMBA_VERSION_IS_SVN_SNAPSHOT}" = x"yes";then +elif test x"${SAMBA_VERSION_IS_SVN_SNAPSHOT}" = x"yes";then _SAVE_LANG=${LANG} LANG="" HAVESVN=no @@ -93,21 +81,12 @@ if test x"${SAMBA_VERSION_IS_SVN_SNAPSHOT}" = x"yes";then LANG=${_SAVE_LANG} fi -## -## Add a release nickname -## if test -n "${SAMBA_VERSION_RELEASE_NICKNAME}";then echo "#define SAMBA_VERSION_RELEASE_NICKNAME ${SAMBA_VERSION_RELEASE_NICKNAME}" >> $OUTPUT_FILE fi -## -## Add the vendor string if present -## if test -n "${SAMBA_VERSION_VENDOR_SUFFIX}";then echo "#define SAMBA_VERSION_VENDOR_SUFFIX ${SAMBA_VERSION_VENDOR_SUFFIX}" >> $OUTPUT_FILE - if test -n "${SAMBA_VERSION_VENDOR_PATCH}";then - echo "#define SAMBA_VERSION_VENDOR_PATCH ${SAMBA_VERSION_VENDOR_PATCH}" >> $OUTPUT_FILE - fi fi echo "#define SAMBA_VERSION_OFFICIAL_STRING \"${SAMBA_VERSION_STRING}\"" >> $OUTPUT_FILE @@ -122,9 +101,6 @@ fi if test -n "${SAMBA_VERSION_VENDOR_SUFFIX}";then echo "$0: with VENDOR_SUFFIX = ${SAMBA_VERSION_VENDOR_SUFFIX}" - if test -n "${SAMBA_VERSION_VENDOR_PATCH}";then - echo "$0: with VENDOR_PATCH = ${SAMBA_VERSION_VENDOR_PATCH}" - fi fi exit 0 diff --git a/source/setup/secrets.ldif b/source/setup/secrets.ldif index 8c3c6917ae5..43c3f69c9d8 100644 --- a/source/setup/secrets.ldif +++ b/source/setup/secrets.ldif @@ -38,18 +38,18 @@ msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: secrets.keytab -# A hook from our credentials system into HDB, as we must be on a KDC, -# we can look directly into the database. dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals objectClass: top objectClass: secret objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} +secret: ${KRBTGTPASS} sAMAccountName: krbtgt whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} +msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:sam.ldb:/dev/null -#The /dev/null here is a HACK, but it matches the Heimdal format. +saltPrincipal: krbtgt@${REALM} +privateKeytab: secrets.keytab diff --git a/source/wrepl_server/wrepl_apply_records.c b/source/wrepl_server/wrepl_apply_records.c index e1b4bcbf391..f41957a210b 100644 --- a/source/wrepl_server/wrepl_apply_records.c +++ b/source/wrepl_server/wrepl_apply_records.c @@ -686,12 +686,10 @@ static NTSTATUS r_do_add(struct wreplsrv_partner *partner, for (i=0; i < replica->num_addresses; i++) { /* TODO: find out if rec->expire_time is correct here */ - rec->addresses = winsdb_addr_list_add(partner->service->wins_db, - rec, rec->addresses, + rec->addresses = winsdb_addr_list_add(rec->addresses, replica->addresses[i].address, replica->addresses[i].owner, - rec->expire_time, - False); + rec->expire_time); NT_STATUS_HAVE_NO_MEMORY(rec->addresses); } @@ -731,12 +729,10 @@ static NTSTATUS r_do_replace(struct wreplsrv_partner *partner, for (i=0; i < replica->num_addresses; i++) { /* TODO: find out if rec->expire_time is correct here */ - rec->addresses = winsdb_addr_list_add(partner->service->wins_db, - rec, rec->addresses, + rec->addresses = winsdb_addr_list_add(rec->addresses, replica->addresses[i].address, replica->addresses[i].owner, - rec->expire_time, - False); + rec->expire_time); NT_STATUS_HAVE_NO_MEMORY(rec->addresses); } @@ -833,12 +829,11 @@ static NTSTATUS r_do_mhomed_merge(struct wreplsrv_partner *partner, merge->registered_by = NULL; for (i=0; i < replica->num_addresses; i++) { - merge->addresses = winsdb_addr_list_add(partner->service->wins_db, - merge, merge->addresses, + /* TODO: find out if rec->expire_time is correct here */ + merge->addresses = winsdb_addr_list_add(merge->addresses, replica->addresses[i].address, replica->addresses[i].owner, - merge->expire_time, - False); + merge->expire_time); NT_STATUS_HAVE_NO_MEMORY(merge->addresses); } @@ -854,12 +849,11 @@ static NTSTATUS r_do_mhomed_merge(struct wreplsrv_partner *partner, } if (found) continue; - merge->addresses = winsdb_addr_list_add(partner->service->wins_db, - merge, merge->addresses, + /* TODO: find out if rec->expire_time is correct here */ + merge->addresses = winsdb_addr_list_add(merge->addresses, rec->addresses[i]->address, rec->addresses[i]->wins_owner, - rec->addresses[i]->expire_time, - False); + merge->expire_time); NT_STATUS_HAVE_NO_MEMORY(merge->addresses); } @@ -1204,36 +1198,34 @@ static NTSTATUS r_do_sgroup_merge(struct wreplsrv_partner *partner, break; } + /* if it's also in the replica, it'll added later */ + if (found) continue; + /* * if the address isn't in the replica and is owned by replicas owner, * it won't be added to the merged record */ - if (!found && strcmp(rec->addresses[i]->wins_owner, owner->address) == 0) { + if (strcmp(rec->addresses[i]->wins_owner, owner->address) == 0) { changed_old_addrs = True; continue; } /* - * add the address to the merge result, with the old owner and expire_time, - * the owner and expire_time will be overwritten later if the address is - * in the replica too + * add the address to the merge result, with the old owner and expire_time */ - merge->addresses = winsdb_addr_list_add(partner->service->wins_db, - merge, merge->addresses, + merge->addresses = winsdb_addr_list_add(merge->addresses, rec->addresses[i]->address, rec->addresses[i]->wins_owner, - rec->addresses[i]->expire_time, - False); + rec->addresses[i]->expire_time); NT_STATUS_HAVE_NO_MEMORY(merge->addresses); } for (i=0; i < replica->num_addresses; i++) { - merge->addresses = winsdb_addr_list_add(partner->service->wins_db, - merge, merge->addresses, + /* TODO: find out if rec->expire_time is correct here */ + merge->addresses = winsdb_addr_list_add(merge->addresses, replica->addresses[i].address, replica->addresses[i].owner, - merge->expire_time, - False); + merge->expire_time); NT_STATUS_HAVE_NO_MEMORY(merge->addresses); } diff --git a/source/wrepl_server/wrepl_out_push.c b/source/wrepl_server/wrepl_out_push.c index 9c8c9fad8d5..a9a7826f00a 100644 --- a/source/wrepl_server/wrepl_out_push.c +++ b/source/wrepl_server/wrepl_out_push.c @@ -96,16 +96,16 @@ nomem: return; } -static uint32_t wreplsrv_calc_change_count(struct wreplsrv_partner *partner, uint64_t maxVersionID) +static uint32_t wreplsrv_calc_change_count(struct wreplsrv_partner *partner, uint64_t seqnumber) { uint64_t tmp_diff = UINT32_MAX; /* catch an overflow */ - if (partner->push.maxVersionID > maxVersionID) { + if (partner->push.seqnumber > seqnumber) { goto done; } - tmp_diff = maxVersionID - partner->push.maxVersionID; + tmp_diff = seqnumber - partner->push.seqnumber; if (tmp_diff > UINT32_MAX) { tmp_diff = UINT32_MAX; @@ -113,7 +113,7 @@ static uint32_t wreplsrv_calc_change_count(struct wreplsrv_partner *partner, uin } done: - partner->push.maxVersionID = maxVersionID; + partner->push.seqnumber = seqnumber; return (uint32_t)(tmp_diff & UINT32_MAX); } @@ -123,7 +123,7 @@ NTSTATUS wreplsrv_out_push_run(struct wreplsrv_service *service) uint64_t seqnumber; uint32_t change_count; - seqnumber = winsdb_get_maxVersion(service->wins_db); + seqnumber = winsdb_get_seqnumber(service->wins_db); for (partner = service->partners; partner; partner = partner->next) { /* if it's not a push partner, go to the next partner */ diff --git a/source/wrepl_server/wrepl_server.h b/source/wrepl_server/wrepl_server.h index c8dfcc64bd8..bcf6f8ac48d 100644 --- a/source/wrepl_server/wrepl_server.h +++ b/source/wrepl_server/wrepl_server.h @@ -165,8 +165,8 @@ struct wreplsrv_partner { /* change count till push notification */ uint32_t change_count; - /* the last wins db maxVersion have reported to the partner */ - uint64_t maxVersionID; + /* the last wins db seqnumber we know about */ + uint64_t seqnumber; /* we should use WREPL_REPL_INFORM* messages to this partner */ BOOL use_inform; -- 2.11.4.GIT