The branch, master has been updated
via a894eea... s4-debug: lower the verbosity of a couple of common log
messages
via 93fefef... s4-samldb: fixed primaryGroupID when promoting a machine
to a DC
via 8a09dc1... s4-schema: fixed the SDDL for the schema root security
descriptor
via 45f49d0... s4-drs: add a local UDV entry even when no
replUpToDateVector present on NC
via b37bec8... s4-drs: give DN of failed replication partition
from 04e8237... s4-drs: base is_nc_prefix on instanceType
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a894eeab77bde6494d397e5f4cf2a4a1325b41a4
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 9 21:43:16 2010 +1100
s4-debug: lower the verbosity of a couple of common log messages
commit 93fefefea85808eeeb58294133bd608490a89c86
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 9 20:58:07 2010 +1100
s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
commit 8a09dc12660dcc62926c3a41cacd4970f46f9210
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 9 20:54:16 2010 +1100
s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing
replication
commit 45f49d0a58f19c2b0e9d01d635d2dd28701c7cf8
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 9 20:53:27 2010 +1100
s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
commit b37bec8e06a42dcc003681b9a57eaac2b1abf4fd
Author: Andrew Tridgell <tri...@samba.org>
Date: Sat Jan 9 20:42:23 2010 +1100
s4-drs: give DN of failed replication partition
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/repl/drepl_out_pull.c | 9 +++--
source4/dsdb/repl/drepl_partitions.c | 6 ++--
source4/dsdb/samdb/ldb_modules/samldb.c | 47 +++++++++++++++++----------
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +-
source4/scripting/python/samba/schema.py | 24 ++++++++------
source4/smbd/process_single.c | 2 +-
6 files changed, 54 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/repl/drepl_out_pull.c
b/source4/dsdb/repl/drepl_out_pull.c
index c2ea7e6..1012146 100644
--- a/source4/dsdb/repl/drepl_out_pull.c
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -123,10 +123,11 @@ static void dreplsrv_pending_op_callback(struct
tevent_req *subreq)
rf->consecutive_sync_failures++;
- DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n",
- win_errstr(rf->result_last_attempt),
- nt_errstr(werror_to_ntstatus(rf->result_last_attempt)),
- rf->consecutive_sync_failures));
+ DEBUG(1,("dreplsrv_op_pull_source(%s/%s) for %s failures[%u]\n",
+ win_errstr(rf->result_last_attempt),
+ win_errstr(rf->result_last_attempt),
+ ldb_dn_get_linearized(op->source_dsa->partition->dn),
+ rf->consecutive_sync_failures));
done:
if (op->callback) {
diff --git a/source4/dsdb/repl/drepl_partitions.c
b/source4/dsdb/repl/drepl_partitions.c
index aba7735..9a24fe5 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -319,11 +319,11 @@ static WERROR dreplsrv_refresh_partition(struct
dreplsrv_service *s,
status = udv_convert(p, &p->uptodatevector,
&p->uptodatevector_ex);
W_ERROR_NOT_OK_RETURN(status);
-
- status = add_local_udv(s, p,
samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex);
- W_ERROR_NOT_OK_RETURN(status);
}
+ status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb),
&p->uptodatevector_ex);
+ W_ERROR_NOT_OK_RETURN(status);
+
orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom");
if (orf_el) {
for (i=0; i < orf_el->num_values; i++) {
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index edaf725..ccf76aa 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -786,9 +786,11 @@ static int samldb_fill_object(struct samldb_ctx *ac, const
char *type)
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"pwdLastSet", "0");
if (ret != LDB_SUCCESS) return ret;
- ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "primaryGroupID", "513");
- if (ret != LDB_SUCCESS) return ret;
+ if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
+ "primaryGroupID",
DOMAIN_RID_USERS);
+ if (ret != LDB_SUCCESS) return ret;
+ }
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"accountExpires", "9223372036854775807");
if (ret != LDB_SUCCESS) return ret;
@@ -1782,6 +1784,20 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
el2->flags = LDB_FLAG_MOD_REPLACE;
}
+ el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
+ if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
+ struct samldb_ctx *ac;
+
+ ac = samldb_ctx_init(module, req);
+ if (ac == NULL)
+ return LDB_ERR_OPERATIONS_ERROR;
+
+ req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
+ req->op.mod.message);
+
+ return samldb_prim_group_change(ac);
+ }
+
el = ldb_msg_find_element(req->op.mod.message, "userAccountControl");
if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
uint32_t user_account_control;
@@ -1809,21 +1825,18 @@ static int samldb_modify(struct ldb_module *module,
struct ldb_request *req)
}
el2 = ldb_msg_find_element(msg,
"isCriticalSystemObject");
el2->flags = LDB_FLAG_MOD_REPLACE;
- }
- }
- el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
- if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) &&
el->num_values == 1) {
- struct samldb_ctx *ac;
-
- ac = samldb_ctx_init(module, req);
- if (ac == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
-
- return samldb_prim_group_change(ac);
+ /* DCs have primaryGroupID of DOMAIN_RID_DCS */
+ if (!ldb_msg_find_element(msg, "primaryGroupID")) {
+ ret = samdb_msg_add_uint(ldb, msg, msg,
+ "primaryGroupID",
DOMAIN_RID_DCS);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el2 = ldb_msg_find_element(msg,
"primaryGroupID");
+ el2->flags = LDB_FLAG_MOD_REPLACE;
+ }
+ }
}
el = ldb_msg_find_element(req->op.mod.message, "member");
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 9edb24e..96cb58e 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -60,7 +60,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state
*dce_call, TALLOC_C
/* if this is a DC connecting, give them system level access */
werr = drs_security_level_check(dce_call, NULL);
if (W_ERROR_IS_OK(werr)) {
- DEBUG(2,(__location__ ": doing DsBind with system_session\n"));
+ DEBUG(3,(__location__ ": doing DsBind with system_session\n"));
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
} else {
auth_info = dce_call->conn->auth_state.session_info;
diff --git a/source4/scripting/python/samba/schema.py
b/source4/scripting/python/samba/schema.py
index 67c48e8..f702e98 100644
--- a/source4/scripting/python/samba/schema.py
+++ b/source4/scripting/python/samba/schema.py
@@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import os
def get_schema_descriptor(domain_sid):
- sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
- "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
- "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
- "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
-
"(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
- "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
+ sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
+
";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1"
\
+
"1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O"
\
+
"A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79"
\
+
"f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1"
\
+
"131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04"
\
+
"fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa"
\
+
"-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"
\
+
";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1"
\
+
"1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL"
\
+
"ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O"
\
+
"U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1"
\
+
"-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;"
\
+ ";;WD)(AU;CISA;WP;;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c
index ff57a0b..f873de4 100644
--- a/source4/smbd/process_single.c
+++ b/source4/smbd/process_single.c
@@ -99,7 +99,7 @@ static void single_new_task(struct tevent_context *ev,
/* called when a task goes down */
static void single_terminate(struct tevent_context *ev, struct
loadparm_context *lp_ctx, const char *reason)
{
- DEBUG(2,("single_terminate: reason[%s]\n",reason));
+ DEBUG(3,("single_terminate: reason[%s]\n",reason));
}
/* called to set a title of a task or connection */
--
Samba Shared Repository
