The branch, master has been updated via a894eea... s4-debug: lower the verbosity of a couple of common log messages via 93fefef... s4-samldb: fixed primaryGroupID when promoting a machine to a DC via 8a09dc1... s4-schema: fixed the SDDL for the schema root security descriptor via 45f49d0... s4-drs: add a local UDV entry even when no replUpToDateVector present on NC via b37bec8... s4-drs: give DN of failed replication partition from 04e8237... s4-drs: base is_nc_prefix on instanceType
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a894eeab77bde6494d397e5f4cf2a4a1325b41a4 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 9 21:43:16 2010 +1100 s4-debug: lower the verbosity of a couple of common log messages commit 93fefefea85808eeeb58294133bd608490a89c86 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 9 20:58:07 2010 +1100 s4-samldb: fixed primaryGroupID when promoting a machine to a DC The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done without changing the member attributes of its groups. commit 8a09dc12660dcc62926c3a41cacd4970f46f9210 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 9 20:54:16 2010 +1100 s4-schema: fixed the SDDL for the schema root security descriptor This was preventing a DCPROMO client from allowing outgoing replication commit 45f49d0a58f19c2b0e9d01d635d2dd28701c7cf8 Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 9 20:53:27 2010 +1100 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC This allows us to filter correctly for a NC that we have created but not pulled from anyone. commit b37bec8e06a42dcc003681b9a57eaac2b1abf4fd Author: Andrew Tridgell <tri...@samba.org> Date: Sat Jan 9 20:42:23 2010 +1100 s4-drs: give DN of failed replication partition ----------------------------------------------------------------------- Summary of changes: source4/dsdb/repl/drepl_out_pull.c | 9 +++-- source4/dsdb/repl/drepl_partitions.c | 6 ++-- source4/dsdb/samdb/ldb_modules/samldb.c | 47 +++++++++++++++++---------- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +- source4/scripting/python/samba/schema.py | 24 ++++++++------ source4/smbd/process_single.c | 2 +- 6 files changed, 54 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index c2ea7e6..1012146 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -123,10 +123,11 @@ static void dreplsrv_pending_op_callback(struct tevent_req *subreq) rf->consecutive_sync_failures++; - DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n", - win_errstr(rf->result_last_attempt), - nt_errstr(werror_to_ntstatus(rf->result_last_attempt)), - rf->consecutive_sync_failures)); + DEBUG(1,("dreplsrv_op_pull_source(%s/%s) for %s failures[%u]\n", + win_errstr(rf->result_last_attempt), + win_errstr(rf->result_last_attempt), + ldb_dn_get_linearized(op->source_dsa->partition->dn), + rf->consecutive_sync_failures)); done: if (op->callback) { diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c index aba7735..9a24fe5 100644 --- a/source4/dsdb/repl/drepl_partitions.c +++ b/source4/dsdb/repl/drepl_partitions.c @@ -319,11 +319,11 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s, status = udv_convert(p, &p->uptodatevector, &p->uptodatevector_ex); W_ERROR_NOT_OK_RETURN(status); - - status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex); - W_ERROR_NOT_OK_RETURN(status); } + status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex); + W_ERROR_NOT_OK_RETURN(status); + orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom"); if (orf_el) { for (i=0; i < orf_el->num_values; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index edaf725..ccf76aa 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -786,9 +786,11 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type) ret = samdb_find_or_add_attribute(ldb, ac->msg, "pwdLastSet", "0"); if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "primaryGroupID", "513"); - if (ret != LDB_SUCCESS) return ret; + if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) { + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, + "primaryGroupID", DOMAIN_RID_USERS); + if (ret != LDB_SUCCESS) return ret; + } ret = samdb_find_or_add_attribute(ldb, ac->msg, "accountExpires", "9223372036854775807"); if (ret != LDB_SUCCESS) return ret; @@ -1782,6 +1784,20 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) el2->flags = LDB_FLAG_MOD_REPLACE; } + el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID"); + if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { + struct samldb_ctx *ac; + + ac = samldb_ctx_init(module, req); + if (ac == NULL) + return LDB_ERR_OPERATIONS_ERROR; + + req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, + req->op.mod.message); + + return samldb_prim_group_change(ac); + } + el = ldb_msg_find_element(req->op.mod.message, "userAccountControl"); if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { uint32_t user_account_control; @@ -1809,21 +1825,18 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) } el2 = ldb_msg_find_element(msg, "isCriticalSystemObject"); el2->flags = LDB_FLAG_MOD_REPLACE; - } - } - el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID"); - if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { - struct samldb_ctx *ac; - - ac = samldb_ctx_init(module, req); - if (ac == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, - req->op.mod.message); - - return samldb_prim_group_change(ac); + /* DCs have primaryGroupID of DOMAIN_RID_DCS */ + if (!ldb_msg_find_element(msg, "primaryGroupID")) { + ret = samdb_msg_add_uint(ldb, msg, msg, + "primaryGroupID", DOMAIN_RID_DCS); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(msg, "primaryGroupID"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } + } } el = ldb_msg_find_element(req->op.mod.message, "member"); diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 9edb24e..96cb58e 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -60,7 +60,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C /* if this is a DC connecting, give them system level access */ werr = drs_security_level_check(dce_call, NULL); if (W_ERROR_IS_OK(werr)) { - DEBUG(2,(__location__ ": doing DsBind with system_session\n")); + DEBUG(3,(__location__ ": doing DsBind with system_session\n")); auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx); } else { auth_info = dce_call->conn->auth_state.session_info; diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py index 67c48e8..f702e98 100644 --- a/source4/scripting/python/samba/schema.py +++ b/source4/scripting/python/samba/schema.py @@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE import os def get_schema_descriptor(domain_sid): - sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \ - "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \ - "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \ - "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \ - "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \ - "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \ - "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \ - "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)" + sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \ + ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \ + "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \ + "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \ + "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \ + "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \ + "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \ + ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \ + "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \ + "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \ + "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \ + "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \ + ";;WD)(AU;CISA;WP;;;WD)" sec = security.descriptor.from_sddl(sddl, domain_sid) return ndr_pack(sec) diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c index ff57a0b..f873de4 100644 --- a/source4/smbd/process_single.c +++ b/source4/smbd/process_single.c @@ -99,7 +99,7 @@ static void single_new_task(struct tevent_context *ev, /* called when a task goes down */ static void single_terminate(struct tevent_context *ev, struct loadparm_context *lp_ctx, const char *reason) { - DEBUG(2,("single_terminate: reason[%s]\n",reason)); + DEBUG(3,("single_terminate: reason[%s]\n",reason)); } /* called to set a title of a task or connection */ -- Samba Shared Repository