The branch, master has been updated via 280d06f... s4-libnet: cope with an empty client site name from CLDAP via e88a54a... s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch via 4497080... s4:knownfail - remove tests which should pass via cfbd5ef... s4:netlogon RPC server - we don't need "are we DC" proofs via ca1f7c9... s4:torture - DsRGetDcSiteCoverageW - adapt test to check for the sitename via 4686305... s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation via a66bdbe... s4:torture - DsRGetSiteName - move "skip" statement before the "computer_name" check via 3b4137c... s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs via 2780a18... s4:torture - GetAnyDCName - adaptions via 5fc7118... s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation via cf93634... s4:torture - DsRAddressesToSitenames - enhance the testsuite via 908d982... s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information via cf73bc6... s4:CLDAP server - make use of the new "samdb_client_site_name" call via 093d356... s4:util - add a function which finds the matching client site using the client address via 725e48c... s4-drsdevel: support sites in drs developer scripts via 4679bb7... s4-vampire: show main CLDAP response attributes during vampire via 7e2b3ab... s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors from 3f643f1... Correctly report share types (now Win7 makes RPC calls against us).
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 280d06f8b5734555eb3cb8423d7f9ad1bdc83792 Author: Andrew Tridgell <tri...@samba.org> Date: Tue Apr 27 15:02:29 2010 +1000 s4-libnet: cope with an empty client site name from CLDAP We fall back to the server site name in a vampire Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit e88a54a87e185b44e2d216bd853e6a87bf950be6 Author: Andrew Tridgell <tri...@samba.org> Date: Tue Apr 27 14:25:14 2010 +1000 s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch We should respond when we are the PDC Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 449708017377c3cdf814642af75d7c7f8b554a3e Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Wed Apr 21 19:30:37 2010 +0200 s4:knownfail - remove tests which should pass Signed-off-by: Andrew Tridgell <tri...@samba.org> commit cfbd5ef8c401e316fe5659bb4360e30b6b8096d1 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Wed Apr 21 17:54:06 2010 +0200 s4:netlogon RPC server - we don't need "are we DC" proofs When we aren't a DC we shouldn't have the netlogon pipe available. [MS-NRPC 1.3] says that we can only have DCs on the server side. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit ca1f7c9b7332be2f7136094953eef43c65ee1462 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu Apr 22 10:37:45 2010 +0200 s4:torture - DsRGetDcSiteCoverageW - adapt test to check for the sitename Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 4686305feb13f6c824843cb2ab8d55f59254303c Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Thu Apr 22 10:28:37 2010 +0200 s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation Does for now only return DC's primary site. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit a66bdbec86f2da8b53518b05018f2c17261b9003 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Wed Apr 21 19:13:11 2010 +0200 s4:torture - DsRGetSiteName - move "skip" statement before the "computer_name" check We don't support the check for the computer name on the RPC server side. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 3b4137c7be94678e3bd3553fa05feea1efe0f5fd Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sun Apr 18 19:01:18 2010 +0200 s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 2780a18a9fc3aac355c141fe0393e1f8008e242f Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Tue Apr 20 16:59:48 2010 +0200 s4:torture - GetAnyDCName - adaptions - Check for the various domainname set modes (on NULL and "" the domain should be the default domain on the server) - support return value "WERR_NO_SUCH_DOMAIN" (the server is the PDC of the domain) Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 5fc71186751da3fc2388021630b16279cb949017 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Sun Apr 18 15:02:06 2010 +0200 s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation This implementation checks if the domainname is valid for us or a trusted domain. Then I've also added the PDC location functionality. That means that we should return "WERR_NO_SUCH_DOMAIN" (MS-NRPC 3.5.5.2.5). Signed-off-by: Andrew Tridgell <tri...@samba.org> commit cf93634ec5bc4a87c58fccbf2c04c8625013946f Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Wed Apr 21 21:39:20 2010 +0200 s4:torture - DsRAddressesToSitenames - enhance the testsuite This shows the Windows behaviour of these two calls which we should match. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 908d982980846257b65ab576d31131e8793e9399 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Tue Apr 13 22:49:48 2010 +0200 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information This behaviour should be similar to the one of Windows Server (in my case 2008) Signed-off-by: Andrew Tridgell <tri...@samba.org> commit cf73bc63e5c9335a2af8e0b46d2b12de5607f506 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Sun Apr 11 13:17:05 2010 +0200 s4:CLDAP server - make use of the new "samdb_client_site_name" call Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 093d35661d25d7fd89ce46fef5922768c0c0ace7 Author: Matthias Dieter Wallnöfer <m...@samba.org> Date: Tue Apr 13 18:28:53 2010 +0200 s4:util - add a function which finds the matching client site using the client address The lookup of the client site is done using the subnets in the configuration partition. If no one matches we use the Windows Server fallback mechansim. This means: if only one site is available just use it. If they're more set the output variable to "". Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 725e48c22c92e284bb55567f2116c8ddc82a0529 Author: Andrew Tridgell <tri...@samba.org> Date: Tue Apr 27 12:18:02 2010 +1000 s4-drsdevel: support sites in drs developer scripts commit 4679bb731b3620006249abb0f9808c755266d87a Author: Andrew Tridgell <tri...@samba.org> Date: Tue Apr 27 12:17:36 2010 +1000 s4-vampire: show main CLDAP response attributes during vampire commit 7e2b3ab14f84fb369a8fc00839feebd70b85426b Author: Andrew Tridgell <tri...@samba.org> Date: Tue Apr 27 12:17:08 2010 +1000 s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors The 0xc0002104/WERR_DS_DRA_NO_REPLICA seems to be spurious, and can be avoided by setting DRSUAPI_DRS_SYNC_ALL in the DsReplicaSync request. We need to investigate this further, and find out from MS why this is sometimes being sent, even when the target DC has the right repsFrom entries ----------------------------------------------------------------------- Summary of changes: source4/cldap_server/netlogon.c | 5 +- source4/dsdb/common/util.c | 90 +++++++ source4/dsdb/repl/drepl_notify.c | 19 ++- source4/dsdb/repl/drepl_service.h | 2 + source4/libnet/libnet_become_dc.c | 9 + source4/rpc_server/netlogon/dcerpc_netlogon.c | 211 +++++++++++++--- source4/scripting/devel/drs/unvampire_ad.sh | 5 +- source4/scripting/devel/drs/vampire_ad.sh | 4 +- source4/scripting/devel/drs/vars | 1 + source4/selftest/knownfail | 4 - source4/torture/rpc/netlogon.c | 347 ++++++++++++++++++++++--- 11 files changed, 622 insertions(+), 75 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 8f445d0..1993c1f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -266,8 +266,9 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, flatname = lp_sam_name(lp_ctx); server_site = samdb_server_site_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(server_site); - /* FIXME: Hardcoded site name */ - client_site = "Default-First-Site-Name"; + client_site = samdb_client_site_name(sam_ctx, mem_ctx, + src_address, NULL); + NT_STATUS_HAVE_NO_MEMORY(client_site); load_interfaces(mem_ctx, lp_interfaces(lp_ctx), &ifaces); pdc_ip = iface_best_ip(ifaces, src_address); diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 3a04797..7dd68b8 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -40,6 +40,7 @@ #include "system/locale.h" #include "lib/util/tsort.h" #include "dsdb/common/util.h" +#include "lib/socket/socket.h" /* search the sam for the specified attributes in a specific domain, filter on @@ -1593,6 +1594,95 @@ const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) } /* + * Finds the client site by using the client's IP address. + * The "subnet_name" returns the name of the subnet if parameter != NULL + */ +const char *samdb_client_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + const char *ip_address, char **subnet_name) +{ + const char *attrs[] = { "cn", "siteObject", NULL }; + struct ldb_dn *sites_container_dn, *subnets_dn, *sites_dn; + struct ldb_result *res; + const struct ldb_val *val; + const char *site_name = NULL, *l_subnet_name = NULL; + const char *allow_list[2] = { NULL, NULL }; + unsigned int i; + int cnt, ret; + + sites_container_dn = samdb_sites_dn(ldb, mem_ctx); + if (sites_container_dn == NULL) { + return NULL; + } + + subnets_dn = ldb_dn_copy(mem_ctx, sites_container_dn); + if ( ! ldb_dn_add_child_fmt(subnets_dn, "CN=Subnets")) { + talloc_free(sites_container_dn); + talloc_free(subnets_dn); + return NULL; + } + + ret = ldb_search(ldb, mem_ctx, &res, subnets_dn, LDB_SCOPE_ONELEVEL, + attrs, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(sites_container_dn); + talloc_free(subnets_dn); + return NULL; + } + + for (i = 0; i < res->count; i++) { + l_subnet_name = ldb_msg_find_attr_as_string(res->msgs[i], "cn", + NULL); + + allow_list[0] = l_subnet_name; + + if (allow_access(mem_ctx, NULL, allow_list, "", ip_address)) { + sites_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, + res->msgs[i], + "siteObject"); + if (sites_dn == NULL) { + /* No reference, maybe another subnet matches */ + continue; + } + + /* "val" cannot be NULL here since "sites_dn" != NULL */ + val = ldb_dn_get_rdn_val(sites_dn); + site_name = talloc_strdup(mem_ctx, + (const char *) val->data); + + talloc_free(sites_dn); + + break; + } + } + + if (site_name == NULL) { + /* This is the Windows Server fallback rule: when no subnet + * exists and we have only one site available then use it (it + * is for sure the same as our server site). If more sites do + * exist then we don't know which one to use and set the site + * name to "". */ + cnt = samdb_search_count(ldb, sites_container_dn, + "(objectClass=site)"); + if (cnt == 1) { + site_name = samdb_server_site_name(ldb, mem_ctx); + } else { + site_name = talloc_strdup(mem_ctx, ""); + } + l_subnet_name = NULL; + } + + if (subnet_name != NULL) { + *subnet_name = talloc_strdup(mem_ctx, l_subnet_name); + } + + talloc_free(sites_container_dn); + talloc_free(subnets_dn); + talloc_free(res); + + return site_name; +} + +/* work out if we are the PDC for the domain of the current open ldb */ bool samdb_is_pdc(struct ldb_context *ldb) diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c index 00075e8..0145b27 100644 --- a/source4/dsdb/repl/drepl_notify.c +++ b/source4/dsdb/repl/drepl_notify.c @@ -120,6 +120,10 @@ static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req) DRSUAPI_DRS_ASYNC_OP | DRSUAPI_DRS_UPDATE_NOTIFICATION | DRSUAPI_DRS_WRIT_REP; + if (state->op->service->syncall_workaround) { + DEBUG(3,("sending DsReplicaSync with SYNC_ALL workaround\n")); + r->in.req->req1.options |= DRSUAPI_DRS_SYNC_ALL; + } if (state->op->is_urgent) { r->in.req->req1.options |= DRSUAPI_DRS_SYNC_URGENT; @@ -127,6 +131,10 @@ static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req) state->ndr_struct_ptr = r; + if (DEBUGLVL(10)) { + NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r); + } + subreq = dcerpc_drsuapi_DsReplicaSync_r_send(state, state->ev, drsuapi->drsuapi_handle, @@ -185,10 +193,17 @@ static void dreplsrv_notify_op_callback(struct tevent_req *subreq) status = dreplsrv_op_notify_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s\n", + WERROR werr; + werr = ntstatus_to_werror(status); + + DEBUG(0,("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s : %s\n", op->source_dsa->repsFrom1->other_info->dns_name, ldb_dn_get_linearized(op->source_dsa->partition->dn), - nt_errstr(status))); + nt_errstr(status), win_errstr(werr))); + if (W_ERROR_EQUAL(werr, WERR_DS_DRA_NO_REPLICA)) { + DEBUG(0,("Enabling SYNC_ALL workaround\n")); + op->service->syncall_workaround = true; + } } else { DEBUG(2,("dreplsrv_notify: DsReplicaSync OK for %s\n", op->source_dsa->repsFrom1->other_info->dns_name)); diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h index 7813f92..88be769 100644 --- a/source4/dsdb/repl/drepl_service.h +++ b/source4/dsdb/repl/drepl_service.h @@ -213,6 +213,8 @@ struct dreplsrv_service { bool in_progress; struct dreplsrv_partition_source_dsa *rid_manager_source_dsa; } ridalloc; + + bool syncall_workaround; }; #include "dsdb/repl/drepl_out_helpers.h" diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 8880abf..74242c0 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -822,6 +822,15 @@ static void becomeDC_recv_cldap(struct tevent_req *req) s->dest_dsa.site_name = s->cldap.netlogon.client_site; + DEBUG(0,("CLDAP response: forest=%s dns=%s netbios=%s server_site=%s client_site=%s\n", + s->forest.dns_name, s->domain.dns_name, s->domain.netbios_name, + s->source_dsa.site_name, s->dest_dsa.site_name)); + if (!s->dest_dsa.site_name || strcmp(s->dest_dsa.site_name, "") == 0) { + DEBUG(0,("Got empty client site - using server site name %s\n", + s->source_dsa.site_name)); + s->dest_dsa.site_name = s->source_dsa.site_name; + } + becomeDC_connect_ldap1(s); } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 5acf91f..8681e68 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -988,6 +988,10 @@ static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALL return werr; } +static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, + struct ldb_context *sam_ctx, + struct netr_DomainTrustList *trusts, + uint32_t trust_flags); /* netr_GetAnyDCName @@ -995,18 +999,56 @@ static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALL static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_GetAnyDCName *r) { - struct netr_GetDcName r2; + struct netr_DomainTrustList *trusts; + struct ldb_context *sam_ctx; + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + uint32_t i; WERROR werr; - ZERO_STRUCT(r2); + *r->out.dcname = NULL; + + if ((r->in.domainname == NULL) || (r->in.domainname[0] == '\0')) { + /* if the domainname parameter wasn't set assume our domain */ + r->in.domainname = lp_workgroup(lp_ctx); + } - r2.in.logon_server = r->in.logon_server; - r2.in.domainname = r->in.domainname; - r2.out.dcname = r->out.dcname; + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_UNAVAILABLE; + } - werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2); + if (strcasecmp(r->in.domainname, lp_workgroup(lp_ctx)) == 0) { + *r->out.dcname = talloc_asprintf(mem_ctx, "\\%s", + lp_netbios_name(lp_ctx)); + W_ERROR_HAVE_NO_MEMORY(*r->out.dcname); - return werr; + return WERR_OK; + } + + /* Okay, now we have to consider the trusted domains */ + + trusts = talloc_zero(mem_ctx, struct netr_DomainTrustList); + W_ERROR_HAVE_NO_MEMORY(trusts); + + trusts->count = 0; + + werr = fill_trusted_domains_array(mem_ctx, sam_ctx, trusts, + NETR_TRUST_FLAG_INBOUND + | NETR_TRUST_FLAG_OUTBOUND); + W_ERROR_NOT_OK_RETURN(werr); + + for (i = 0; i < trusts->count; i++) { + if (strcasecmp(r->in.domainname, trusts->array[i].netbios_name) == 0) { + /* FIXME: Here we need to find a DC for the specified + * trusted domain. */ + + /* return WERR_OK; */ + return WERR_NO_SUCH_DOMAIN; + } + } + + return WERR_NO_SUCH_DOMAIN; } @@ -1088,7 +1130,19 @@ static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_DsRGetSiteName *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct ldb_context *sam_ctx; + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_UNAVAILABLE; + } + + *r->out.site = samdb_server_site_name(sam_ctx, mem_ctx); + W_ERROR_HAVE_NO_MEMORY(*r->out.site); + + return WERR_OK; } @@ -1456,16 +1510,6 @@ static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, /* - netr_DsRAddressToSitenamesW -*/ -static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct netr_DsRAddressToSitenamesW *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* netr_DsRGetDCNameEx2 */ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, @@ -1616,12 +1660,23 @@ static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_DsRAddressToSitenamesExW *r) { + struct ldb_context *sam_ctx; struct netr_DsRAddressToSitenamesExWCtr *ctr; - int i; + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + uint16_t sin_family; + struct sockaddr_in *addr; + struct sockaddr_in6 *addr6; + char addr_str[INET6_ADDRSTRLEN]; + char *subnet_name; + const char *res; + uint32_t i; + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_UNAVAILABLE; + } - /* we should map the provided IPs to site names, once we have - * sites support - */ ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr); W_ERROR_HAVE_NO_MEMORY(ctr); @@ -1634,9 +1689,46 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce W_ERROR_HAVE_NO_MEMORY(ctr->subnetname); for (i=0; i<ctr->count; i++) { - /* FIXME: Hardcoded site name */ - ctr->sitename[i].string = "Default-First-Site-Name"; + ctr->sitename[i].string = NULL; ctr->subnetname[i].string = NULL; + + if (r->in.addresses[i].size < sizeof(sin_family)) { + continue; + } + sin_family = SVAL(r->in.addresses[i].buffer, 0); + + switch (sin_family) { + case AF_INET: + if (r->in.addresses[i].size < sizeof(struct sockaddr_in)) { + continue; + } + addr = (struct sockaddr_in *) r->in.addresses[i].buffer; + res = inet_ntop(AF_INET, &addr->sin_addr, + addr_str, sizeof(addr_str)); + break; + case AF_INET6: + if (r->in.addresses[i].size < sizeof(struct sockaddr_in6)) { + continue; + } + addr6 = (struct sockaddr_in6 *) r->in.addresses[i].buffer; + res = inet_ntop(AF_INET6, &addr6->sin6_addr, + addr_str, sizeof(addr_str)); + break; + default: + continue; + break; + } + + if (res == NULL) { + continue; + } + + ctr->sitename[i].string = samdb_client_site_name(sam_ctx, + mem_ctx, + addr_str, + &subnet_name); + W_ERROR_HAVE_NO_MEMORY(ctr->sitename[i].string); + ctr->subnetname[i].string = subnet_name; } return WERR_OK; @@ -1644,12 +1736,73 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce /* + netr_DsRAddressToSitenamesW +*/ +static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct netr_DsRAddressToSitenamesW *r) +{ + struct netr_DsRAddressToSitenamesExW r2; + struct netr_DsRAddressToSitenamesWCtr *ctr; + uint32_t i; + WERROR werr; + + ZERO_STRUCT(r2); + + r2.in.server_name = r->in.server_name; + r2.in.count = r->in.count; + r2.in.addresses = r->in.addresses; + + r2.out.ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr *); + W_ERROR_HAVE_NO_MEMORY(r2.out.ctr); + + werr = dcesrv_netr_DsRAddressToSitenamesExW(dce_call, mem_ctx, &r2); + + ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesWCtr); + W_ERROR_HAVE_NO_MEMORY(ctr); + + *r->out.ctr = ctr; + + ctr->count = r->in.count; + ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count); + W_ERROR_HAVE_NO_MEMORY(ctr->sitename); + + for (i=0; i<ctr->count; i++) { + ctr->sitename[i].string = (*r2.out.ctr)->sitename[i].string; + } + + return werr; +} + + +/* netr_DsrGetDcSiteCoverageW */ static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_DsrGetDcSiteCoverageW *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct ldb_context *sam_ctx; + struct DcSitesCtr *ctr; + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_UNAVAILABLE; + } + + ctr = talloc(mem_ctx, struct DcSitesCtr); + W_ERROR_HAVE_NO_MEMORY(ctr); + + *r->out.ctr = ctr; + + /* For now only return our default site */ + ctr->num_sites = 1; + ctr->sites = talloc_array(ctr, struct lsa_String, ctr->num_sites); + W_ERROR_HAVE_NO_MEMORY(ctr->sites); + ctr->sites[0].string = samdb_server_site_name(sam_ctx, mem_ctx); + W_ERROR_HAVE_NO_MEMORY(ctr->sites[0].string); + + return WERR_OK; } @@ -1956,10 +2109,6 @@ static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state struct ldb_context *sam_ctx; WERROR werr; - if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) { - return WERR_CALL_NOT_IMPLEMENTED; - } - if (r->in.flags & 0xFFFFFFFE) { return WERR_INVALID_FLAGS; } @@ -2019,10 +2168,6 @@ static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state * NTSTATUS status; WERROR werr; - if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) { - return NT_STATUS_NOT_IMPLEMENTED; - } - status = dcesrv_netr_creds_server_step_check(dce_call, mem_ctx, r->in.computer_name, diff --git a/source4/scripting/devel/drs/unvampire_ad.sh b/source4/scripting/devel/drs/unvampire_ad.sh index 7f9763e..dbd3cfb 100755 --- a/source4/scripting/devel/drs/unvampire_ad.sh +++ b/source4/scripting/devel/drs/unvampire_ad.sh @@ -4,8 +4,11 @@ set -x -- Samba Shared Repository