[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell Mon, 27 Sep 2010 17:05:18 -0700

The branch, master has been updated
       via  6676142 s4-ildap: two more places that need talloc_reparent()
       via  396cdd6 s4-kcc: don't print "Testing 
kcctpl_create_intersite_connections"
       via  8e1a3c8 s4-drs: make getncchanges debug less verbose
       via  8edf3d7 s4-dns: avoid search domains expansion in DNS resolver
       via  43d0c2e heimdal: avoid DNS search domain expansion
      from  48adfb2 samr: add three new ACB flags to IDL.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 66761423474edc9736a8a6eae6feaaf958d89d0e
Author: Andrew Tridgell <[email protected]>
Date:   Mon Sep 27 15:03:44 2010 -0700

    s4-ildap: two more places that need talloc_reparent()
    
    these contexts can have references
    
    Autobuild-User: Andrew Tridgell <[email protected]>
    Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104

commit 396cdd6343e12a1b3cdd2d4c3bbac37c5fc30330
Author: Andrew Tridgell <[email protected]>
Date:   Mon Sep 27 14:56:04 2010 -0700

    s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
    
    log level 0 is excessive for this!

commit 8e1a3c8ccab0586e8244b511df95e6f22c49fa8b
Author: Andrew Tridgell <[email protected]>
Date:   Mon Sep 27 14:42:13 2010 -0700

    s4-drs: make getncchanges debug less verbose
    
    quieten make test a little

commit 8edf3d71318acdba73f7415ae2db7b7988e34029
Author: Andrew Tridgell <[email protected]>
Date:   Mon Sep 27 14:34:43 2010 -0700

    s4-dns: avoid search domains expansion in DNS resolver
    
    add a '.' if the name contains a '.' already, but not at the end

commit 43d0c2e9ea71770aa87e74778c20908606cd55f8
Author: Andrew Tridgell <[email protected]>
Date:   Mon Sep 27 14:34:06 2010 -0700

    heimdal: avoid DNS search domain expansion
    
    When you have a domain search list in resolv.conf, and one of the DNS
    servers for a searched domain is uncontactable then we would timeout
    resolving DNS names.
    
    Avoid this by adding a '.' to the hostname if the hostname already has
    a '.' in it, which we assume to mean it is fully qualified.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/kcc/kcc_topology.c           |    2 +-
 source4/heimdal/lib/krb5/krbhst.c         |   17 ++++++++++++++++-
 source4/lib/ldb/ldb_ildap/ldb_ildap.c     |    2 +-
 source4/libcli/ldap/ldap_bind.c           |    2 +-
 source4/libcli/resolve/dns_ex.c           |    8 ++++++++
 source4/rpc_server/drsuapi/getncchanges.c |    2 +-
 6 files changed, 28 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/kcc/kcc_topology.c b/source4/dsdb/kcc/kcc_topology.c
index fbf2885..9124fc7 100644
--- a/source4/dsdb/kcc/kcc_topology.c
+++ b/source4/dsdb/kcc/kcc_topology.c
@@ -3460,7 +3460,7 @@ NTSTATUS kcctpl_test(struct kccsrv_service *service)
        struct GUID_list keep;
        bool all_connected;
 
-       DEBUG(0, ("Testing kcctpl_create_intersite_connections\n"));
+       DEBUG(2, ("Testing kcctpl_create_intersite_connections\n"));
        status = kcctpl_create_intersite_connections(service, tmp_ctx, &keep,
                                                     &all_connected);
        DEBUG(4, ("%s\n", nt_errstr(status)));
diff --git a/source4/heimdal/lib/krb5/krbhst.c 
b/source4/heimdal/lib/krb5/krbhst.c
index 3bb00d2..4da3af2 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -370,9 +370,24 @@ krb5_krbhst_get_addrinfo(krb5_context context, 
krb5_krbhst_info *host,
     int ret;
 
     if (host->ai == NULL) {
+       char *hostname_dot = NULL;
        make_hints(&hints, host->proto);
        snprintf (portstr, sizeof(portstr), "%d", host->port);
-       ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
+       if (strchr(host->hostname, '.') && 
+           host->hostname[strlen(host->hostname)-1] != '.') {
+               /* avoid expansion of search domains from resolv.conf
+                  - these can be very slow if the DNS server is not up
+                  for the searched domain */
+               hostname_dot = malloc(strlen(host->hostname)+2);
+               if (hostname_dot) {
+                       strcpy(hostname_dot, host->hostname);
+                       hostname_dot[strlen(host->hostname)] = '.';
+                       hostname_dot[strlen(host->hostname)+1] = 0;
+               }
+       }
+       ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, 
&hints, &host->ai);
+       if (hostname_dot) 
+               free(hostname_dot);
        if (ret)
            return krb5_eai_to_heim_errno(ret, errno);
     }
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c 
b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 044f91b..98e98a8 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -409,7 +409,7 @@ static int ildb_request_send(struct ildb_context *ac, 
struct ldap_message *msg)
                ldb_set_errstring(ldb, "async send request failed");
                return LDB_ERR_OPERATIONS_ERROR;
        }
-       ac->ireq = talloc_steal(ac, req);
+       ac->ireq = talloc_reparent(ac->ildb->ldap, ac, req);
 
        if (!ac->ireq->conn) {
                ldb_set_errstring(ldb, "connection to remote LDAP server 
dropped?");
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 5a2635a..6565979 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -352,7 +352,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection 
*conn,
                        status = NT_STATUS_NO_MEMORY;
                        goto failed;
                }
-               talloc_steal(tmp_ctx, req);
+               talloc_reparent(conn, tmp_ctx, req);
 
                status = ldap_result_n(req, 0, &response);
                if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 76dd103..711eb0a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -92,6 +92,14 @@ static void run_child_dns_lookup(struct dns_ex_state *state, 
int fd)
        uint32_t i;
        bool do_srv = (state->flags & RESOLVE_NAME_FLAG_DNS_SRV);
 
+       if (strchr(state->name.name, '.') && 
state->name.name[strlen(state->name.name)-1] != '.') {
+               /* we are asking for a fully qualified name, but the
+                  name doesn't end in a '.'. We need to prevent the
+                  DNS library trying the search domains configured in
+                  resolv.conf */
+               state->name.name = talloc_strdup_append(state->name.name, ".");
+       }
+
        /* this is the blocking call we are going to lots of trouble
           to avoid in the parent */
        reply = rk_dns_lookup(state->name.name, do_srv?"SRV":"A");
diff --git a/source4/rpc_server/drsuapi/getncchanges.c 
b/source4/rpc_server/drsuapi/getncchanges.c
index 204297d..36d74f4 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1260,7 +1260,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct 
dcesrv_call_state *dce_call, TALLOC_
                        search_dn = getnc_state->ncRoot_dn;
                }
 
-               DEBUG(1,(__location__ ": getncchanges on %s using filter %s\n",
+               DEBUG(2,(__location__ ": getncchanges on %s using filter %s\n",
                         ldb_dn_get_linearized(getnc_state->ncRoot_dn), 
search_filter));
                ret = drsuapi_search_with_extended_dn(sam_ctx, getnc_state, 
&getnc_state->site_res,
                                                      search_dn, scope, attrs,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to