The branch, master has been updated via 0a4b7bb s4-repl: removed the syncall_workaround code via 6c8b0d7 s4-repl: save the result of the last replication in repsFrom/repsTo via 73016ad s4-repl: ensure we don't starve pending replication ops via e17ea9f s4-kcc: fixed result_last_attempt in showrepl via 9a744c6 s4-doserr: telling our users to "see Windows help" doesn't seem right via 1645190 s4-provision: don't test for xattrs if posix:eadb is set via 333975d s4-provision: setup posix:eadb using lp.set() via 9432eab developer: only do the C++ reserved name checking on Linux via d7ea449 s4-provision: don't try to autodetect xattr is posix:eadb is set via 1a65180 s4-heimdal: ask for non-atomic heimdal via e7dad42 heimdal: added HEIM_BASE_NON_ATOMIC option via 6041938 s4-test: updates to test-howto.py via 0cf7189 s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY via 5f655e9 s4-gensec: zero the gssapi_state via 1887ce8 s4-provision: use the command line lp in provision via 2920033 s4-provision: add log messages about IP lookup via 60449d5 s4-dns: catch more expections in samba_dnsupdate from d1c1aae s3: Remove a reference to "winbindd_cli_state" from append_auth_data
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0a4b7bb9a547011c4c39b75acee1c00c90562cd1 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 23:48:23 2010 +1100 s4-repl: removed the syncall_workaround code this isn't needed any more Autobuild-User: Andrew Tridgell <tri...@samba.org> Autobuild-Date: Wed Nov 17 13:41:51 UTC 2010 on sn-devel-104 commit 6c8b0d7f2784faf68d08d42227765bdc0ce28b35 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 23:13:32 2010 +1100 s4-repl: save the result of the last replication in repsFrom/repsTo when a replication fails, we should add the failure to repsFrom when a notify fails, we need to save it to repsTo this ensures showrepl always shows the latest status commit 73016ad40523d4d41114c7b4d6bb2a46815bb597 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 23:12:10 2010 +1100 s4-repl: ensure we don't starve pending replication ops when there was a continuous sequence of notify ops, we could leave the replication ops starving. This ensures we run whichever was queued first commit e17ea9f3f5019cd95ace6920ba73129cda0adf55 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 23:11:12 2010 +1100 s4-kcc: fixed result_last_attempt in showrepl commit 9a744c634ff55c166294d63d192649ad238f9bf6 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 23:10:48 2010 +1100 s4-doserr: telling our users to "see Windows help" doesn't seem right commit 1645190b1c0a4708cb3110bc94c1b9ec3e0d77e4 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 21:50:06 2010 +1100 s4-provision: don't test for xattrs if posix:eadb is set when it is set in smb.conf or on the command line, obey the setting and don't try to test for system xattr support commit 333975d84f1f5016ad8d61c8107ef76e43af0c7e Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 21:49:19 2010 +1100 s4-provision: setup posix:eadb using lp.set() this allows it to override a setting made during the automatic testing of xattr support commit 9432eabb2f6ba282943e1b7ea4e90c0ed38cefe2 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 20:36:37 2010 +1100 developer: only do the C++ reserved name checking on Linux this prevents us breaking the solaris build, but will still mean we prevent C++ vars in our code commit d7ea449049e6536c4c25274dc24d9eaa90cb7abd Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 20:15:42 2010 +1100 s4-provision: don't try to autodetect xattr is posix:eadb is set when posix:eadb is set then we know we should be using an eadb commit 1a6518072899593f64e115e2c8cd5f5f4c523a4c Author: Andrew Tridgell <tri...@opensolaris.home.tridgell.net> Date: Mon Nov 15 22:54:09 2010 -0500 s4-heimdal: ask for non-atomic heimdal this allows us to build with compilers other than gcc commit e7dad42bc6cdf38d194a564c6ecdeb60cd4204c6 Author: Andrew Tridgell <tri...@opensolaris.home.tridgell.net> Date: Mon Nov 15 22:53:13 2010 -0500 heimdal: added HEIM_BASE_NON_ATOMIC option This allows heimdal to build without gcc, by not using atomic operations. We don't need heimdal to be atomic in Samba. commit 6041938908962ab89527671dd5fb8ce58f530f34 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 18:29:04 2010 +1100 s4-test: updates to test-howto.py - handle clock skew using "net time" on windows after we open the telnet connection - allow checking for result lists in order - replicate all partitions after vampiring so we don't need to wait for periodic replication - use a krb5 ccache in the prefix for kinit based tests The complete test suite now passes on my system, taking just over 13 minutes to complete commit 0cf7189d4a4bf0ae538e0aa82ec90982b7523336 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 17:33:31 2010 +1100 s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 5f655e99a1c17ac9d28acb4740585d2100746d69 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 17:09:24 2010 +1100 s4-gensec: zero the gssapi_state this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 1887ce87e49fa593e02807e52fd4b653ca577a66 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 12:54:41 2010 +1100 s4-provision: use the command line lp in provision this ensures that provision options are stored in the generated smb.conf commit 292003343ebf37954eb0862d17f431cc16d8ec54 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 12:54:13 2010 +1100 s4-provision: add log messages about IP lookup the IPv6 lookup can be very slow if a DNS server in the search list is unavailable. It's good to let the user know what its doing. commit 60449d561dd4fdbe5ea9368ea59ef4e8bfa7b420 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Nov 17 12:33:02 2010 +1100 s4-dns: catch more expections in samba_dnsupdate ----------------------------------------------------------------------- Summary of changes: libcli/util/doserr.c | 8 +- nsswitch/winbind_nss_solaris.h | 26 --- source3/include/includes.h | 2 +- source4/auth/gensec/gensec_gssapi.c | 2 +- source4/dsdb/kcc/kcc_drs_replica_info.c | 1 + source4/dsdb/repl/drepl_notify.c | 39 +---- source4/dsdb/repl/drepl_out_pull.c | 103 ++++++++---- source4/dsdb/repl/drepl_periodic.c | 18 ++- source4/dsdb/repl/drepl_service.h | 4 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 5 - source4/heimdal/base/baselocl.h | 9 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 6 +- source4/heimdal_build/config.h | 3 + source4/include/includes.h | 2 +- source4/scripting/bin/samba_dnsupdate | 6 +- source4/scripting/devel/howto/test-howto.py | 178 +++++++++++++------- source4/scripting/devel/howto/tridge.conf | 3 + source4/scripting/python/samba/ntacls.py | 1 + source4/scripting/python/samba/provision.py | 9 +- source4/setup/provision | 4 +- source4/setup/provision.smb.conf.dc | 1 - source4/setup/provision.smb.conf.member | 1 - source4/setup/provision.smb.conf.standalone | 1 - 23 files changed, 257 insertions(+), 175 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/util/doserr.c b/libcli/util/doserr.c index 1663edb..a0c152d 100644 --- a/libcli/util/doserr.c +++ b/libcli/util/doserr.c @@ -3349,9 +3349,9 @@ const struct werror_str_struct dos_err_strs[] = { { WERR_ADDRESS_NOT_ASSOCIATED, "An address has not yet been associated with the network endpoint." }, { WERR_CONNECTION_INVALID, "An operation was attempted on a nonexistent network connection." }, { WERR_CONNECTION_ACTIVE, "An invalid operation was attempted on an active network connection." }, - { WERR_NETWORK_UNREACHABLE, "The network location cannot be reached. For information about network troubleshooting, see Windows Help." }, - { WERR_HOST_UNREACHABLE, "The network location cannot be reached. For information about network troubleshooting, see Windows Help." }, - { WERR_PROTOCOL_UNREACHABLE, "The network location cannot be reached. For information about network troubleshooting, see Windows Help." }, + { WERR_NETWORK_UNREACHABLE, "The network location cannot be reached." }, + { WERR_HOST_UNREACHABLE, "The network location cannot be reached." }, + { WERR_PROTOCOL_UNREACHABLE, "The network location cannot be reached." }, { WERR_PORT_UNREACHABLE, "No service is operating at the destination network endpoint on the remote system." }, { WERR_REQUEST_ABORTED, "The request was aborted." }, { WERR_CONNECTION_ABORTED, "The network connection was aborted by the local system." }, @@ -3374,7 +3374,7 @@ const struct werror_str_struct dos_err_strs[] = { { WERR_BAD_USER_PROFILE, "The specified user does not have a valid profile." }, { WERR_NOT_SUPPORTED_ON_SBS, "This operation is not supported on a computer running Windows Server 2003 for Small Business Server." }, { WERR_SERVER_SHUTDOWN_IN_PROGRESS, "The server machine is shutting down." }, - { WERR_HOST_DOWN, "The remote system is not available. For information about network troubleshooting, see Windows Help." }, + { WERR_HOST_DOWN, "The remote system is not available." }, { WERR_NON_ACCOUNT_SID, "The security identifier provided is not from an account domain." }, { WERR_NON_DOMAIN_SID, "The security identifier provided does not have a domain component." }, { WERR_APPHELP_BLOCK, "AppHelp dialog canceled, thus preventing the application from starting." }, diff --git a/nsswitch/winbind_nss_solaris.h b/nsswitch/winbind_nss_solaris.h index f805542..0113305 100644 --- a/nsswitch/winbind_nss_solaris.h +++ b/nsswitch/winbind_nss_solaris.h @@ -22,33 +22,7 @@ #ifndef _WINBIND_NSS_SOLARIS_H #define _WINBIND_NSS_SOLARIS_H -/* Solaris has a broken nss_common header file containing C++ reserved names. */ -#ifndef __cplusplus -#undef class -#undef private -#undef public -#undef protected -#undef template -#undef this -#undef new -#undef delete -#undef friend -#endif - #include <nss_common.h> - -#ifndef __cplusplus -#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES -#endif - #include <nss_dbdefs.h> #include <nsswitch.h> diff --git a/source3/include/includes.h b/source3/include/includes.h index 11066e2..87061eb 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -34,7 +34,7 @@ to include --with-developer since too many systems still have comflicts with their header files (e.g. IRIX 6.4) */ -#if !defined(__cplusplus) && defined(DEVELOPER) +#if !defined(__cplusplus) && defined(DEVELOPER) && defined(__linux__) #define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index a6d0ef2..f0da54d 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -149,7 +149,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) krb5_error_code ret; const char *realm; - gensec_gssapi_state = talloc(gensec_security, struct gensec_gssapi_state); + gensec_gssapi_state = talloc_zero(gensec_security, struct gensec_gssapi_state); if (!gensec_gssapi_state) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c index 05f9434..fab7202 100644 --- a/source4/dsdb/kcc/kcc_drs_replica_info.c +++ b/source4/dsdb/kcc/kcc_drs_replica_info.c @@ -494,6 +494,7 @@ static WERROR copy_repsfrom_1_to_2(TALLOC_CTX *mem_ctx, reps->consecutive_sync_failures = reps1->consecutive_sync_failures; reps->last_attempt = reps1->last_attempt; reps->last_success = reps1->last_success; + reps->result_last_attempt = reps1->result_last_attempt; reps->other_info = talloc_zero(mem_ctx, struct repsFromTo2OtherInfo); W_ERROR_HAVE_NO_MEMORY(reps->other_info); reps->other_info->dns_name1 = reps1->other_info->dns_name; diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c index 0178e97..8f31516 100644 --- a/source4/dsdb/repl/drepl_notify.c +++ b/source4/dsdb/repl/drepl_notify.c @@ -120,10 +120,6 @@ static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req) DRSUAPI_DRS_ASYNC_OP | DRSUAPI_DRS_UPDATE_NOTIFICATION | DRSUAPI_DRS_WRIT_REP; - if (state->op->service->syncall_workaround) { - DEBUG(3,("sending DsReplicaSync with SYNC_ALL workaround\n")); - r->in.req->req1.options |= DRSUAPI_DRS_SYNC_ALL; - } if (state->op->is_urgent) { r->in.req->req1.options |= DRSUAPI_DRS_SYNC_URGENT; @@ -189,46 +185,29 @@ static void dreplsrv_notify_op_callback(struct tevent_req *subreq) struct dreplsrv_notify_operation); NTSTATUS status; struct dreplsrv_service *s = op->service; + WERROR werr; status = dreplsrv_op_notify_recv(subreq); + werr = ntstatus_to_werror(status); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { - WERROR werr; - unsigned int msg_debug_level = 0; - werr = ntstatus_to_werror(status); - if (W_ERROR_EQUAL(werr, WERR_BADFILE)) { - /* - * TODO: - * - * we should better fix the bug regarding - * non-linked attribute handling, instead - * of just hiding the failures. - * - * we should also remove the dc from our repsTo - * if it failed to often, instead of retrying - * every few seconds - */ - msg_debug_level = 2; - } - - DEBUG(msg_debug_level, - ("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s : %s\n", + DEBUG(4,("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s : %s\n", op->source_dsa->repsFrom1->other_info->dns_name, ldb_dn_get_linearized(op->source_dsa->partition->dn), nt_errstr(status), win_errstr(werr))); - if (W_ERROR_EQUAL(werr, WERR_DS_DRA_NO_REPLICA)) { - DEBUG(0,("Enabling SYNC_ALL workaround\n")); - op->service->syncall_workaround = true; - } } else { DEBUG(2,("dreplsrv_notify: DsReplicaSync OK for %s\n", op->source_dsa->repsFrom1->other_info->dns_name)); op->source_dsa->notify_uSN = op->uSN; } + drepl_reps_update(s, "repsTo", op->source_dsa->partition->dn, + &op->source_dsa->repsFrom1->source_dsa_obj_guid, + werr); + talloc_free(op); s->ops.n_current = NULL; - dreplsrv_notify_run_ops(s); + dreplsrv_run_pending_ops(s); } /* @@ -343,6 +322,7 @@ static WERROR dreplsrv_schedule_notify_sync(struct dreplsrv_service *service, op->uSN = uSN; op->is_urgent = is_urgent; op->replica_flags = replica_flags; + op->schedule_time = time(NULL); DLIST_ADD_END(service->ops.notifies, op, struct dreplsrv_notify_operation *); talloc_steal(service, op); @@ -499,5 +479,4 @@ static void dreplsrv_notify_run(struct dreplsrv_service *service) talloc_free(mem_ctx); dreplsrv_run_pending_ops(service); - dreplsrv_notify_run_ops(service); } diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index 3e59ee9..874d44e 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -34,6 +34,60 @@ #include "libcli/composite/composite.h" #include "libcli/security/security.h" +/* + update repsFrom/repsTo error information + */ +void drepl_reps_update(struct dreplsrv_service *s, const char *reps_attr, + struct ldb_dn *dn, + struct GUID *source_dsa_obj_guid, WERROR status) +{ + struct repsFromToBlob *reps; + uint32_t count, i; + WERROR werr; + TALLOC_CTX *tmp_ctx = talloc_new(s); + time_t t; + NTTIME now; + + t = time(NULL); + unix_to_nt_time(&now, t); + + werr = dsdb_loadreps(s->samdb, tmp_ctx, dn, reps_attr, &reps, &count); + if (!W_ERROR_IS_OK(werr)) { + talloc_free(tmp_ctx); + return; + } + + for (i=0; i<count; i++) { + if (GUID_compare(source_dsa_obj_guid, + &reps[i].ctr.ctr1.source_dsa_obj_guid) == 0) { + break; + } + } + + if (i == count) { + /* no record to update */ + talloc_free(tmp_ctx); + return; + } + + /* only update the status fields */ + reps[i].ctr.ctr1.last_attempt = now; + reps[i].ctr.ctr1.result_last_attempt = status; + if (W_ERROR_IS_OK(status)) { + reps[i].ctr.ctr1.last_success = now; + reps[i].ctr.ctr1.consecutive_sync_failures = 0; + } else { + reps[i].ctr.ctr1.consecutive_sync_failures++; + } + + werr = dsdb_savereps(s->samdb, tmp_ctx, dn, reps_attr, reps, count); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(2,("drepl_reps_update: Failed to save %s for %s: %s\n", + reps_attr, ldb_dn_get_linearized(dn), win_errstr(werr))); + } + talloc_free(tmp_ctx); +} + WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, struct dreplsrv_partition_source_dsa *source, enum drsuapi_DsExtendedOperation extended_op, @@ -52,6 +106,7 @@ WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, op->fsmo_info = fsmo_info; op->callback = callback; op->cb_data = cb_data; + op->schedule_time = time(NULL); DLIST_ADD_END(s->ops.pending, op, struct dreplsrv_out_operation *); @@ -95,48 +150,35 @@ static void dreplsrv_pending_op_callback(struct tevent_req *subreq) struct dreplsrv_out_operation); struct repsFromTo1 *rf = op->source_dsa->repsFrom1; struct dreplsrv_service *s = op->service; - time_t t; - NTTIME now; + WERROR werr; - t = time(NULL); - unix_to_nt_time(&now, t); - - rf->result_last_attempt = dreplsrv_op_pull_source_recv(subreq); + werr = dreplsrv_op_pull_source_recv(subreq); TALLOC_FREE(subreq); - if (W_ERROR_IS_OK(rf->result_last_attempt)) { - rf->consecutive_sync_failures = 0; - rf->last_success = now; - DEBUG(3,("dreplsrv_op_pull_source(%s)\n", - win_errstr(rf->result_last_attempt))); - goto done; - } - rf->consecutive_sync_failures++; + DEBUG(4,("dreplsrv_op_pull_source(%s) for %s\n", win_errstr(werr), + ldb_dn_get_linearized(op->source_dsa->partition->dn))); - DEBUG(1,("dreplsrv_op_pull_source(%s/%s) for %s failures[%u]\n", - win_errstr(rf->result_last_attempt), - nt_errstr(werror_to_ntstatus(rf->result_last_attempt)), - ldb_dn_get_linearized(op->source_dsa->partition->dn), - rf->consecutive_sync_failures)); + if (op->extended_op == DRSUAPI_EXOP_NONE) { + drepl_reps_update(s, "repsFrom", op->source_dsa->partition->dn, + &rf->source_dsa_obj_guid, werr); + } -done: if (op->callback) { - op->callback(s, rf->result_last_attempt, op->extended_ret, op->cb_data); + op->callback(s, werr, op->extended_ret, op->cb_data); } talloc_free(op); s->ops.current = NULL; dreplsrv_run_pending_ops(s); - dreplsrv_notify_run_ops(s); } -void dreplsrv_run_pending_ops(struct dreplsrv_service *s) +void dreplsrv_run_pull_ops(struct dreplsrv_service *s) { struct dreplsrv_out_operation *op; time_t t; NTTIME now; struct tevent_req *subreq; - if (s->ops.current || s->ops.n_current) { + if (s->ops.current) { /* if there's still one running, we're done */ return; } @@ -159,8 +201,10 @@ void dreplsrv_run_pending_ops(struct dreplsrv_service *s) if (!subreq) { struct repsFromTo1 *rf = op->source_dsa->repsFrom1; - rf->result_last_attempt = WERR_NOMEM; - rf->consecutive_sync_failures++; + if (op->extended_op == DRSUAPI_EXOP_NONE) { + drepl_reps_update(s, "repsFrom", op->source_dsa->partition->dn, + &rf->source_dsa_obj_guid, WERR_NOMEM); + } s->ops.current = NULL; /* @@ -168,13 +212,8 @@ void dreplsrv_run_pending_ops(struct dreplsrv_service *s) * to do its job just like in any other failure situation */ if (op->callback) { - op->callback(s, rf->result_last_attempt, op->extended_ret, op->cb_data); + op->callback(s, WERR_NOMEM, op->extended_ret, op->cb_data); } - - DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n", - win_errstr(rf->result_last_attempt), - nt_errstr(werror_to_ntstatus(rf->result_last_attempt)), - rf->consecutive_sync_failures)); return; } tevent_req_set_callback(subreq, dreplsrv_pending_op_callback, op); diff --git a/source4/dsdb/repl/drepl_periodic.c b/source4/dsdb/repl/drepl_periodic.c index 60f3581..fe0fb6d 100644 --- a/source4/dsdb/repl/drepl_periodic.c +++ b/source4/dsdb/repl/drepl_periodic.c @@ -116,5 +116,21 @@ static void dreplsrv_periodic_run(struct dreplsrv_service *service) dreplsrv_ridalloc_check_rid_pool(service); dreplsrv_run_pending_ops(service); - dreplsrv_notify_run_ops(service); +} + +/* + run the next pending op, either a notify or a pull + */ +void dreplsrv_run_pending_ops(struct dreplsrv_service *s) +{ + if (!s->ops.notifies && !s->ops.pending) { + return; + } + if (!s->ops.notifies || + (s->ops.pending && + s->ops.notifies->schedule_time > s->ops.pending->schedule_time)) { + dreplsrv_run_pull_ops(s); + } else { + dreplsrv_notify_run_ops(s); + } } diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h index 9ad62fd..48b084f 100644 --- a/source4/dsdb/repl/drepl_service.h +++ b/source4/dsdb/repl/drepl_service.h @@ -119,6 +119,7 @@ typedef void (*dreplsrv_extended_callback_t)(struct dreplsrv_service *, struct dreplsrv_out_operation { struct dreplsrv_out_operation *prev, *next; + time_t schedule_time; struct dreplsrv_service *service; @@ -133,6 +134,7 @@ struct dreplsrv_out_operation { struct dreplsrv_notify_operation { struct dreplsrv_notify_operation *prev, *next; + time_t schedule_time; struct dreplsrv_service *service; uint64_t uSN; @@ -228,8 +230,6 @@ struct dreplsrv_service { bool rid_alloc_in_progress; - bool syncall_workaround; - bool am_rodc; }; diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 957ca3c..3db1fe9 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -3547,11 +3547,6 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a ZERO_STRUCT(nrf); nrf.version = 1; nrf.ctr.ctr1 = *ar->objs->source_dsa; - /* and fix some values... */ - nrf.ctr.ctr1.consecutive_sync_failures = 0; - nrf.ctr.ctr1.last_success = now; - nrf.ctr.ctr1.last_attempt = now; - nrf.ctr.ctr1.result_last_attempt = WERR_OK; nrf.ctr.ctr1.highwatermark.highest_usn = nrf.ctr.ctr1.highwatermark.tmp_highest_usn; /* diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h index 3932378..06806d2 100644 --- a/source4/heimdal/base/baselocl.h +++ b/source4/heimdal/base/baselocl.h @@ -50,7 +50,14 @@ #include <dispatch/dispatch.h> #endif -#ifdef __GNUC__ +#if HEIM_BASE_NON_ATOMIC +/* non-atomic varients */ +#define heim_base_atomic_inc(x) ++(*(x)) +#define heim_base_atomic_dec(x) --(*(x)) +#define heim_base_atomic_type unsigned int +#define heim_base_atomic_max UINT_MAX + +#elif defined(__GNUC__) #define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1) #define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1) #define heim_base_atomic_type unsigned int diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8ec3a65..0e8fbe8 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -263,6 +263,10 @@ send_error_token(OM_uint32 *minor_status, krb5_principal ap_req_server = NULL; krb5_error_code ret; krb5_data outbuf; + /* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which + tells windows to try again with the corrected timestamp. See + [MS-KILE] 2.2.1 KERB-ERROR-DATA */ + krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") }; /* build server from request if the acceptor had not selected one */ if (server == NULL) { @@ -285,7 +289,7 @@ send_error_token(OM_uint32 *minor_status, server = ap_req_server; } - ret = krb5_mk_error(context, kret, NULL, NULL, NULL, + ret = krb5_mk_error(context, kret, NULL, &e_data, NULL, server, NULL, NULL, &outbuf); if (ap_req_server) krb5_free_principal(context, ap_req_server); diff --git a/source4/heimdal_build/config.h b/source4/heimdal_build/config.h index 71ef3e9..0fdb292 100644 --- a/source4/heimdal_build/config.h +++ b/source4/heimdal_build/config.h @@ -43,4 +43,7 @@ #define LIBINTL #endif +/* heimdal now wants some atomic ops - ask for the non-atomic ones for Samba */ +#define HEIM_BASE_NON_ATOMIC 1 + #endif diff --git a/source4/include/includes.h b/source4/include/includes.h index 796e313..d0a9702 100644 --- a/source4/include/includes.h +++ b/source4/include/includes.h @@ -38,7 +38,7 @@ to include --with-developer since too many systems still have comflicts with their header files (e.g. IRIX 6.4) */ -#if !defined(__cplusplus) && defined(DEVELOPER) +#if !defined(__cplusplus) && defined(DEVELOPER) && defined(__linux__) #define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 9911c6a..1b5bc3e 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -259,11 +259,13 @@ def call_nsupdate(d): try: cmd = "%s %s" % (nsupdate_cmd, tmpfile) subprocess.check_call(cmd, shell=True) - except subprocess.CalledProcessError: + except Exception, estr: global error_count if opts.fail_immediately: -- Samba Shared Repository