IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.
Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
We need to check the SD of the parent if we rename, it is not the same as an incoming SD change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY()
This allows us to be much more consistent (at least in the core Samba)
and documents clearly why the binary should not be installed.
Not modified are
- test_lp_load
- notifyd-tests
- gendrandperf
- test* from examples/libsmbclient
- dbwrap_torture
- split_tokens
- locktest2
- msgtest
- msg_sink
- msg_source
- versiontest
- rpc_open_tcp
- test_headers
As these are not tested in selftest so any change would also be
untested. Of course they probably should be added in a different
MR.
Also not modified (because they are not tests, nor part of the
build system) are:
- smb2mount
- notifydd
- log2pacp
- debug2html
- smbfilter
- destroy_netlogon_creds_cli
- spotlight2*
- tevent_glib_tracker
These do however appear to be untested.
For now, the source4 forked client tools are left unchanged:
- smbclient4
- nmblookup4
Finally, the heimdal binaries are left as install=False as
they are either part of the build system or end-user tools
that we just don't want to install. These are however tested.
The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309
and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally
correct but are not needed if the selftest is not run on MacOS.
There are likely other platforms or build environments where building
our test binaries is more pain than valuable, see for example also
https://lists.samba.org/archive/samba/2019-November/227137.html
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 31 23:29:15 UTC 2019 on sn-devel-184
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
RN: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
This call does not use the context argument so no additional parameter is needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 18 10:58:45 UTC 2019 on sn-devel-184
This call does not use the context argument so no additional parameter is needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
This was an idea about how Samba might have worked if passwords were
not safe to be stored in a remote DB (get some kind of LDAP backend).
Nothing ever used this, but it was a nice idea. But git master is not
the place to preserve history, even interesting ideas like splitting
passwords from the non-password data (possible because, in the same way
we are allowed to encrypt them, we do not allow a search on password
values).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This became unused with 2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea that
removed the last of the support for the LDAP Backend
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
These were for the now removed OpenLDAP backend. Any future work in this area will
not involve this kind of translation, it will be done much more cleanly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 30 09:50:25 UTC 2019 on sn-devel-184
This simplifies the code considerably. A real attempt at an LDAP backend would need to implement this
module in a similar way to LDB.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
version is detected that will be used and Samba crypto wont be
available.
This removes the dual-stack mode that encrypted with one and decrypted
with the other in the testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Commit message clarified by Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
My FreeBSD install does not have __compar_fn_t. libreplace has the
QSORT_CAST for systems that do.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Try to make clear what is being done here, we are trying to count the partitions so that
we can then walk them in reverse.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 31 04:08:48 UTC 2019 on sn-devel-184
In replmd_replicated_handle_rename().
The helper function was introduced two commits ago and consists of
a large common stretch of this and the function modified in the previous
commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 24 11:21:50 UTC 2019 on sn-devel-184
In replmd_op_possible_conflict_callback().
The helper function was introduced in the previous commit and consists
of a large common stretch of this and replmd_replicated_handle_rename().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We currently do exactly this work, in exactly these words (ignoring
formatting) in two different places. The next two commits will make
those places use this helper function. We do this over three commits
so that we can more easily compare the next two and be sure they are
doing the same thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Unlock partition databases in the reverse order from which they were
acquired. This is separated from the previous commit for future
bisecting purposes, since the last commit was made to fix specific CI
failures, while this one is a speculative fix made based on code
inspection.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A schema reading bug was traced to a lock ordering issue in partition.c.
This patch fixes the problem by:
1. Releasing locks/transactions in the order they were acquired.
2. Always lock/start_trans on metadata.tdb first, before any other
databases, and release it last, after all others. This is so that we are
never exposed to MDB's lock semantics, which we don't support.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Don't call ldb_ldif_message_redacted_string when linked_attr_modify
fails. When joining a large domain this takes way to much time, in excess of 3
hours for a join on a 200k domain.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 9 03:03:25 UTC 2019 on sn-devel-184
Pass the ldb options into ldb_module_connect_backend, to ensure ldb
options such as "batch mode" and "transaction index cache size" get passed
through to the backend modules.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A 2003 AD DB with functional level set to >= 2008 was non-functional
due to the PSO checks.
We already check the functional level is >= 2008 before checking for the
PSO container. However, users could change their functional level
without ensuring their DB conforms to the corresponding base schema.
The objectclass DSDB module should prevent the PSO container from ever
being deleted. So the only way we should be able to hit this case is
through upgrading the functional level (but not the underlying schema
objects). If so, log a low-priority message and continue without errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14008
RN: Previously, AD operations such as user authentication could fail
completely with the message 'Error 32 determining PSOs in system' logged
on the samba server. This problem would only affect a domain that was
created using a pre-2008 AD base schema and then had its functional
level manually raised to 2008 or greater. This issue has now been
resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
