IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is based on various patches by Stefan Metzmacher in the patch set for
the Heimdal upgrade.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
If we have all the right -Wno-error flags then we can enable warnings
more generally, otherwise just set -Wno-strict-overflow (if available)
Adapted from patches by Stefan Metzmacher <metze@samba.org> in his
branch to update Heimdal.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 15 19:02:18 UTC 2021 on sn-devel-184
cli_errno() calls far too many trivial but subtle functions, all
referencing cli->raw_status. This might be the first step towards
getting rid of that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In the "num_users==0" case (previously just return NULL) we depended
on errno==0 implicitly. When list_sessions() above in this routine had
to open smbXsrv_session_global, it could however happen that errno was
set. If then there were no users, get_domain_userlist() returned NULL
with errno set, which the callers interpreted then as a real error.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
socket_wrapper can't do EADDRINUSE because unix domain sockets don't
do it.
This currently works correctly because right now all RPC servers
either use explicit ports or all listen on the same socket.
The new code uses a static variable, so it only helps if a single
process listens for multiple RPC sockets. It won't work if multiple
processes start listening. But in case samba-dcerpcd goes in this will
be exactly the right thing to do.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. We already pass this, but this test will ensure
we continue to do so as we make fileserver changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jun 15 11:06:23 UTC 2021 on sn-devel-184
Add an option to smb.conf to list authorized zone transfer clients.
Implement restriction in dlz_bind9 module to allow transfers only to selected IPs.
Deny zone transfer by default in dlz_bind9.
Adds test for the restriction in DNZ zone transfer clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9634
Signed-off-by: Julien ROPÉ <jrope@linagora.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 11 19:28:10 UTC 2021 on sn-devel-184
Caller is still using this !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14736
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Jun 11 10:17:46 UTC 2021 on sn-devel-184
as the sys_acl_set_fd_fn definition for vxfs_sys_acl_set_fd is ifdef'ed
out we also need ifdef out the vxfs_sys_acl_set_fd implementation itself
otherwise we get the following error.
source3/modules/vfs_vxfs.c:484:12: error: ‘vxfs_sys_acl_set_fd’ defined but not used [-Werror=unused-function]
static int vxfs_sys_acl_set_fd(vfs_handle_struct *handle,
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is an inconsequential cosmetic change, it just caught my eye
as looking a bit out of place compared to the surrounding code style.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
smb_fname is unused and we can get conn from the fsp passed in
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Next commit can remove smb_name param from dos_mode_post
signature.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This incorporates tests from various dns*.py files, but makes them
correct.
All but one of these tests pass against Windows 2012r2.
Further patches will remove the broken tests in other files, and fix
Samba so it passes these.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 11 09:29:23 UTC 2021 on sn-devel-184
We *always* make these steps when we get a record.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We don't support it really, and if we did there is no sense in which
it could be updated, which is the context in which this function is
used.
(modern HINFO returns the constant string "RFC8482". See RFC 8482).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be needed by the RPC server. Other callers already filter
out tombstones, so this is OK.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We have had three nearly identical functions called
dns_record[s]_match. This patch merges two of them, attempting to keep
the good bits and not the bugs.
That means:
1. We use the AAAA match from dlz, which is agnostic to all the
billions of ways you can write the same IPv6 address (case sensitivity
is just the beginning).
2. We lean more on the TXT match from dns_utils, because the dlz used
a weird bitwise &= operator, but we adjust to exit early.
3. Keep HINFO from dlz (for now).
4. Use the dns_name_equal() that was already in dns_common, which was
used by dlz. dns_utils had a strange one that probably did the same
thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This log message will never be seen. We know because:
1. Always (two places) we are comparing an incoming record against a
database record.
2. The incoming record has come from b9_parse(), which makes the same
check.
3. If the database record is bad, we will never get here because the
first check is b9_record_match() is
if (rec1->wType != rec2->wType) {
return false;
}
and rec1->wType is not going to equal the corrupt database record's
wType, because point 2.
OK, but why? So we can shift this into dnsserver_common.c, because
the internal dns server has an inferior record_match() and it could do
with sharing this one.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
subunithelper.py keeps track of tests that have been started, and
displays an error message if a test reports an outcome without having
previously been started. However, it makes the assumption that a test
has finished once it has reported a single outcome. This means that a
misleading error message will be displayed if it receives multiple
outcomes from the same test (which can happen if a test using the Python
unittest framework does not complete successfully, and the cleanup
subsequently fails), and any actual errors from the cleanup remain
undisplayed.
This commit ensures that only a single outcome is reported for each
test, and only after the test has finished. Outcomes are buffered up
until the stopTest() function is called, when a single outcome is
determined and all errors received for that test are output.
FilterOps still needs to output test outcomes immediately rather than
buffering them, otherwise they are never picked up and passed on to the
remote test case by subunithelper.parse_results(). This would result in
an error as the test would be considered to have never finished.
Example subunitrun output before the change:
time: 2021-04-28 01:28:49.862123Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:28:49.862215Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862407Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862467Z
time: 2021-04-28 01:28:49.862510Z
and after:
time: 2021-04-28 01:29:19.949347Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:29:19.949440Z
time: 2021-04-28 01:29:19.949590Z
time: 2021-04-28 01:29:19.949640Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:29:19.949702Z
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This functionality is already present in the Python unittest framework,
and so is not necessary to include here.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Not specifying a reason means addSkip() is passed an empty string rather
than None. As a result, this condition was never hit, and the call to
_addOutcome() had an incorrect parameter.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reduce the length of some lines to 79 characters or less.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 11 08:28:28 UTC 2021 on sn-devel-184
This function provides a simpler method of getting the bounds of the
range of RIDs we want to check. We also now check that the low bound is
less than the high bound for both rIDAllocationPool and
rIDPreviousAllocationPool.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
To allow the new DC object to be created in a restored domain while
avoiding conflicts with existing SIDS, we fetch a SID that is available
at the time of backing up and store it in the backed-up database.
However, if a new security principal is created on this DC during the
backup process, the stored SID may be reused for that object, resulting
in an error on restoration.
By getting the SID for restore only after all the database files have
been backed up, we ensure that the chosen SID does not conflict with any
objects in the backed-up database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Previously, if either of the rIDPreviousAllocation and rIDNextRID
attributes were not present in a RID Set, the first RID in
rIDAllocationPool was skipped over when determining their values.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This means we won't get errors if the DC doesn't have a rIDNextRID
attribute, but we will still error if there is no RID Set or if all its
pools are exhausted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
If used to generate SIDs for objects, care should be taken, as the
possibility for having duplicate objectSIDs can arise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This currently fails due to the DC not having a rIDNextRID attribute,
which is required for the restore process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The previous code would only work for the first rid set ever given to a DC
because the names are so misleading.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13632
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
During the restore process, we use make_smbconf() to create a new
smb.conf file with the default paths. The default location for 'state
directory' is 'state', but we currently rename this directory to
'statedir' on backing up, so it will end up pointing to a non-existent
directory. This commit ensures the names are consistent.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This helps to avoid a warning 'vfs objects specified without required AD
DC module'.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The RID Set of the newly created DC account has all its values
initialised to zero. If the rIDUsedPool attribute was previously
non-zero, then the restore process will cause its value to change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This condition probably meant to check the argument of the most recently
thrown exception, rather than the previous one again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Without doing this, the upgrade process can fail if the directory is not
present, e.g. after restoring from an offline backup (which specifically
ignores this directory).
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
