IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ctdb_protocol.h was modified to update default capabilities without
corresponding changes in protocol.h.
(Patch dfc84fdd45)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Since the --gettext-location command-line option has no effect, the misleading
code is removed. The samba functions ADD_CFLAGS must also be used in the future
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 27 03:34:28 CET 2015 on sn-devel-104
Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 26 08:17:47 CET 2015 on sn-devel-104
This will let us test demoting a DC from a multi-DC network
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This test sometimes succeeds, depending on the build environment.
(Corrects earlier patch to also remove from knownfail)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This would help remove a DC that is a conflict record, for example
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This object is not in standard AD, but Marc Muehlfeld
correctly notes that Samba creates it for BIND9_DLZ
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We search the in-directory DNS records for entries that point to the
name or IP that the dead DC was using, and remove them
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This allows us to find a DNS record by searching LDB and unpacking the dnsRecord
but replace the record using the common code that will create a tombstone
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is done primarilly to set the pattern that we should manipulate ldb.Dn values
with the helper routines, not just by concatonation via format strings.
We also restrict our exception hadling to only the expected errors, not
all errors.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The previous code missed the CN=DFSR-GlobalSettings children and did
not cope with subdomains. The root DN may not be the domain DN if
we are a subdomain.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
When not looking for tombstones, a record without a dnsRecord value may as
well not be present, so just return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This ensures that a different server is the one being demoted from the local database
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This avoids needing to run the demote on the main replicated DB
of the selftest system
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is unused because we have already provided a database via import_ldif
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
On an RODC the local database cannot be modified, and the flags to remove
are different, we need instead to remove UF_PARTIAL_SECRETS_ACCOUNT.
If we are in a subdomain, then db.get_root_basedn() points to the
forest root, not the root of our domain
If the removeDsServer() fails with WERR_DS_DRA_NO_REPLICA
this may be reasonably considered to be success in this case.
Finally, the remove_dc.remove_sysvol_references() is reused
for objects not under the computer account.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
domain demote
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The new version of this tool now can remove another DC that is
itself offline. The --remove-other-dead-server removes
as many references to the DC as possible.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This will allow a python module to be written to modify DNS entries in sam.ldb directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This fixes add_base(), add_child() and is_child_of().
This removes a toally incorrect cast of struct ldb_dn to struct ldb_context.
A helper routine is used instead
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Previously this would only be set when we did server-to-server replication
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This allows the creation of domain clones that have no secrets,
and so make it safer to examine databases that demonstrate issues
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
This asserts that this is the case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This command makes a clone of an existing AD Domain, but does not
join the domain. This allows us to test if the join would work
without adding objects to the target DC.
The server password will need to be reset for the clone to
be any use, see the source4/scripting/devel/chgtdcpass
(Based on patches written with Garming Sam)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is not what Windows server does, but it seems that Windows
clients expect. Windows->Windows never runs into this issue, because
an encryption-enabled SMB3 connection will always use leases, and lease
breaks *are* unencrypted...
You can reproduce the issue Windows->Windows by disabling leases on the
Windows server. Disable leases using the registry key:
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\DisableLeasing
Dochelp confirmed that this is a valid workaround for Windows clients
dropping encrypted oplock breaks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11570
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 05:01:32 CEST 2015 on sn-devel-104
getquota_rslt structure from rquota.h defines the enum
named status whose values start from 1. But in quotas.c
we have an invalid check for status 0. This change is
to remove that particular switch case.
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 01:31:21 CEST 2015 on sn-devel-104
We also confirm that such builds do not contain the NTVFS file server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We now only build it by default with --enable-sefltest, or otherwise
if requested.
The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is deprecated. For many commands it doesn't make sense. Instead
of "ctdb ip -n all" use "ctdb ip all".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>