IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: I10357236108f68ab749ba0e1f07558302c573887
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This attempts to permit deletion of objects that have no objectClass
to allow dbcheck to clean up a corrupt database. It is not complete,
the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still
fail, but this is as much as is safe to do without a way to replicate
the original issue.
Andrew Bartlett
Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We must have these two elements in a replPropertyMetaData for it to be
valid.
We may have to relax this for new partition creation, but for now we
want to find and isolate the database corruption.
The printing of the LDIF is moved above the checks to make it easier
to diagnoise the failures when further reproduced.
Based initially on a patch originally by Arvid Requate <requate@univention.de>
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25
Reviewed-on: https://gerrit.samba.org/164
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
enum is an int, and therefore signed. Some attributes have the high bit set.
Andrew Bartlett
Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-on: https://gerrit.samba.org/163
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
According to MS-ADTS section 3.1.1.5.5.1.1 the searchFlags must be
checked.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 6 21:42:22 CET 2014 on sn-devel-104
This code no longer needs to handle not renaming Deleted Objects
during a re-delete, because it is no longer called in that case.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We need to ensure we do not re-delete the Deleted Objects DN during replication.
It itself not entirely a deleted object, but has isDeleted set.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This can happen if we do not find the invocationID, with later patches.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We now correctly ignore the link updates if the source or target is
deleted locally.
This fixes the long-standing failure in the vampire_dc dbcheck test.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
When an object is deleted, the links to be removed are not propogated,
you have to watch out for them manually!
We do this by calling back into the originating update delete code (ie
what is called if you ldb_delete() locally) so that any extra
attribute found locally and not on the remote server becomes removed
remotely too.
We currently do the same with links, but that isn't strictly correct,
but for now our getNCChanges server code filters these out, so only
the usn is bumped.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This makes the code easier to read.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 13 11:15:01 CEST 2013 on sn-devel-104
This handles deletions and replacements with no value, or with an
exactly specified value, as well as modifies.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This reverts commit d799b25dd3ed0f72ee03949225ba241c5538d7d6.
Sometimes the schema just isn't right. A segfault is not the correct
answer in those cases.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 28 18:11:00 CEST 2013 on sn-devel-104
We should not do any magic regarding the highwatermark we got from
the source dsa. We need to treat it as opaque and not try to be smart
and merge it into the uptodatevector.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The propagation of nTSecurityDescriptor doesn't change the
replProperyMetaData.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
In all callers, we must already have a attributeID for each of the
values or else we would have already given an error, or could not have
obtained the message over DRS.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104
Previously we would only consider renaming the local object, now we can cope with
renaming the remote object as well.
This should avoid most of the cases where Samba AD replication can just stop.
Andrew Bartlett
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.
Andrew Bartlett
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.
Andrew Bartlett
This allows the parent to be renmaed while a new object is added on another replica.
This rename may also be a delete, in which case we must move it to lostandfound.
Andrew Bartlett
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
"unix_to_nt_time()" which is based on "time_t" behaves differently for
literals > 32 bit on 32 and 64 bit platforms.
Reviewed-by: ekacnet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
