IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Remove the unique constraint on the objectSID index, and enable the
unique_object_sids module.
This allows duplicate objectSIDs on foreign security principals, and
disallows duplicates for local objectSIDs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This is normally called with a transaction or before access is shared.
The python code and some tests may also cause an issue, but as these are
fixed at runtime, this is only a temporary issue that resolves itself.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In schema_load_init, we find that the writing of indices is not locked
in any way. This leads to race conditions. To resolve this, we need to
have a new state (SCHEMA_COMPARE) which can report to the caller that we
need to open a transaction to write the indices.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Confusing these two concepts is not a good idea, SAMDB_INDEXING_VERSION refers to
a change in a Samba rule to canonicalise one of our attributes, not the
in-DB index format.
As we already change @INDEXLIST in this version, this commit
is at no extra cost.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is optional, but only to aid the downgrade script (and in case
there is some major issue found with it). We don't support that mode,
as that would require us to test and maintain multiple code paths and
not optimise queries to be GUID centric.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Commit ec9b1e881c3eef503d6b4b311594113acf7d47d8 did not fully fix this.
There is no value in using dsdb_replace(), we are under the read lock
and replace just confuses things further.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.
New databases will still get this support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The ldb context keeps a talloc_reference to this also, so the long-live allocation
context can be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated
values, not the difference, and let the ldb layer work it out under the
transaction lock.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows Samba to provide a binary tree lookup for the existance of an index on the attribute
rather than the O(n) lookup that was being done for each attribute during a search or modify
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Instead, write it once in the module init, if required, and after a
modify to the schema partition is detected
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This appears quite expensive (particularly in provision), and also
unnecessary.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 10 15:34:39 CET 2017 on sn-devel-144
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Because @INDEXLIST is rewritten by all Samba versions, we can detect
that we have opened the database with an older version that does not
support the feature flags by the absense of this in @INDEXLIST
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The LDB code performs better when the required attributes are listed, even when it is almost
all the attributes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
dsdb_create_prefix_mapping() should be the only place that calls
dsdb_schema_pfm_make_attid().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We allow a hint for the id from the remote prefix map.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids confusion when reading the talloc dump from a ldb context that has
been the target of replication, as the dsdb_schema_copy_shallow() memory was
still around, if unused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
It's perfectly valid to replicate from a partner with an older schema
version, otherwise schema changes would block any other replication
until every dc in the forest has the schema changes.
The avoids an endless loop trying to get schema in sync with the partner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will simplify the schema checking in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We now refresh it once the schema changes, so that replication can
proceed right away. We use the sequence number in the metadata.tdb.
The previous commit added a cache for this value, protected by
tdb_seqnum().
metadata.tdb is now opened at startup to provide this support.
Note that while still supported, schemaUpdateNow is essentially rudundent:
instead, to ensure we increment the sequence number correctly, we unify that check
into repl_meta_data at the transaction close.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This avoids a segfault when we remove the duplication of this value from dsdb_convert_object_ex()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We were calling str_list_length(new_attrs) three times when one is
enough.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The key here is that while this never was an issue for builtin schema,
nor for objects with an msDS-IntID used outside the schema partition,
additional attributes added and used in the schema partition were
incorrectly using the wrong attributeID value in the replPropertyMetaData.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11783
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Mar 13 23:29:14 CET 2016 on sn-devel-144
The sort order for this function is more expected than the sort order for
ldb_comparsion_binary()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means we continue to store the values as given on SAMR, assuming
that the SAMR buffer is little endian. The syntax for this specific
object is forced to be a binary blob, so that it is not converted on
DRSUAPI.
This commit does not fix existing databases, nor pdb_samba_dsdb (used
by classicupgrade).
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Change-Id: I10bb6aaecc381194e3c0ce6b9163f961acbdcee1
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
What we now do is have the refresh function and module be on a
seperate object to the schema, only referring to the data and
not excuting on the original ldb and event loop.
That is, we never use another ldb context when calling the
refresh function, by binding the refresh handler to the
ldb and not the schema.
Andrew Bartlett
Change-Id: I5c323dda743cf5858badd01147fda6227599bc16
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Note that this doesn't fix the userParameters problem
completely, but it doesn't truncate the userParameters value
anymore.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 11 11:40:39 CEST 2013 on sn-devel-104
When a class or an attribute is replicated it might already exists in
the existing schema, so while replicating the new version of this object
we want to get rid of the old version of the object is the current
validating schema so that we don't end up having duplicates.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 reverted the change
of commit c2853f55fc603d4875bb1e50a1cbf409df0421ea.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic to populate possible inferriors and system possible inferriors
is the same so instead of looping twice we do both attributes (depending
on the type of the class) in the same loop
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to work out why we are unable to make a mapping for an OID in our database, because
we should not have been able to add it without such a mapping.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Otherwise callers like dsdb_schema_copy_shallow() will corrupt the
talloc hierarchie.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
