IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should avoid per connection tevent_contexts,
the one per libnet_context isn't much better, but a start.
Note the pointers have the same value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We use cli_credentials_get_netlogon_creds() which returns the same value.
dcerpc_schannel_creds() is a layer violation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
Pair-Programmed-With: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 23 14:18:03 CEST 2013 on sn-devel-104
Replicated schema might have attributes and auxilary classes on some
critical classes (ie. top, user, computer ) that are not in the bootstrap
schema. Without those new attributes and classes, bootstrap schema is
unable to translate those critical classes in the schema constructed
from the replicated data. Without thoses classes new schema is useless
and can't be indexed properly.
In order to overcome this problem, we put all new attributes and classes
definitions into the bootstrap schema so that foundations classes can be
translated.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of showing:
Partition[CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com]
objects[1] linked_values[8]
Report a exop based on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com
as
Exop on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com, ...
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed Jan 9 09:01:30 CET 2013 on sn-devel-104
At that moment we have all the information to set the invocation id so
let's set it, it will avoid useless messages about missing invocation
id.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
These are only needed for as long as the call, and should be children of the
private context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
This hopefully fixes the flakey autobuild.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr 24 16:43:03 CEST 2012 on sn-devel-104
These instances should not cause a problem, but make it easier to audit for
this kind of problem in the future with grep.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
This meant that we would attempt to query the user that we could not open.
This is a mirror of 4ba1647d5db59e5bb4911c399111e9286aac1a8e.
Andrew Bartlett
The issue was that after the LookupNames call indicated that this was
not a group, the call paths diverged, with both sucess and failure
paths running.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Apr 12 15:23:19 CEST 2012 on sn-devel-104
The NULL pointer dereference from talloc_get_type() might be free, but the
information on the actual and expected types from talloc_get_type_abort()
is priceless! :-)
Andrew Bartlett
Windows dcpromo do the same: getncchanges with DRS_GET_ANC and
DRS_CRITICAL_ONLY, then it does a getncchanges without those flags for
the rest.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.
To use, add to your krb5.conf
[kdc]
database = {
dbname = samba4:
}
or
[kdc]
database = {
dbname = samba4:/usr/local/samba/etc/smb.conf
}
And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.
Based on a request by Gémes Géza <geza@kzsdabas.hu>
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.
Andrew Bartlett
libnet_Join conflicts with a function in the source3 netapi of the
same name, and the ability to join as a DC via this particular method
is unused.
Andrew Bartlett
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).
Reviewed by: Tridge
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Working schema cache will be used to convert replicated Schema objects
again later, i.e. used as reference, so we don't need to resolve all
attribute OIDs for working Schema cache to be usable.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Mar 1 03:45:16 CET 2011 on sn-devel-104
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
These calls can be substituted by "ldb_msg_add_string" without any problems -
only the allocation contexts of the SPNs and the DNS hostnames have to adapted.
many of the internal libnet interfaces use the short domain name,
which leads to unreliable NBT lookups. If we are trying to look for
our workgroup, then look for our DNS domain instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 27 03:47:52 CET 2010 on sn-devel-104
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
This reverts commit 8a2ce5c47c.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This includes dom_sid.h and security_token.h and will be moved
to the top level shortly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
There is a beter implementation of this in Samba3, and this uses
functions in the credentials code that I want to remove.
The same functionality is available by running 'net samsync' and
'net export keytab'. This isn't a DRS-backed utility, it only
used netlogon replication.
Andrew Bartlett
this prevents conflicts with old generated files and we can only even
return one DC with this interface.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
these calls allow python code to pass chunks from DRS replication
calls into the code that applies the chunks to a database
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
libnet_Replicate() will do just the replication portion of
libnet_Vampire(). This will be used by the RODC join, where the join
part of the operation happens in python, and behaves quite differently
to the libnet_Join() code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
We don't support many of the extra features, but that applies across many
other parts of AD. Allow the admin to join a 2008R2 domain if he or she wants.
This also makes it possible to test 2008R2 domain code in 'make test'
Andrew Bartlett
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
This seems like a lot of duplicate work, but by the end we should
have, in normal LDB format, the remote DRS schema, having bootstrapped
it with the locally loaded schema.
The multiple steps are to resolve the problems with references to
schema items that we don't 'yet' know about.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
This allows the prefixMap from a DRS server to be used when loading
the schema from the local files. This helps us then import other
schema with this map in place.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
We need to use the remote prefix map for the provision schema, or else
we can't decode new, non-standard attributes into OIDs. Then once we
decode that schema, we can try again and get them properly translated.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
The change here is to try and convert a per the previous rules, but if
we don't know a particular OID as a attributeID, then store it as an
OID (for example). This allows known values to be converted as
before, but still copes with unknown values.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
This works on the assumption that the schema partition can only
contain schema objects.
We may need to pass down some kind of 'relax' to the DRS -> LDB
conversion code, so that it allows incomplete conversions, so that we
don't fail if a new attribute is present, and we can't decode it.
This would then be resolved the second time we do the conversion.
Andrew Bartlett
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
