IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
So instead of running dreplsrv_periodic_schedule when receiving a
DRS_REPLICA_SYNC request which will force the DC to look for changes
with all the DC it usually replicate to, we reduce it to the DC
specified in the DRS_REPLICA_SYNC request. It will allow also to do have the
correct options as set by the client who send the DRS_REPLICA_SYNC.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Without this change objectclass=["top", "classSchema", "Foobar"] will
not be sorted correctly and will generated an error saying that class
Foobar is unreleated to classSchema (which is not true). It's mimicing what
other classes of the default schema are doing (ie. contact)
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 14 07:07:19 CEST 2013 on sn-devel-104
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 9 08:05:12 CEST 2013 on sn-devel-104
This is to create IDL-stored NFSv4 ACLs, just as we use for posix ACLs
to permit better testing.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Tue May 7 19:45:36 CEST 2013 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sat Apr 27 18:09:37 CEST 2013 on sn-devel-104
If open fails ctemp.out.name probably won't be valid and strdup
will cause a segv. Only set the path if open succeeds.
Signed-off-by: Sam Lang <sam.lang@inktank.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 24 23:58:44 CEST 2013 on sn-devel-104
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 19 13:15:40 CEST 2013 on sn-devel-104
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Apr 18 15:10:31 CEST 2013 on sn-devel-104
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 16 00:46:54 CEST 2013 on sn-devel-104
I missed this one, also a wrong compare of MX vs. SRV record
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Apr 14 22:43:07 CEST 2013 on sn-devel-104
Only matching UNION-members should be compared. MX vs. SRV record
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Apr 14 08:46:07 CEST 2013 on sn-devel-104
This makes the code use dbwrap_local_open(), so it can handle
NTDB.
brlock.tdb, notify.tdb and openfiles.tdb can now be brlock.ntdb,
notify.ntdb and openfiles.ntdb, if 'use ntdb' is set.
Cc: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 06:06:03 CEST 2013 on sn-devel-104
Use existing unmarshall and set helper functions. This allows the
smb2.setinfo.setinfo test to run against the ntvfs file server.
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 3 16:14:33 CEST 2013 on sn-devel-104
Zero length EA's only delete an EA, never store. Proves we should
never return zero-length EA's even if they have been set on the
POSIX side.
ntvfs server doesn't implement the FULL_EA_INFORMATION setinfo
call, so add to selftest/knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
This avoids the need to fix it up again in samba_upgradedns.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.
Andrew Bartlett
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 20 21:53:20 CET 2013 on sn-devel-104
This tool is an important part of the toolkit a Samba Team member can
use to assist a user with the upgrade of a very old Samba 4.0 AD DC
installation.
However, like all powerful tools, it has sharp edges, and these need
to have more protection added before we recommend the tool be used.
The WHATSNEW already indicated that this tool should not be used but a
large number of users have run it, and due to lack of testing in the
past, some have run into bugs.
While this tool can be run in debug modes, by default it simply fixes
the database following a series of internal rule. This does a good
job much of the time, but does not request permission in the way that
dbcheck does, and will create extra objects for things like the DNS
partitions.
By removing this from the installed binaries, we provide another
signal that it should not be used right now, until these matters are
fixed and some clear documentation on how to safely use the tool can
be written.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Mar 12 02:51:23 CET 2013 on sn-devel-104
We saw this issue in a customer environment with many CNF objects. I
wasn't able to reproduce it, but I got the following core dump:
(gdb) directory samba4-4.0.0~rc6/source4/dns_server/
Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd
(gdb) bt
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
#1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", dbdata=0x9648e48, lookup=0xb6db7588) at ../source4/dns_server/dlz_bind9.c:875
#2 0x080b43d8 in dlopen_dlz_lookup ()
#3 0xb7701755 in findnode () from /usr/lib/libdns.so.81
#4 0xb7701d22 in find () from /usr/lib/libdns.so.81
#5 0xb7639e5f in dns_db_find () from /usr/lib/libdns.so.81
#6 0x08075476 in query_find ()
#7 0x0807acb9 in ns_query_start ()
#8 0x08060712 in client_request ()
#9 0xb743022b in run () from /usr/lib/libisc.so.81
#10 0xb7216955 in start_thread () from /lib/i686/cmov/libpthread.so.0
#11 0xb706c1de in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
830 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
(gdb) p res->msgs
$1 = (struct ldb_message **) 0x0
(gdb) p res->count
$2 = 0
(gdb)
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
This ensures that should we be unable to increase the socket size, we return an
error that the application layer above might expect and be able to make
as reasonable response to (such as switching to a stream-based transport).
This fixes up c692bb02b0.
As suggested by metze in https://bugzilla.samba.org/show_bug.cgi?id=9697#c4
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
SD propogation is handled by an LDB module, we do not need to touch each
and every DN to make it happen.
Now that we do not need to put this via a hash, the dnToRecalculate
list is changed to be a list of Dn objects, not strings so that:
if dn in listWellknown
is handled using a schema comparison (avoiding different case forms
tripping it up).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
I am unclear on why this was added, but the idea that we ever always reset data
in the directory is not reasonable to me, so I am removing it.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lastProvisionUSNs is never None, instead the code requries the administrator to populate this
attribute in the directory.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These are incredibly rare, and administrators running such databases
not only ask the Samba Team for help personally, they can read --help.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
On some systems (eg, FreeBSD) the default SO_SNDBUF for UNIX
domain sockets is to small, and EMSGSIZE is returned. Other
systems provide a larger default send buffer, but there is
still no guarantee that the buffer will be sized appropriately.
This patch modifies the sendto() path to attempt to resize
the SO_SNDBUF dynamically upon an EMSGSIZE failure, and then
retry the send.
This fixes local DCE/RPC errors on FreeBSD, eg:
https://lists.samba.org/archive/samba-technical/2013-January/089881.html
Signed-Off-By: Landon Fuller <landonf@bikemonkey.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 23:34:03 CET 2013 on sn-devel-104
This has been superceded by a check for link-local
addresses in get_interfaces()
Signed-Off-By: Landon Fuller <landonf@bikemonkey.org>
Reviewed-By: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 08:38:54 CET 2013 on sn-devel-104
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 28 03:54:41 CET 2013 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 27 05:44:39 CET 2013 on sn-devel-104
This is an unusual SD, but it does exist is some very old upgraded databases.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 22 11:06:17 CET 2013 on sn-devel-104
Since we open with dbwrap, it auto-converts old tdbs (which it will
rename to secrets.tdb.bak once it's done).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
This is really important, because copying a file will both ignore
locks held by another process and break any locks we hold (due to
POSIX brain-damage regarding multiple fds on one file in a process).
By leaving this to tdbbackup in a child, both of these issues are avoided.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104
This update was only a total oblitoration of the existing database
and not a merge, and the shutil.copy would both disregard and break
locks on the database that are held at this point.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
samba-tool ntacl sysvolreset handles this better, and makes this tool
much less confusing internally.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Feb 17 11:25:34 CET 2013 on sn-devel-104
On Linux, non-RFC 1034-complaint names (such as gc._msdsc.example.org)
will result in the resolver returning the non-POSIX EAI_NODATA. In that
case, the case statement here would fall back on the internal resolver,
allowing resolution to complete successfully.
On FreeBSD, the libc resolver uses the same validation code, but
the POSIX result of EAI_FAIL is returned instead of EAI_NODATA. Since
there was no case for this error code, no fallback to the internal
resolver would occur. This led to replication failing on FreeBSD.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Feb 17 07:06:36 CET 2013 on sn-devel-104
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 15 07:09:59 CET 2013 on sn-devel-104
libcmdline-credentials.so needs samba_getpass() from libsamba-util.so,
so we need to link against it.
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 14 16:56:29 CET 2013 on sn-devel-104
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Feb 13 08:03:21 CET 2013 on sn-devel-104
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 12 07:28:27 CET 2013 on sn-devel-104
Instead of doing ldb_in_list size(operational_remove) * (attrs_user +
attr_searched) * number of entries times to get the list of attributes to remove we construct this
list before the search and then use it for every entries.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Feb 4 18:54:32 CET 2013 on sn-devel-104
this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Thu Jan 31 03:53:55 CET 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 27 15:50:30 CET 2013 on sn-devel-104
Unix domain socket are limited to 104 characters on Linux.
Using something like this fails as it uses more than 104 characters:
'/memdisk/autobuild/flakey/b232141/samba/bin/ab/promoted_vampire_dc/private/smbd.tmp/msg/msg.482379.2147483647'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ensures that upgradeprovision works as expected on a known good old database.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend
and fix errors in the ForestDnsZone and DomainDnsZone partitions.
Note: this should work fine also for SAMBA_INTERNAL.
If the current setup doesn't use dns specific partitions (e.g. alpha13 setups)
we pass dns_backend=BIND9_FLATFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we have a DomainDnsZone partition:
- we use BIND9_DLZ as backend if a dns-<netbiosname> account is available
- otherwise, we use SAMBA_INTERNAL
else:
- we use BIND9_FLATFILE if a dns or dns-<netbiosname> account is available
- otherwise, we use NONE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used to translated names in SDDL values,
which are not wellknown, e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not used, but makes the prototype compatible with the
other get_*_descriptor() functions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow subsitute non-wellkown names in the SDDL,
e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Without this schema_data_modify() will reject updates to schema objects
by default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
They inherited effective ACE for the wrong object classes.
For SACL ACEs the problem was also present in 4.0.0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids two different process single task servers (eg the drepl
server) sharing the same server id. The task id starts at 2^31 to
avoid collision with the fd based scheme for connections.
Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598
Reported-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 26 16:13:05 CET 2013 on sn-devel-104
This is not used currently, but may avoid going to and from the python types when we do not need to.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is needed if we start using the top bits of these values.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This avoids two different process single servers (say LDAP and the RPC server) sharing the same
server id.
Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598
Reported-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Andrew Bartlett <abartlett@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 24 19:20:52 CET 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 23 20:04:09 CET 2013 on sn-devel-104
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104
This change moves the addition of "Authenticated Users" from the very end of the
token processing to the start. The reason is that we need to see if
"Authenticated Users" is a member of other builtin groups, just as we
would for any other SID. This picks up the "Pre-Windows 2000 Compatible Access"
group, which is in turn often used in ACLs on LDAP objects.
Without this change, the eventual token does not contain S-1-5-32-554
and users other than "Administrator" are unable to read uidNumber
(in particular).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This removes special-case for initalising the children array in
insert_in_object_tree(). talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.
This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.
To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should only use dsdb_module_check_access_on_dn() on the parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit enters the GUID into the object tree so that that access
rights assigned to the structural objectClass are also available, as
well as rights assigned to the attribute property groups.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will, when the GUID is entered into the object tree (not in this
commit) ensure that access rights assigned to the structural
objectClass are also available, as well as rights assigned to the
attribute property groups.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This uses dsdb_get_last_structural_objectclass(), which encodes this ordering
knowledge in one place in the code, rather than using this uncommented
magic expression:
(char *)oc_el->values[oc_el->num_values-1].data
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Otherwise callers like dsdb_schema_copy_shallow() will corrupt the
talloc hierarchie.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
