IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
this gives better localisation of errors in rootdse. This is to help
track down a production error
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Mar 18 05:46:58 CET 2011 on sn-devel-104
Don't stop the server if it hasn't been filled in correctly. An LDB
error should be enough.
Modified by request of tridge: errorcodes changed to ERR_PROTOCOL_ERROR
- let the first "if" in place
- uninstantiated partitions are handled by the second "if" (previously
they have been handled twice)
Has been corrected by request of tridge.
The boilerplate entries (when this support has been implemented) should
be provided by the "new_partition" LDB module. These are for example the
deleted object and lost and found container.
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).
Reviewed by: Tridge
building smbtorture4 with configure --disable-shared failed
with an error that ldb.h could not be found
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed by: Tridge
ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This
one gets triggered if we perform "add" requests without the LDAP server.
Reviewed by: Tridge
This was already done in repl_meta_data, but it needs to be done here
as well to cope with Windows 2000 level links.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 2 02:03:58 CET 2011 on sn-devel-104
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as
64-bit integer.
Reviewed by: Kamenim and Metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
during replicated object convert stage.
The problem is that we may have loops in schema graph and we can't
resolve those loops in just one pass. Ignoring some attributes
conversion will allow us to have a functional schema cache that we
can use later to resolve all attribute OIDs on another pass
Executing dreplsrv_run_pending_ops() directly may cause a segfault
as in case of failure, the _drepl_replica_sync_done_cb() callback
gets called *before* drepl_replica_sync() returns. In such case,
irpc message gets freed twice - once when irpc_send_reply() gets called
and once when drepl_replica_sync() returns
1. Take into account DSA options - we should not send replication
requests in case OUTBOUND_REPLICATION is disabled
2. Use replication flags for the operation to determine if
a forced replication is requested
3. In case outbound replication is disabled and we don't have
DRSUAPI_DRS_SYNC_FORCED flag set, then we should record
WERR_DS_DRA_SINK_DISABLED error as a last replication result
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
Exactly for the syntax which is needed by Volker in s3's "pdb_ads".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 16:10:15 CET 2011 on sn-devel-104
This is the same way as it is done in the samldb LDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 12:08:26 CET 2011 on sn-devel-104
ntds_guid is NULL otherwise as it doesn't make sense for
not a DC object
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Feb 14 08:45:51 CET 2011 on sn-devel-104
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
This both checks that the levels make sense, and they match what they
should be based on in the DB.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Feb 2 06:09:53 CET 2011 on sn-devel-104
The issue here is that when the samdb calls were removed, this call
relied on going back to the top of the module stack, so as to re-enter
the rootDSE search handler. It makes more sense to check the @ROOTDSE
record directly, and therefore not to invoke the search() handler
during the init.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
LSA object classes are protected on both LDAP add and LDAP modify
operations, so I've refactored the previous check in the objectclass LDB
module only for LDAP adds in a new one in the objectclass_attrs LDB
module for both adds and modifies.
This is the result of the investigations done by Hongwei Sun and I in
the last months.
Interestingly these protection mechansim doesn't apply on LDAP deletes!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
This confirms that the groups obtained from a Kerberos PAC match those
that a manual search of a target LDAP server would reveal.
This should allow mixing of a KDC specified by krb5.conf to test Samba
or Windows alternatly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
Use the temporary list unless we have at least the three main
"namingContexts" from the rootDSE available (Default, Configuration, Schema -
these are mandatory on all AD deployments!).
This bug has been discovered by Nadya in relation with her SD work.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
The LSA object creation protection changed to the trusted/untrusted
connection model.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
