IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will help with testing GetNCChanges and supplementalCredentials against Windows in Python
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Instead, write it once in the module init, if required, and after a
modify to the schema partition is detected
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
samba-net requires PROVISION, which is disabled when python isn't available.
Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This may help when an object has been incorrectly locally removed from the NC
or there is an urgent need to replicate a specific object (say when full
replication is inoperable).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This will allow callers to catch specific errors rather than RuntimeException
As this slightly changes the exception, the timecmd test must be updated.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
There are cases where allocating a RID Set can reasonably fail. Catch those nicely.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
The WERROR codes are more descriptive for DSDB issues, and almost all the code was
converting from WERROR to NTSTATUS. This will allow us to better catch specific
errors like WERR_DS_DRA_MISSING_PARENT
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
This attempts to make it clear what memory is short term and what memory is long term
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is needed so that we get parents before children.
We need this to ensure that we always know the correct parent for a
new child object, rather than just trusting the DN string
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
When we were processing an EXOP, we would pass in a DN specific to that
operation, but this stopped repl_meta_data from finding the parent object
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
running smbtorture rpc.dfs.netdfs.StdRoot yields the following valgrind trace
==18861== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18861== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18861== by 0x106CB033: writev_handler (async_sock.c:340)
==18861== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18861== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18861== by 0xBC6D0D2: dcerpc_srvsvc_NetShareDel_r (ndr_srvsvc_c.c:4272)
==18861== by 0x9786C0C: libnet_DelShare (libnet_share.c:195)
==18861== by 0x2E0174: test_NetShareDel (dfs.c:103)
==18861== by 0x2E126F: test_cleanup_stdroot (dfs.c:488)
==18861== Address 0x18869b46 is 598 bytes inside a block of size 1,325 alloc'd
==18861== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18861== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18861== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18861== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18861== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18861== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18861== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18861== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18861== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18861== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix a regression introduced by 5c5d586d3e that broke exporting
service principals by their spn with
samba-tool exportkeytab --principal=<SPN>.
Iterating with samba_kdc_nextkey() only returns UPNs, so this can't work
with SPNs. If we want to search for a specific SPN, we have to use
samba_kdc_fetch().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 24 15:12:21 CET 2016 on sn-devel-144
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 23 23:43:51 CET 2016 on sn-devel-144
All subsystems that include pytalloc.h need to link against
pytalloc-util.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
This is used by 'samba-tool domain exportkeytab'. This loads the HDB
Samba backend thus needs access to samdb. To avoid using heimdal
specific code here, we could talk to samdb directly and write a
keytab file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Previously this would only be set when we did server-to-server replication
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
This asserts that this is the case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Different gcc versions complain at different places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
We need to authenticate against the RpcProxy.
In future we could have a way to specify alternative credentials
for the RpcProxy and HttpProxy.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 23 01:34:05 CEST 2014 on sn-devel-104
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 7 07:47:44 CEST 2014 on sn-devel-104
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Primarily following the precedent set by other uses of composite_is_ok(), but
also making sure nothing tries to use c after this point if it is in fact not
ok.
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If possible also specify the already known address as dcerpc_binding->host.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We should avoid per connection tevent_contexts,
the one per libnet_context isn't much better, but a start.
Note the pointers have the same value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We use cli_credentials_get_netlogon_creds() which returns the same value.
dcerpc_schannel_creds() is a layer violation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
Pair-Programmed-With: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 23 14:18:03 CEST 2013 on sn-devel-104
Replicated schema might have attributes and auxilary classes on some
critical classes (ie. top, user, computer ) that are not in the bootstrap
schema. Without those new attributes and classes, bootstrap schema is
unable to translate those critical classes in the schema constructed
from the replicated data. Without thoses classes new schema is useless
and can't be indexed properly.
In order to overcome this problem, we put all new attributes and classes
definitions into the bootstrap schema so that foundations classes can be
translated.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of showing:
Partition[CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com]
objects[1] linked_values[8]
Report a exop based on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com
as
Exop on CN=RODC,OU=Domain Controllers,DC=samba,DC=example,DC=com, ...
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed Jan 9 09:01:30 CET 2013 on sn-devel-104
At that moment we have all the information to set the invocation id so
let's set it, it will avoid useless messages about missing invocation
id.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 13 01:01:14 CET 2012 on sn-devel-104
These are only needed for as long as the call, and should be children of the
private context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
This hopefully fixes the flakey autobuild.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr 24 16:43:03 CEST 2012 on sn-devel-104
These instances should not cause a problem, but make it easier to audit for
this kind of problem in the future with grep.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
This meant that we would attempt to query the user that we could not open.
This is a mirror of 4ba1647d5db59e5bb4911c399111e9286aac1a8e.
Andrew Bartlett
The issue was that after the LookupNames call indicated that this was
not a group, the call paths diverged, with both sucess and failure
paths running.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Apr 12 15:23:19 CEST 2012 on sn-devel-104
The NULL pointer dereference from talloc_get_type() might be free, but the
information on the actual and expected types from talloc_get_type_abort()
is priceless! :-)
Andrew Bartlett
Windows dcpromo do the same: getncchanges with DRS_GET_ANC and
DRS_CRITICAL_ONLY, then it does a getncchanges without those flags for
the rest.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.
To use, add to your krb5.conf
[kdc]
database = {
dbname = samba4:
}
or
[kdc]
database = {
dbname = samba4:/usr/local/samba/etc/smb.conf
}
And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.
Based on a request by Gémes Géza <geza@kzsdabas.hu>
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.
Andrew Bartlett
libnet_Join conflicts with a function in the source3 netapi of the
same name, and the ability to join as a DC via this particular method
is unused.
Andrew Bartlett
