IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
Add an option to propagate name releases directly.
This make the results for #1C name queries more consistent
among all servers.
It's off by default to match windows.
metze
(from samba4wins tree 166e9fdffb9f4e26513c3b4ec1f6f168ecbe18f8)
This fixes a bug where #1C addresses are registered with different
WINS-Servers and a merged #1C record.
metze
(from samba4wins tree 72e055394a0fd1f543be9c196b4179356a1033f6)
We may send requests packets (WACK challenges or similar things)
via a different udp socket than the socket we receive the
matching response. We need to setup an unexpected handler
on the nbt sockets and redirect responses to the correct
nbt_socket. (By redirect I mean we use the correct
nbt_socket structure, we're *not* resending the packet
with sendto() via the kernel...)
metze
(from samba4wins tree 7ce8e705e5a9aabb787d17fbec7a078d9d6780dc)
This fixes the following bug:
While we reply with a WACK response to a client.
Instead of waiting for the final reply some
windows client just resends the request using
the same name_trn_id in the nbt_name_packet.
We handled this as a new request and send a
WACK response (and the challenges) again.
Then the first request gets its final success
response, but the when we try to send the success
for the "second" request we notice that
the record was changed in between and we return
an error.
Windows 2003 (and I assume all other versions as well)
detect the packet is just a resent of a currently pending
request and ignores it.
So we now keep a list of all pending WINS name register
requests which result in a WACK response. On each incoming
name register request we search through the list to find
duplicate requests and ignore them. In theory we should
do that for all requests, but name register requests
are the only requests we response async and only
if we have to go via the WACK code path.
metze
(from samba4wins tree 382e7d384b70d03e9f81c7bb353afaed288d80f0)
Don't reopen the samdb for every netlogon packet, and use the
system_session(), as we must access data not available to anonymous.
Perhaps we should consider a 'authenticated but not system' token, if
we want more control on this.
Andrew Bartlett
(This used to be commit d10c9b71ea7f2670c4ea5ec569bcb7f49ec41362)
This now handles checking if the user exists, including validating the
ACB mask on the user.
This would be a nasty security hole, if Kerberos did not already
expose this information anonymously...
Andrew Bartlett
(This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)