IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Error was assigned to a variable that was not returned.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Sep 14 14:05:20 CEST 2012 on sn-devel-104
This avoids re-opening the DB as the correct user, but applies all the right ACLs
and resulting owner.
This needs a bit more testing...
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Kai Blin <kai@samba.org>
(Error was set to an unused variable)
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 11 22:09:18 CEST 2012 on sn-devel-104
This will allow us to run make test on all platforms again, as we emululate the posix ACLs using the fake_acls
module. By then testing smbd.have_posix_acls() we gain a more specific error message.
Andrew Bartlett
This test verifies that the delete on close flag is kept during
a disconnect and is still active on the reconnected handle.
When the reconnected handle is closed, the file is deleted.
This test used to flap because there was an invalid check of
the file-id. This might or might not be the same after a
new open. Hence the flapping.
The new version simply opens a file as durable handle with
delete_on_close set, writes a byte and closes the file.
Then on a new connect, the file is opened again, and it is checked
that the file has been created (again) and that it is empty.
positive) so that any "goto failed:" call does not end up calling
ldb_transaction_cancel() if trans is initialized to 0 (LDB_SUCCESS)
by chance.
Signed-off-by: Jeremy Allison <jra@samba.org>
In interactive mode we should let the admin confirm which
implementation he wants.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 10 11:45:08 CEST 2012 on sn-devel-104
And do a tcp disconnect followed by a session reconnect instead
of immediately using the already opened second connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will help ensure that we do not break the fundemental loading etc.
From here, it should be easy to extend this to more comprehensive tests.
Andrew Bartlett
This avoid folks needing to specify --dns-backend=NONE
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 6 04:48:55 CEST 2012 on sn-devel-104
This gets the SID for the local machine correctly.
We also add options for --use-ntvfs and --use-s3fs to help control
exactly which database is being read and written.
Andrew Bartlett
I've pushed the wrong branch for this, sorry about that.
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep 5 14:10:54 CEST 2012 on sn-devel-104
The name samba_dsdb is not ideal, but it matches the primary ldb
module we use, and more importantly it avoids having '4' in the name.
We should slowly avoid using the term samba4 in long-term places like
the smb.conf because it is confusing to users given we are shipping
Samba 4.0 as an AD DC as well as all the other supported roles (domain
member/standalone server/classic DC)
Additionally, samba4 will be an odd name when we eventually release
Samba 5.0!
samba4 remains accepted as an alias to ensure existing smb.conf files
load, but to allow changes here in the future, we set the value during
the smb.conf load, and not during the provision when we are an AD DC.
This simplifies the default smb.conf for the vast majority of our
users and reduces the number of things listed in smb.conf files that
we later have to work around if we wish to change the
name/implementation of the passdb glue module again.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
This stops us from potentially being DoSed by tons of TKEYs
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
These are only needed for as long as the call, and should be children of the
private context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
We should not need the guessed values here, but by changing to using the s3 loadparm context
we can move this block to before the provision.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104
This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.
Unlike sysvolreset, this does not change any of the permissions.
Andrew Bartlett
Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.
This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.
We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.
A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.
Andrew Bartlett
This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel. This has caused issues with the creation of group policies by
other members of the Domain Admins group.
Andrew Bartlett
The loadparm context on the schema DB might have gone away already.
Pre-cache the schema refresh interval at load time to avoid worrying
about this.
Andrew Bartlett
We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.
Andrew Bartlett
Because these run as non-root, we need to avoid doing things that will
fail during the provision. The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.
Andrew Bartlett
This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.
Andrew Bartlett
Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
As shown in commit c8e6d8b487 this looks easier and in any case we can
treat schema context data like global data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The extension of this test is to create an extended attribute, so we
can confirm that the easize field on a stream actually refers to the
parent file.
This has been run against Windows 7.
Andrew Bartlett
There seems to be a difference if the initial delete_on_close flag
was set on a handle that created the file or if the handle if was
for a file that already existed.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 21:44:24 CEST 2012 on sn-devel-104
The confusing use of do_dn as a memory context while legitimate
created a bug when it was copied and modified to search on a DN from
long-term state.
By always using a temporary memory context it is clear what paramter
is the memory context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 18:24:10 CEST 2012 on sn-devel-104
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
In that log, over 2.5 days this particular allocation was repeated:
1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 22:49:06 CEST 2012 on sn-devel-104
The "serverReference" attribute is available on the "server" object
not on the "nTDSA" object.
This allows connections to RODCs, as they don't have a
E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
principal.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
We often want to know if we own an FSMO role (for example). This tries to be more
efficient by comparing the GUID, rather than the string DN, as this does not need
to be re-fetched each time.
Andrew Bartlett
As the normal case (outside provision) uses a copy, this avoids a case
where a caller might modify a global variable accidentily.
As suggested by metze.
Andrew Bartlett
The index into the elements needs to match between
msg->elements and md->ctr.ctr1.array, which means we should
pre-allocate them with the same size.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
The decrement operation has been missing.
Problem found by Mohammad Ebrahim Abravi <lamp.mia@gmail.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and
to be more careful about what schema is set (only setting a global schema if
the original schema was global).
In particular, the new working_schema is not given a talloc reference
to the old schema. This ensures that the old schema can go away when
no longer used.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
These sequence numbers were only used for telling if the schema was
changed, and are no longer directly related to the replication USN.
The per-partition replication USN can be obtained from the
@REPLCHANGED record on the per-partition database, and this is done
with an ldb_search().
Andrew Bartlett
This way we do not track both the partition seq number and the
replication USN for schema reload purposes.
We only need one indication of actual data change, and the replication
per-partition sequence number is no more expensive to obtain than the
ldb per-partition sequence number.
Andrew Bartlett
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
In all callers, we must already have a attributeID for each of the
values or else we would have already given an error, or could not have
obtained the message over DRS.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104
This ensures that we do not add objects that should go into a partition, but we
simply return that an object is not present if the connection was created
before the partition was loaded. It is rare to create a new partition.
Andrew Bartlett
Because we set the schema before we connected the ldb to a file, the @INDEX records
were not added until next startup. This cost 100% more time in running provision on
my laptop.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 08:20:36 CEST 2012 on sn-devel-104
This matches the rest of the function.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 9 06:26:36 CEST 2012 on sn-devel-104
We do not need to reload the partition list to get the global sequence
number, as that number is stored in the metadata.tdb, not the ldb files.
Andrew Bartlett
This test covers s3dc as well.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 8 09:57:14 CEST 2012 on sn-devel-104
Server might return STATUS_BUFFER_OVERFLOW, which is not caught by NT_STATUS_IS_ERR
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Aug 6 20:01:01 CEST 2012 on sn-devel-104
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 4 18:27:21 CEST 2012 on sn-devel-104
We need to check if we have hasMasterNCs. If we are RODC we have
hasFullReplicaNCs instead of hasMasterNCs.
TODO: maybe check for hasFullReplicaNCs, too?
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This needs to be merged upstream
Autobuild-User(master): Andrew Tridgell <tridge@samba.org>
Autobuild-Date(master): Thu Aug 2 08:59:24 CEST 2012 on sn-devel-104
Previously we would only consider renaming the local object, now we can cope with
renaming the remote object as well.
This should avoid most of the cases where Samba AD replication can just stop.
Andrew Bartlett
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.
Andrew Bartlett
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.
Andrew Bartlett
