IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.
This results in
root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
While it works as system:
root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
# record 1
dn:
serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.
This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.
If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).
Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.
Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104
This patch adds support for a netlogon ldap style request
over the tcp socket. This is available since win2k3+ [1].
The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.
[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
This replaced the *module parameter, and uses ac->module in the function
instead, same for *req and *attrs.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
The attribute on the RootDSE object is called 'dnsHostName'
instead of 'dNSHostName' (which is used in the schema and on
all other directory objects).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As anonymous users can read all rootdse attributes,
we should do helper searches with DSDB_FLAG_AS_SYSTEM
in order to avoid unnecessary access checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
this allows dsServiceName to be stored as an extended DN or GUID form
in @ROOTDSE, and its string form will be found at runtime.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this changes the rootdse to compute the validFSMOs attribute at
runtime by checking the fSMORoleOwner attribute on the appropriate
DN. This avoids the need for the pdc_fsmo and naming_fsmo modules.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This function is problematic because a string may expand in size when
changed into upper or lower case. This will then push characters off
the end of the string in the s3 implementation, or panic in the former
s4 implementation.
Andrew Bartlett
this gives better localisation of errors in rootdse. This is to help
track down a production error
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Mar 18 05:46:58 CET 2011 on sn-devel-104
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).
Reviewed by: Tridge
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The issue here is that when the samdb calls were removed, this call
relied on going back to the top of the module stack, so as to re-enter
the rootDSE search handler. It makes more sense to check the @ROOTDSE
record directly, and therefore not to invoke the search() handler
during the init.
Andrew Bartlett
if we get an unregistered control in the rootdse module, and the
request comes from an untrusted source (eg. ldap://) then we need to:
1) filter the control out if it is marked non-critical
2) give an error if it is marked critical
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a
simple way since it's already needed on LDB initialisation time.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
