IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 4 05:39:57 CET 2011 on sn-devel-104
This glue does not require any internal Samba functionality, just the
same heimdal headers as the files it is providing a stub replacement for.
Andrew Bartlett
Also, SCRIPTSBINDIR isn't really common with Samba3 dynconfig
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 3 13:25:04 CET 2011 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 3 12:28:21 CET 2011 on sn-devel-104
Test setting spn on RWDC, RODC and regular computer object.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
If this right is granted to a user, they may modify the SPN of an object with some value restrictions
serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname.
InstanceType can be samAccountName or dnsHostName.
based on new WSPP docs from Bryan Burgin
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 22 04:45:46 CET 2010 on sn-devel-104
so it can be used against Windows DC without fetching prefixMap
Fetching prefixMap doesn't work against WinDCs for some reason at the moment
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 22 01:28:49 CET 2010 on sn-devel-104
we are waiting on full docs on these, but this is better than zero
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Dec 21 12:05:51 CET 2010 on sn-devel-104
And remove the now obsolete one for "struct tevent_context"
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Dec 21 11:17:34 CET 2010 on sn-devel-104
Even if we can't calculate the local groups (because we don't have a
local SAM to do it with) we still need to include the domain groups in
the session_info token.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104
We now just do or do not call into LDB based on some flags.
This means there may be some more link time dependencies, but we seem
to deal with those better now.
Andrew Bartlett
This version reverts changes from commit b974966cc2
and is what Matthieu Patou had commited in d784ecec55
with added reference to the schema cache.
I think referencing schema here is the right thing to be done
as thus we garantee that schema cache will stay in memory
for the time our function is executed
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Dec 20 12:01:53 CET 2010 on sn-devel-104
Just 'refresh_fn' and 'loaded_from_module' are copied.
I left 'reload_seq_number' set to 0 intentionally, so that
this Schema cache will looks like a very old one to ,refresh_fn'.
This way, if this shallow copy is attached to LDB, it will be
refreshed as soon as possible by 'refresh_fn'.
We need to do this as dsdb_reference_schema() function
clears "use_global_schema" ldb flag.
Basically what is going to happen is that after dsdb_reference_schema()
global_schema pointer will continue to point at old schema cache,
while "dsdb_schema" for LDB will point at the working_schema.
After replication is done, we reset "dsdb_schema" for the ldb
with an updated Schema cache, but this leaves global_schema pointer
with its old value, which is not up to date.
So we need to call dsdb_make_schema_global() again so that global_schema
points to a valid Schema cache.
This reverts commit 2516338023 because
further analyis showed the real problem was introduced in 0941099a
(which changed the caller behaviour, but only for indexed searches).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104
This partially reverts 0941099a, which was a little over-eager in
fixing what were presumed to be memory leaks.
It is always the callbacks responsiblity to free the ares, but if they
don't then the end of the request should handle the cleanup.
Attempting to talloc_free() here will result (as it did in the
descriptor module) in a double-free error if the callback does free
it, and no other caller of ldb_module_send_entry() has this behaviour.
Andrew Bartlett
working_schema is a shallow copy of current schema and thus
depends on part of it. So we want it to be around as long as
working_schema is used.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
We need to make LDB consistent here (indexed vs unindexed behaviour
differs here!), but for the moment this is the easiest way out of a
segfault.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 16 06:42:56 CET 2010 on sn-devel-104
Otherwise system_session() creates a LoadParm() instance
which resets certain global parameters to their defaults
from smb.conf ("log level" for instance)
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
DNS updates from nsupdate against our ldb SAM now work
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 15 12:36:46 CET 2010 on sn-devel-104
this implements the expanded DLZ update driver API, allowing for bind9
to send dynamic updates to the Samba DLZ driver.
This change also adds support for exporting all DNS zones in the SAM
database, which also means we now correctly separate the _msdcs zone
from the main zone.
Without this check, receiving empty replica leads to a situation
where we left with a working_schema attached to the ldb.
The problem here is that working_schema is not fully functional
schema cache and keeping it attached to the ldb may lead
to modules failing to accomplish their jobs
We may have no prefix for the remote ATTID (remote OID strictly speaking)
So this is the place for us to update our local prefixMap
adding a prefix for the numeric OID we've recived
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
in dsdb_attribute_drsuapi_to_ldb() function.
drsuapi_DsReplicaAttribute *in parameter come from remote DC
so we can't rely on in->attid to map it directly to an
dsdb_attribute in our local schema cache
Otherwise we will end up passing whole inheritance chain
every time we create some new fancy classSchema object
(as the 'cls-A' and 'cls-B' ones in test_classWithCustomAttribute test)
Create new Attribute and a Class,
that has value for newly created attribute.
This should check code path that searches for
AttributeID_id in Schema cacheThis test.
It also tests how we replicate a leaf classSchema that
inherits from a new classSchema with attribute added
- tests both dsdb_attribute_drsuapi_to_ldb() and
_dsdb_syntax_OID_obj_drsuapi_to_ldb() syntax handler
Without this change, when a schema is set to ldb, the
effect is that dsdb_get_schema() returns global_schema
preferably.
Thus we end up with two schemas in effect:
- global one, which is the old one and it is still used everywhere
- new one, which is just cached in ldb, but can't be used, as
there is no way to access it
As a server only try the mechs the client proposed
and only call gensec_update() with the optimistic token
for the first mech in the list.
If the server doesn't support the first mech we pick the
first one in the clients list we also support.
That's how w2k8r2 works.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
Make it much harder to import bad data into the password attributes.
This isn't 100% safe, but much better than no checks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 16:17:36 CET 2010 on sn-devel-104
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it.
So we can allow it to be send over LDAP.
We'll accept this control over the privileged ldapi socket only.
metze
