IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We never use resp->additionals, so there's no reason to check.
This fixes dns updates against BIND9 (used in a Samba4 domain).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This was the cause of the flakey test, and was only noticed when
multiple different users ran autobuild at the same time on the same
server.
We use shutil.rmtree to wipe the directory before the tests finishes
as required by the TestCaseInTempDir class.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
This reverts commit 47bbf9886f0cebf994435a32bafa07e36cce191b.
This test appears to be stable now, but the changes in the previous
commit should allow the real error to be found if it comes back.
As requested by metze.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 13 01:45:04 CET 2012 on sn-devel-104
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)
The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.
Permissions should be changed to:
ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)
If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed. As the error
is declared fatal, in the future, Samba may totally refused to start.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
With the next patch, this becomes a socket directory on which we must
maintain administrator-specified permissions we will need to move it
away from directories that wipe at boot.
This means the ntp.conf will need to change from (eg)
ntpsigndsocket /usr/local/samba/var/run/ntp_signd/
to
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The full fix will to implement and use the code of the read_acl module,
but this is better than nothing for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids some nesting levels and does early returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to this when we're *not* system.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This creates a new xattr.tdb per unit test, which avoids once and for all
the issue of dev/inode reuse.
For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
This follows on from the successful conversion of samba.tests.posixacl.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.
We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.
Andrew Bartlett
Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
the waf build was missing the --with-dmapi option
and configure checks that are necessary to build the
source3 parts that need DMAPI (e.g. vfs_tsmsm)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Nov 9 20:57:31 CET 2012 on sn-devel-104
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 9 18:21:39 CET 2012 on sn-devel-104
This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.
Bug 9125 analysis from Volker:
The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.
Reviewed-by: Andreas Schneider <asn@samba.org>
This is required for Minix, where python is named "python2.X".
Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Fri Nov 9 16:39:09 CET 2012 on sn-devel-104
This is necessary to run configure on Minix, where python is named
"python2.X".
Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 9 14:53:27 CET 2012 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 8 21:24:21 CET 2012 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
When checking for Heimdal headers, make sure HAVE_CONFIG_H is not
defined, as config.h will not be available.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Nov 6 16:27:03 CET 2012 on sn-devel-104
This is required when building with the system heimdal, as
gssapi/gssapi_spnego.h is included.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 6 05:12:28 CET 2012 on sn-devel-104
Newer versions of heimdal include a macro that is unfortunately named
'_res'. This change prevents the clash.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
The directory walk was missed due to a cut-and-paste error.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
For me "else" branches clutter my flow reading code. If we do a hard
return at the end of an "if" branch, "else" is not required.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This fixes a regression introduced by 9c3e294400234ebdf9b98031bae583524fd0b0ac
which caused internal symbols in libldb to be exposed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
This makes it easier to put the expected values in a file
as we will not have trailing whitespace that is against git style.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
