IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will allow gensec_start.c to move to the top level. This does not change
what code uses the cli_credentials code, but allows the gensec code to be
more broadly.
Andrew Bartlett
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
The compiler on openindiana doesn't like them.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 8 08:56:10 CEST 2011 on sn-devel-104
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
This will allow these functions to be put into lib/param shortly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 7 10:17:01 CEST 2011 on sn-devel-104
we show wellknown links to the deleted objects container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 7 07:58:08 CEST 2011 on sn-devel-104
unless the user asks for the display of deactivated links, we should
not display DNs that link to deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
to correctly implement the show_deleted and show_recycled control we
need to know if the recyclebin is enabled. When not enabled, the
isRecycled attribute is ignored, and only isDeleted is used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this allows dangling backlinks to be removed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 6 07:08:35 CEST 2011 on sn-devel-104
this sets DSDB_REPL_FLAG_PARTIAL_REPLICA when replicating a RODC
partition, which tells the replication code to map instanceType to
remove the INSTANCE_TYPE_WRITE bit
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when we create a sub-subdomain we need to use the forest naming master
to setup the partition changes for the new subdomain. We also need to
setup the trust with the forest root, as that allows us to create the
needed _msdcs DNS entries in the forest
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 4 07:40:59 CEST 2011 on sn-devel-104
if we repeat the join of a subdomain then we try to re-create the NC
for the subdomain during a DsAddEntry(). This allows that re-creation
to succeed if the NC already exists
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This sorts out the correct handling for the 'kvno=255'
problem. Windows will use the previous trust password for 1 hour after
a password set, and indicates that the previous password is being used
by sending current_kvno-1. That maps to 255 if the trust password has
not actually been changed, so the initial trust password is being
used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
to properly support multi-domain forests we need to determine if an
incoming username is part of a known forest domain or not. To do this
for all possible SPN forms, we need to use CrackNames.
This changes map_user_info() to use CrackNames if a SAM context is
available, and asks the CrackNames services to parse the incoming
username and domain into a NT4 form, which can then be used in the
SAM.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
the kdc should not be looking for users in GC partial replicas, as
these users do not have all of the attributes needed for the KDC to
operate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when we are adding an object via DRS, we need to add the
DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial
replica, so ensure the partition module creates new NCs as partial
replicas
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).
We use the 3rd part of the SPN directly as the realm name in the
referral.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when we receive objects to a partial replica, we need to change the
incoming instanceType to not include the INSTANCE_TYPE_WRITE
flag. Partial replicas unset this flag.
With this set, we accept changes even if they have the same tuple as
the local copy. This can be used by a FULL_SYNC replication to recover
a replica that is corrupt
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow
changes to any replicated attributes. This ensures partial replicates
are not alterered
this allows the replication server to control replication via a set of
flags. Initial flags will allow control for partial replications and
full_sync support
Also, skip samba4.smb2.ioctl for now. Snapshots are not supported by
default.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Thu Sep 29 14:47:05 CEST 2011 on sn-devel-104
Most Windows versions have a strange order to
verify the session id, tree id and file id.
(They should be checked in that order, but windows
seems to check the file id before the others).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 28 21:12:07 CEST 2011 on sn-devel-104
If there're a problem with signing or the session doesn't exists
any more the server responses with a failure, instead of not
sending a response.
For now we ignore the reponse, as there's not much we could do with it
and it's not likely that we generate bad requests, which trigger
that behavior, except for testing.
metze
[825/1154 in 43m52s] samba4.nbt.winsreplication(dc)
Test if we always get back the same assoc_ctx
Setup wrepl connections
Test one pull replication cycle
Setup wrepl connections
Setup wrepl conflict pull connection
UNEXPECTED(error): samba4.nbt.winsreplication.replica
REASON: _StringException: _StringException: Unknown error/failure
I don't have time to look into the problem currently.
metze
ensure we don't cancel a transaction we didn't start
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 22 03:39:59 CEST 2011 on sn-devel-104
the kdc doesn't want to find users who are in partialReplica
partitions, as they won't have the needed secret info for the kdc to
operate. We need to generate referrals instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this modifies the partition module to honor a partialReplica attribute
on the @PARTITION module, marking partiations as partial replicas so
the NO_GLOBAL_CATALOG control can be honoured
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
we need to use the hasMasterNCs and hasPartialReplicaNCs attributes on
our NTDS object to get the list of NCs to replicate, instead of using
the rootDSE. This is needed to support replicating of GC partial
replicas, which are not listed in the rootDSE
when a DC has the GUID_DRS_GET_FILTERED_ATTRIBUTES right on a NC, we
need to allow it to replicate if all the attributes it is asking for
are in the GC partial attribute set
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 20 13:47:38 CEST 2011 on sn-devel-104
Now that the 'table' modules are gone, there is no reason for there to
be charset modules at all. This builds the macosxfs and weird modules
into the binary at the appropriate times, and changes the tests to
test instead the difference between the remaining internal handlers
and iconv().
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 20 06:27:06 CEST 2011 on sn-devel-104
this matches the existing open command, and also gives you error codes
on both open and close
useful for testing share mode locking
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 19 23:59:28 CEST 2011 on sn-devel-104
This hopefully avoids to run into problems with the
flakey error in the samba4.nbt.winsreplication test
[1071/1154 in 58m58s] samba4.nbt.winsreplication(dc)
Test if we always get back the same assoc_ctx
Setup wrepl connections
Test one pull replication cycle
Setup wrepl connections
Setup wrepl conflict pull connection
UNEXPECTED(error): samba4.nbt.winsreplication.replica
REASON: _StringException: _StringException: Unknown error/failure
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 19 16:29:22 CEST 2011 on sn-devel-104
if the @ATTRIBUTES or other objects which are replicated between
partions become out of sync, then the ldb would fail to open. This
changes ensures that we can always fix those records, by running the
operation in the top level partition, and replicating the result to
the other partitions
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 19 04:31:48 CEST 2011 on sn-devel-104
the exact value doesn't matter, as both Samba and windows check
against the latest password, but the old default of -1 caused ASN.1
parsing errors on windows, which prevented it answering TGS requests
thanks to Hongwei Sun for finding this from a ttt trace
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
we can't just append CN=Configuration to the basedn, as that won't
give the right configuration DN for a subdomain of a forest
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when we do a subdomain join we create a new object using a REPL_OBJ
getncchanges call for the partitions DN. This has a side effect of
creating that object. We need to skip the UDV update in that case
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
To do this we need to reorganise a lot of the provision code, so that
we can create the framework for the inbound replicaton of the config
and schema partitions and then add in the new subdomain locally.
Andrew Bartlett
UNEXPECTED(error): samba4.drs.repl_schema.python(vampire_dc).repl_schema.DrsReplSchemaTestCase.test_classWithCustomAttribute
REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python
traceback
49F
Traceback (most recent call last):
File "/usr/lib/python2.6/dist-packages/testtools/runtest.py", line 128, in _run_user
return fn(*args)
File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line 368, in _run_test_method
testMethod()
File "/memdisk/autobuild/flakey/b12973/samba4/source4/torture/drs/python/repl_schema.py", line 179, in test_classWithCustomAttribute
self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn)
File "/memdisk/autobuild/flakey/b12973/samba4/source4/torture/drs/python/drs_base.py", line 110, in _net_drs_replicate
return self.check_output(cmd_line)
File "bin/python/samba/tests/__init__.py", line 157, in check_output
raise BlackboxProcessError(retcode, line, p.stdout.read(), p.stderr.read())
BlackboxProcessError: Command '/memdisk/autobuild/flakey/b12973/samba4/bin/samba-tool drs replicate -USAMBADOMAIN/Administrator%locDCpass1 --sync-forced LOCALVAMPIREDC.samba.example.com localdc.samba.example.com CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com'; exit status 255; stdout: ''; stderr: 'ERROR(runtime): DsReplicaSync failed - (-1073741807, 'NT_STATUS_END_OF_FILE')
'
0
As this is an error, we have to skip it instead of adding it to the knowfail file
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Sep 17 08:43:31 CEST 2011 on sn-devel-104
Hence the "lock directory" path has to be used instead.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Sep 16 00:07:30 CEST 2011 on sn-devel-104
This is a temporary solution to get libsmbclient installed properly as a library
(including symlinks and proper symbols). I was not able to make the old internal
library name 'libsmb/smbclient' work together with "realname" and/or "link_name".
Maybe one of the waf gurus has more ideas here.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Sep 15 15:31:59 CEST 2011 on sn-devel-104
The --realm argument is again optional (the previous code would take the default
from the default smb.conf, not the one specified) and --targetdir is now a
named argument much like it is to provision.
We now test the --testparm option to ensure it behaves the way we expect.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 13 16:30:31 CEST 2011 on sn-devel-104
windows seems to use a fixed size for this password. It is possible
that windows servers can only handle one size, given we have observed
some strange behaviour from the windows kdc when we setup trusts
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
we can now create a subdomain of an existing windows domain using:
samba-tool domain join sub.domain.dns.name subdomain
The ordering of the creation of the key records is quite tricky,
especially for the NTDSDSA object
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
