IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* Fix build on AIX
* Python3 compatibility fixes
* Use tdb_wipe_all in "erase" command
* Harden allocating the tdb recovery area
* Make sure the hash size fits
* Harden tdb_check_used_record against overflow
* Harden tdb_rec_read
* Handle TDB_NEXT_LOCK_ERR in tdb_traverse_internal
* Fix build warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samba is not compatible with new versions of ldb (except release versions)
Other users would not notice the breakages, but Samba makes many
more assuptions about the LDB internals than any other package.
(Specifically, LDB 1.2 and 1.4 broke builds against released
Samba versions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is no longer optional for the AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Sadly the unix token cannot be created without a running winbindd,
which is not available during provision and a domain restore.
(Internally in smbd a backup API via passdb is used, but this
is not connected to this function at this time)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This fills in the unix portions of the token needed by smbd and the pysmbd bindings
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Joe Guo <joeg@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Pair-programmed-with: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
1. existing tests still run with session_info=None
2. new class override `get_session_info` to return a session, so same
set of tests will run again, but with session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Make it clear to find out what we have in test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
There are 2 copy of `test_setposixacl_getposixacl`, this patch removed
the first copy, which was overwritten by the second one.
They are 99% the same except in the last line a_perm is 6 vs 7, and 7 is
the correct number.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The example is already in code, no need to keep it here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Get the admin session info, and pass it down to setntacl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Then underneath code can reuse the authentication info in session to
improve performance.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Use predefined SECURITY_SECINFO_FLAGS to replace bitwise or operations
on flag list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
If session info was passed down from upstream, then try to use it to get
security token, other then creating token every time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
When a session_info passed down to here, the unix_info could be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add session_info arg as optional and pass it down to get_conn_tos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add session_info arg, so caller can pass it in to reuse authentication info
later. This will improve performance a lot while doing ntacl operations
on large amount of files, e.g.: sysvolreset.
Modification for upstream caller will come in following patches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12451
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Remove flake8 warnings from the code, this highlighted the issue with
test_update_add_null_char_rpc_to_dns fixed in the preceding commit.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix update_add_null_char_rpc_to_dns so that the test matches the name.
It was not passing the embedded null to the rpc call.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Modifies bind9 and internal dns to match windows static records behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now that scavenging is implemented, the DNS update tool needs to be changed so
that it always updates every name required by the DC. Otherwise, the records
might be scavenged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
DNS record scavenging function with testing. The logic of the custom match rule
in previous commit is inverted so that calculations using zone properties can
be taken out of the function's inner loop. Periodic task to come.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
DNS records have the odd property that the DN can be reliably determined by the
name only, so we do not need a subtree search.
However by using a subtree search under the zone we can without
trapping exceptions confirm if the record exists or not in the tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
A custom match rule for records to be tombstoned by the scavenging process.
Needed because DNS records are a multi-valued attribute on name records, so
without a custom match rule we'd have entire zones into memory to search for
expired records.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Code for retrieving aging properties from a zone and using them for timestamp
setting logic during processing of DNS requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This function is duplicated in the BIND9 and RPC DNS servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows a user to set zone properties relevant to DNS record aging over RPC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reading zone properties from LDB on server connection initialisation, instead
of them being volatile fields.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
First basic DNS record aging tests. These check that we can
turn aging on and off, and that timestamps are written on DNS
add and update calls, but not RPC calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add parameter dns_zone_scavenging to control dns zone scavenging.
Scavenging is disabled by default, as due to
https://bugzilla.samba.org/show_bug.cgi?id=12451 the ageing properties of
existing DNS entries are incorrect.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
imessaging_client_init() can be used with a wrapper tevent_context,
but only if a global messaging_dgm_ref() already exist.
All other uses of imessaging_init() and imessaging_client_init()
require a raw tevent_context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 12 02:23:37 CEST 2018 on sn-devel-144
In usecases like using messaging_client_init() with irpc processing we may
free the imessaging_context during the messaging handler.
imessaging_post_handler() is not yet really used, but it will change in
the next commits. imessaging_post_state is a child of imessaging_context
and might be implicitly free'ed before the explicit TALLOC_FREE(state).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
As it gets 'messaging_context' as argument, we're sure a messaging context
with a raw tevent context already exist.
It means we can allow a wrapper tevent context that wrapps the main tevent
context of the messaging context.
The use of tevent_req_defer_callback() makes sure that the callers
callback function calls messaging_filtered_read_recv() from the
correct "wrapped" environment.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
