IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will cause silent errors in the translation, but as far as we know,
Windows will accept it just fine.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 23 05:00:13 CEST 2016 on sn-devel-144
Signed-off-by: kkhaike <kkhaike@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Aug 19 09:35:15 CEST 2016 on sn-devel-144
Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Separate file creation (which requires write access) from the
opening of the file for the test (which might be without write
access).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This test (passes against Windows Server 2012R2) shows
that the implicit FILE_READ_DATA that is added whenever
FILE_EXECUTE is granted, is not reported back when querying
the handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Add functions which create a file or a directory with
specific desired access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
We also take the chance to make it clearer that the number
being passed in should be unique.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We already do that for objects in dsdb_convert_object_ex().
We need to be consistent and do the same for linked attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dsdb_create_prefix_mapping() should be the only place that calls
dsdb_schema_pfm_make_attid().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We may not have a prefix mapping for the new attribute definition,
it will be added later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We should create the working_schema prefix map before we try to
resolve the schema. This allows getting the same mapping (if there's not already
a conflict) and allows us to remove the implicit prefix mapping creation
in the prefix mapping lookup functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We allow a hint for the id from the remote prefix map.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids confusion when reading the talloc dump from a ldb context that has
been the target of replication, as the dsdb_schema_copy_shallow() memory was
still around, if unused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This attempts to make it clear what memory is short term and what memory is long term
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
It's perfectly valid to replicate from a partner with an older schema
version, otherwise schema changes would block any other replication
until every dc in the forest has the schema changes.
The avoids an endless loop trying to get schema in sync with the partner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will simplify the schema checking in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12115
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test uses tshark and cwrap's packet capturing capability
to observe the Kerberos handshakes and ensure the correct
encryption types are being used.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 9 07:43:52 CEST 2016 on sn-devel-144
This patch removes part of what's categorized in the code as
"hideous glue", which causes Heimdal to ignore krb5.conf
encryption types, and instead use either the application-
supplied values or the default compile-time values.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This tests for a possible deadlock between smbd and ctdb dealing with
ctdb tombstone records.
Commit 925625b528 explains the deadlock in
more details and contains the fix. It's a fix for a regression
introduced by the patch for bug 10008 (1cae59ce11).
If you ever want to use this test against that specific commit:
$ git checkout 925625b528
$ git cherry-pick THIS_COMMIT
This should not deadlock on a ctdb cluster.
$ git revert 925625b528
This will deadlock.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Otherwise dreplsrv_op_pull_source_get_changes_trigger() could infinitely recurse.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 6 01:24:05 CEST 2016 on sn-devel-144
According to susv4, addr.s6_addr is a
uint8_t s6_addr[16]
which is always != 0
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This allows us to generate better assert messages and give the
developer some ideas why the command wasn't able to run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12108
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This is from cea4a4b9b2 and
613d085a63ee554084cb99d2150921dd108f6b77
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 3 21:43:21 CEST 2016 on sn-devel-144
The use of the wrong key can still create structures that parse as a SID,
therefore we can sometimes get an unusual error, which becomes a flapping test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This function allows us to control allocation of memory during parse
of the packed ldb data.
This in turn can have an important performance impact as each
small allocation can have a large overhead
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This test only covers the forward link case.
NOTE: We can't confirm this against Windows because they prevent us from
modifying the schema for the schema classes.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There were no users of the data, and it added additional complexity
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We got WERR_DS_DRA_SCHEMA_MISMATCH for linked attributes with 8418 error for
extended attributes when using same attid as attribute object.
Signed-off-by: Evgeny Sinelnikov <sin@altlinux.ru>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Prior to this, none of the linked attributes would be checked for their
ids.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should propagate resolved conflicts immediately.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 03:18:58 CEST 2016 on sn-devel-144
The caller needs to know about them in order to decide about possible
notifications.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When UF_SMARTCARD_REQUIRED is set to an account we need to remove
the current password and add random NT and LM hashes (without updating
the pwdLastSet field.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to keep unknown PAC elements and just copy them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is already fixed in upstream heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is commit 7cd40a610569d5e54ebe323672794fb6415b5dac in heimdal master.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 22 19:51:09 CEST 2016 on sn-devel-144
In future ad_dc_ntvfs and ad_dc will differ regarding the Primary:SambaGPG
password feature. So we should test both.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
It's important that Primary:SambaGPG is added as the last element.
This is the indication that it matches the current password.
When a password change happens on a Windows DC,
it will keep the old Primary:SambaGPG value, but as the first element.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This will be used to store the cleartext utf16 password
GPG encrypted as 'Primary:SambaGPG' in the
supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
For any reasonably large domain, the old KCC is impractical as the dense
mesh topology causes replication pulses.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We validate everything except the whole LOGON_INFO structure,
we even decrypt the PAC_CREDENTIALS_INFO blob and verify
PAC_CREDENTIAL_DATA_NDR and PAC_CREDENTIAL_NTLM_SECPKG.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 21 01:07:28 CEST 2016 on sn-devel-144
This is included because this sample helped us addres issues in the previous attempt at
handling PAC_UPN_DNS_INFO correctly, and I have Tris's permission to include this in our
tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This one nicely demonstrates that the strings are really non-null terminated.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Someone changed the PAC buffer union without adding proper tests, now we
sometimes fail to parse the PAC completely due to that...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This coveres the case without AES keys, and before the IDL was changed for SambaGPG support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
From the mail to dochelp:
I've also got cases (where I created an account with
UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
in the LDAP add) with the following strange blobs:
One time:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00
and once:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 53
The original issue I reported was the following, a user was created
with a password and then userAccountControl was changed to
UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting:
[0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00
[0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 30
As you see the last byte (unknown3) is always different on Windows,
but always 0x00 from Samba, so I used 0x00 in order to allow the
test to pass.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Hoping the new name is not as confusing as the old name.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Typically this is automatically set in ndr_push_supplementalCredentialsBlob(),
but we need to change that behavior in order to handle strange formated
values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 19 17:22:51 CEST 2016 on sn-devel-144
These tests add a few deleted users and ensure they are VLV-able.
In a `make test` context there will be other deleted users lying
around, so we can't assert the expected results of the search without
looking first.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The first search in each round of VLV performs the search then saves
the results in the form of an array of GUIDs, which subsequent calls
refer to to get different ranges from the same search. These
subsequent calls make an individual search for each GUID. If the
original search had the show_deleted control, the array may contain
GUIDs for deleted items, which would not be seen on the later
searches without the same control.
So we save all controls except the VLV itself and the sort control
(which won't affect the search for a single GUID) and reuse them on
the subsequent VLV searches.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes before/after lattice sparser for the slower tests. While
we're doing that, some of the tests are changed to traverse the
lattice in a different order just in case that matters.
There is very little chance that any particular combination of before
and after parameters will behave uniquely wrongly.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rather than just disabling inbound replication, consider that there may be another server
in the test network, and ensure we do not replicate to or from it either.
replica_sync.py is omitted, as it tests some more subtle variations
of the DISABLE_INBOUND_REPL flag.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We add the forced flag, so that we can leave replication otherwise disabled
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This ensures we and sync from a server with DISABLE_OUTBOUND_REPL set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We do this before we ensure the two DCs are in sync, and then force the sync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We also ensure the two DCs are in sync before the test starts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We find that Windows 2012R2 sends a NULL parent_guid here, probably when no change to name is replicated.
That is, if there has not been a rename, this is not required information, as we
can just merge with the existing object, not matter where it is
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These were never finished, were not tested and clearly will not be revived
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The eventlog6 pipe is not a duplicate with the source3 code, so should be built even
for the default build with smbd for file serving
This fixes commit 0b4c741b9c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is clearly what was meant to happen.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Without the deactivated links control, we assert certain conditions over DRS
instead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Note that this test will not work properly across ldap as the
marked-deleted linked attributes will not appear.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
The if-condition explicitly tests for new_schema==NULL, so this seems to be a
valid error case. The DEBUG statement would segfault in this case.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 13 06:34:33 CEST 2016 on sn-devel-144
This is the same as base.maxfid, but for the SMB2 protocol: Keep opening
file handles until an error is returned, print the number of file
handles opened and finally close the file handles again.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 13 02:59:25 CEST 2016 on sn-devel-144
A search on * can be quite expensive if we have to post-process any of the results
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is the same as RestoreUserObjectTestCase, but we
set the password on add and reanimate.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We verify attributes, values and their replication metadata after
each step (add, delete, reanimate).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now we keep all state in struct tr_context and split
the preparation and exectution of sub requests into
helper functions.
The most important change is that we now
pass mod_req to dsdb_user_obj_set_defaults(),
so that it can add controls to it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
accountExpires gets a different value, logonHours is not updated,
operatorCount and adminCount are added.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 8 13:39:01 CEST 2016 on sn-devel-144
We've removed the difference compared to Windows and store metadata stamps for
some empty attributes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When a user object is created it gets a metadata stamp for logonHours,
while the logonHours attribute has no value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This module removes internal flags from ldb_message_elements.
Typically the repl_meta_data module handles DSDB_FLAG_INTERNAL_FORCE_META_DATA,
but there're some cases where we don't use that module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With this it's possible to add a replPropertyMetaData entry for an empty
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 6 19:06:19 CEST 2016 on sn-devel-144
We now refresh it once the schema changes, so that replication can
proceed right away. We use the sequence number in the metadata.tdb.
The previous commit added a cache for this value, protected by
tdb_seqnum().
metadata.tdb is now opened at startup to provide this support.
Note that while still supported, schemaUpdateNow is essentially rudundent:
instead, to ensure we increment the sequence number correctly, we unify that check
into repl_meta_data at the transaction close.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is not a frequent enough operation to warrent a cache, and the USN will be removed
from the schema code shortly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Use the tdb_seqnum() to avoid needing locks to check if the schema has not changed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
During the provision this causes a huge performance hit as these two
attributes are unindexed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Without the enc data, Windows clients will perform two AS-REQ causing the password
lockout count to increase by two instead of one.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11539
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 5 10:52:32 CEST 2016 on sn-devel-144
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jul 5 03:47:52 CEST 2016 on sn-devel-144
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In contrast to source3, this is run as root and without substitution.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add "net ads join/leave -k" tests to the net_ads test suite.
Shift the test suite from ad_member env to ad_dc env, because:
1. Seems more appropriate (the member server plays no role in this
test)
2. The -k test breaks against the ntvfs file server for some reason,
when trying to open the netlogon named pipe after having established
the session with Kerberos (the create fails).
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 15:36:37 CEST 2016 on sn-devel-144
This includes user_principal_name and dns_domain_name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is more generic and matches all other places.
As this is only used in the KDC it's not a real logic change.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The results differ depending on Kerberos or NTLMSSP usage
and the lockOutObservationWindow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a complete copy of the code that's currently inline.
I'm doing this in multiple steps in order to keep the diff
in a reviewable state.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should first check if the error number is as expected and
then check for a specific WERROR in the error string.
We also add the full error string as msg to assertTrue(),
so we'll actually see it if the assertion is wrong.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reduces the runtime of the test while still producing reliable results.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non interactive logons doesn't trigger an update
unless the (effective) badPwdCount is not 0 and lockoutTime is 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non interactive logons doesn't reset badPwdCount to 0
when the effective badPwdCount is already 0
(with (badPasswordTime + lockOutObservationWindows) < now).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic is incomplete and the correct logic is already available
via the constructed "msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new test for the net ads dns commands and the needed self test
setup. Currently tests that we can register a name and that it
turns up. Also, tests that we can register with -P.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 28 22:35:35 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 08:52:48 CEST 2016 on sn-devel-144
The password_hash module will take care of translating "-1"
to the current time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should only replace attributes when we're asked to do so.
Currently that's always the case, but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should setup io->o.* (the old password attributes) completely in setup_io().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We get everything else of the existing object there too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We get the message from the client and (optional) the existing object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Using UF_SMARDCARD_REQUIRED has some side effects, so we better use
UF_DONT_EXPIRE_PASSWD which doesn't trigger additional actions.
Setting pwdLastSet to "1" is not allowed, only "-1" is able to change
an existing value of "0".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reverts a totally unnecessary change to samba_dnsupdate. The self test
environment does the correct things with NS records now.
This reverts commit af08cb2eee.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 04:13:04 CEST 2016 on sn-devel-144
This is always allocated, so do not make it a pointer.
This now also uses the talloc-less GUID_buf_string() when printing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Otherwise, we spend a lot of time checking if the link is in the list, which is pointless
and very costly in large domains
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This avoids fetching every attribute, including in particular links that may
require additional work to resolve, when we will not look at them anyway
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This makes processing of large numbers of linked attributes much faster, as we never care about the
names during that processing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>