IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is the common location of the audit logging code now
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This fixes "samba-tool ntacl set -d10"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 23 04:56:44 CEST 2018 on sn-devel-144
there are also mem leaks in this function
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.
Fix this by limiting the check to only 8 bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 16 04:21:18 CEST 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13475
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 23:07:25 CEST 2018 on sn-devel-144
After a duplicated add a small amount of memory can be leaked onto a
long-term context.
Found by Andrej Gessel https://github.com/andigese8fb45125e (commitcomment-29334102)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13471
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 15 04:39:41 CEST 2018 on sn-devel-144
The addns code tries to use common approach for TCP and UDP queries,
calling connect() for both types of sockets. In case of UDP that
requires to use send() instead of sendto().
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 13 03:51:04 CEST 2018 on sn-devel-144
Add an adjustment to the before and after values to cater for the
occasional differences between the calculated times.
The exact value of the time stamp is not important what is important is
that is correctly formatted and that the value is reasonable i.e. it's
close enough to the current time.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Replace uses of the string "sessionInfo" with the constant
DSDB_SESSION_INFO, and "networkSessionInfo" with the constant
DSDB_NETWORK_SESSION_INFO.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Introduced in e8cdacc509016d9273d63faf334d9f827585c3eb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13459
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 1 11:10:24 CEST 2018 on sn-devel-144
Instead, we either build or do not build the entire binary.
This is much more likely to raise an error in make test if the build system
changes. The concern is that HAVE_JANSSON can go away and the tests just vanish.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The previous style is needed sometimes to avoid an 80-col limit, but
is not how most of Samba looks.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Re-factor the common calls to json_dumps DEBUGC and audit_message_send
into a separate function.
Add functions to retrieve json object and json array elements
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* New LMDB backend (experimental)
* Comprehensive tests for index behaviour
* Enforce transactions for writes
* Enforce read lock use for all reads
* Fix memory leak in paged_results module.
We hold at most 10 outstanding paged result cookies
(bug #13362)
* Fix compiler warnings
* Python3 improvements
* Restore --disable-python build
* Fix for performance regression on one-level searches
(bug #13448)
* Samba's subtree_rename could fail to rename some entries
(bug #13452)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
When no search filter is specified, the code falls back to using
'(|(objectClass=*)(distinguishedName=*)'. ltdb_index_dn() then failed
because matching against '*' is not indexed. The error return then
caused the code to fallback to a full-scan of the DB, which could have a
considerable performance hit.
Instead, we want to continue on and do the ltdb_index_filter() over the
indexed results that were returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Otherwise Samba modules like subtree_rename can fail as they modify the
index during the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13452
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This ensures that the error string returned to the caller reflects a failure in this call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Now with even more typos fixed. Thanks Rowland.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Mon May 28 16:16:17 CEST 2018 on sn-devel-144
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This ensures we do not corrupt such an index by making changes to the
main database without knowing that the index values are now in a
sub-database.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The way to know if we are in a transaction is if there is a non-NULL
transaction handle.
This allows the ldb_mdb_kv_ops_test test to be run.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
ldb_mdb is now able to pass the full ldb_mod_op_test when compiled against lmdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tests to ensure that the mdb_env wrapping code correctly handles
multiple ldb's point to the same physical database file.
The test_ldb_close_with_multiple_connections tests are in
ldb_mod_op_test due to the utility code it uses from
elsewhere in that test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This ensures we leave the FD behind if we exec() in a child process.
This deliberatly the same as TDB, as we want the same behaviour as
we have come to expect with that backend.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
MDB_env's may not be reused accross forks. Check the pid that the lmdb
structure was created by, and return an error if it is being used by a
different process.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Under some circumstances mdb_env_open returns EBADE, we treat this as
indicating the file is not a valid lmdb format file.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Wrap mdb_env_open to ensure that we only have one MDB_env opened per
database in each process
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We need to enforce the GUID index mode so end-users do not get a
supprise in mid-operation and we enforce a max key length of 511 so
that the index key trunctation is done correctly.
Otherwise the DB will appear to work until a very long key (DN or
index) is used, after which it will be sad.
Because the previous ldb_lmdb_test confirmed the key length by
creating a large DN, those tests are re-worked to use the GUID index
mode. In turn, new tests are written that create a special DN around
the maximum key length.
Finally a test is included that demonstrates that adding entries to
the LMDB DB without GUID index mode fails.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is used in selftest with 'ldb:nosync = true'.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
../lib/audit_logging/audit_logging.c: In function ‘json_add_timestamp’:
../lib/audit_logging/audit_logging.c:603:12: error: ‘%s’ directive
output may be truncated writing up to 9 bytes into a region of size
between 0 and 43 [-Werror=format-truncation=]
"%s.%06ld%s",
^~
../lib/audit_logging/audit_logging.c:606:3:
tz);
~~
../lib/audit_logging/audit_logging.c:600:2: note: ‘snprintf’ output
between 8 and 70 bytes into a destination of size 50
snprintf(
^~~~~~~~~
timestamp,
~~~~~~~~~~
sizeof(timestamp),
~~~~~~~~~~~~~~~~~~
"%s.%06ld%s",
~~~~~~~~~~~~~
buffer,
~~~~~~~
tv.tv_usec,
~~~~~~~~~~~
tz);
~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 17 20:17:35 CEST 2018 on sn-devel-144
