sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code
92a4df11b2
samba-mirror/source4/rpc_server
History
Andrew Bartlett 8923162028 s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root 
We send the NC root first, as a special case for every chunk
that we send until the natural point where it belongs.

We do not bump the tmp_highest_usn in the highwatermark that
the client and server use (it is meant to be an opauqe cookie)
until the 'natural' point where the object appears, similar
to the cache for GET_ANC.

The issue is that without this, because the NC root was sorted
first in whatever chunk it appeared in but could have a 'high'
highwatermark, Azure AD Connect will send back the same
new_highwatermark->tmp_highest_usn, and due to a bug,
a zero reserved_usn, which makes Samba discard it.

The reserved_usn is now much less likely to ever be set because
the tmp_higest_usn is now always advancing.

RN: Avoid infinite loop in initial user sync with Azure AD Connect
 when synchronising a large Samba AD domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 79ca6ef28a)

Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Mon Aug 21 08:42:32 UTC 2023 on sn-devel-184
2023-08-21 08:42:32 +00:00
..
backupkey s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret() 2023-08-01 09:53:12 +00:00
browser werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/ 2016-09-28 00:04:35 +02:00
common CVE-2022-32743 s4:rpc_server/common: Add dcesrv_samdb_connect_session_info() 2022-07-28 22:47:38 +00:00
dnsserver s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal() 2023-06-02 12:51:11 +00:00
drsuapi s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root 2023-08-21 08:42:32 +00:00
echo s4:rpc_server: only pass context to op_bind() hooks 2019-01-12 03:13:39 +01:00
epmapper epmapper: Simplify _epm_Map() 2021-01-28 16:58:35 +00:00
eventlog s4:rpc_server/eventlog: make use of dcesrv_handle_create() 2019-01-12 03:13:34 +01:00
lsa s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state() 2023-08-01 09:53:12 +00:00
netlogon s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array() 2023-08-01 09:53:12 +00:00
remote s4:rpc_server: Check return code of cli_credentials_set_conf() 2021-06-29 02:19:35 +00:00
samr s4/rpc_server/sambr: don't mutate the return of samdb_set_password_aes 2022-10-31 09:05:10 +00:00
srvsvc smb.conf: Remove "share backend" option 2021-03-26 03:04:39 +00:00
tests dnsp.idl: fix dnsp_ip4_array definition 2019-06-21 08:49:19 +00:00
unixinfo wbclient: "ev" is no longer used in wbc_xids_to_sids 2016-09-28 00:04:36 +02:00
winreg s4:rpc_server/winreg: don't cache an ldb connection per presentation context 2019-01-12 03:13:39 +01:00
wkssvc werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/ 2016-09-28 00:04:35 +02:00
dcerpc_server.c s4:rpc_server: Fix duplicated function name between s3 and s4 2022-04-08 20:13:37 +00:00
dcerpc_server.h s4:rpc_server: Move core structures and prototypes to core library 2019-10-18 16:07:37 +00:00
dcerpc_server.pc.in
service_rpc.c s4:rpc_server: Fix duplicated function name between s3 and s4 2022-04-08 20:13:37 +00:00
wscript_build CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc 2023-01-23 09:27:12 +00:00