Age | Commit message (Collapse) | Author | Files | Lines |
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
|
|
|
|
The acl element is changed to be a talloc child, and is no longer one element
longer than requested by virtue of the acl[1] base pointer.
This also avoids one of the few remaining cases of over-allocation of a structure.
Andrew Bartlett
|
|
The internal domain used in 'make test' does not report a DC name, so
just add tests similar to the old wbcPingDc call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Use wbcPingDc2 to get the DC name and print it.
Cleanup error messages: Remove "Could not ping our DC", there is always
a more specific message. Avoid printing "failed to call wbcPingDc" in
case the ping has been attempted and it returns an error, the error is
already printed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add wbcPingDc2 that optionally returns the DC that was attempted to
ping. wbcPing is implemented as a wrapper around wbcPingDc2.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The DC that was attempted to ping is useful for troubleshooting. Return
the DC name in the response to the wbclient.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The client checks for an error code in response.data.auth.nt_status,
make sure the result is stored there.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The soon-to-be-added command also fails against the s4 winbind.
Andrew Bartlett
|
|
The "serverReference" attribute is available on the "server" object
not on the "nTDSA" object.
This allows connections to RODCs, as they don't have a
E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
principal.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
|
|
When pdb_samba4 first opens this databse, this message is printed.
Andrew Bartlett
|
|
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
|
|
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference.
Andrew Bartlett
|
|
|
|
|
|
We often want to know if we own an FSMO role (for example). This tries to be more
efficient by comparing the GUID, rather than the string DN, as this does not need
to be re-fetched each time.
Andrew Bartlett
|
|
As the normal case (outside provision) uses a copy, this avoids a case
where a caller might modify a global variable accidentily.
As suggested by metze.
Andrew Bartlett
|
|
extended DN
Remote LDAP servers will not accept an extended DN with other components.
Andrew Bartlett
|
|
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 13:58:31 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
The index into the elements needs to match between
msg->elements and md->ctr.ctr1.array, which means we should
pre-allocate them with the same size.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
a tmp_ctx
|
|
|
|
tmp_ctx
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 04:05:06 CEST 2012 on sn-devel-104
|
|
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 02:16:11 CEST 2012 on sn-devel-104
|
|
The decrement operation has been missing.
Problem found by Mohammad Ebrahim Abravi <lamp.mia@gmail.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
(With small changes to have test complete by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
'Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821'
Cause: (strequal(finfo->name,"..") || strequal(finfo->name,"."))
evaluates to true, do_tar returns without freeing ctx
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 13 23:12:50 CEST 2012 on sn-devel-104
|
|
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Aug 12 23:40:23 CEST 2012 on sn-devel-104
|
|
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and
to be more careful about what schema is set (only setting a global schema if
the original schema was global).
In particular, the new working_schema is not given a talloc reference
to the old schema. This ensures that the old schema can go away when
no longer used.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
|
|
These sequence numbers were only used for telling if the schema was
changed, and are no longer directly related to the replication USN.
The per-partition replication USN can be obtained from the
@REPLCHANGED record on the per-partition database, and this is done
with an ldb_search().
Andrew Bartlett
|
|
This way we do not track both the partition seq number and the
replication USN for schema reload purposes.
We only need one indication of actual data change, and the replication
per-partition sequence number is no more expensive to obtain than the
ldb per-partition sequence number.
Andrew Bartlett
|
|
gid first
By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support
IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on
the fact that IDMAP_BOTH will resolve to a GID.
If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should
be done in the IDMAP layer.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
|
|
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL
the merge process also needs to be UID/GID based.
This is a problem when we have multiple builtin groups mapped to the same POSIX group
as happens in a Samba4 provision.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is consistent with the rest of Samba which uses this structure to represent
a unix uid or gid.
World values remain represented by the owner_type being WORLD_ACE in the containing
structure. A -1 value is filled in to the unixid.id in the same way the .world value
was initialised in the union.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
posix_acls
When a user owns a file, but does not have specific permissions on that file, we need to
make up the user permissions. This change ensures that the first thing that we do
is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam()
and directly create the token via the SID.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|