Age | Commit message (Collapse) | Author | Files | Lines |
|
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Some of the problems where also reported by Microsoft testing tools
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
|
|
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
|
|
the match
Looking at dnsRoot will yield a result for domain.tld\username when it
shouldn't work.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
|
|
actually a GUID
The cannonical crackname expect a "/" or it returns
DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not
an error to not have a "/" in the name to crack it's just a sign the
name is not a cannonical one.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
We now correctly ignore the link updates if the source or target is
deleted locally.
This fixes the long-standing failure in the vampire_dc dbcheck test.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
When an object is deleted, the links to be removed are not propogated,
you have to watch out for them manually!
We do this by calling back into the originating update delete code (ie
what is called if you ldb_delete() locally) so that any extra
attribute found locally and not on the remote server becomes removed
remotely too.
We currently do the same with links, but that isn't strictly correct,
but for now our getNCChanges server code filters these out, so only
the usn is bumped.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
fails
We now also only poke the RID manager once per request.
This may help track down why RID allocation can fail, as while we
never wait for the RID set to be created/updated, it may be the only
clue the admin gets as to why the async allocations were failing.
Andrew Bartlett
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This should be more efficient, particularly in the leaf node case when renaming and
deleting entries on large databases.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids a subtree search here in most cases where an object is deleted.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
A patch by Cove Schneider <cove_s@yahoo.com> who reports:
I noticed that the RID numbers seem to increase incrementally, then
will suddenly jump by 124501. Unless I'm misunderstanding, shouldn't
RID pool allocations just be 500 at a time?
e.g. Adding accounts one after another on a single test instance here's how they're incrementing (from 4.0.6):
1596
1597
1598
1599
126100
126101
126102
...
126599
251100
...
251599
376100
...
The problem is that this complicates using sssd's AD integration, as
that it doesn't expect the RIDs to increase in a single domain so
quickly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 4 20:13:05 CEST 2013 on sn-devel-104
|
|
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104
|
|
dsdb_get_sd_from_ldb_message()
Every object has a nTSecurityDescriptor attribute.
This also avoids potential segfaults in the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
Also the result of this search not controlled by the client
nor is the result exposed to the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This makes the code easier to read.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 13 11:15:01 CEST 2013 on sn-devel-104
|
|
This probes when the usn is updated, and when it is not.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 12 11:54:01 CEST 2013 on sn-devel-104
|
|
While python didn't mind (oddly) it really confused my editor.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This handles deletions and replacements with no value, or with an
exactly specified value, as well as modifies.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This helps us in the KCC as we need to return the deleted DN for the GUID
in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 11 11:40:39 CEST 2013 on sn-devel-104
|
|
schema->{classes,attributes} are the DLIST pointer not an array.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
replmd_ldb_message_element_attid_sort"
This reverts commit d799b25dd3ed0f72ee03949225ba241c5538d7d6.
Sometimes the schema just isn't right. A segfault is not the correct
answer in those cases.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are
used for special semantics.
"UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED"
forces password expiration.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
|
|
acct. type
Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in
MS-SAMR section 3.1.1.8.10.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
|
|
Windows Server 2008 has changed semantics in comparison to Server 2003.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 28 18:11:00 CEST 2013 on sn-devel-104
|
|
given, and then the parent as given
This ignores the full DN as given, because the parent compents might be out of date.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Note that we must not give an error when we cannot find the object
that should hold the backlink, there really isn't anything we can do
in this case.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This way libnet_vampire_cb_apply_schema() is able to use
dsdb_repl_resolve_working_schema().
Pair-Programmed-With: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This can be reused later in other places.
Pair-Programmed-With: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
version if exists (bug #8680)
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
When a class or an attribute is replicated it might already exists in
the existing schema, so while replicating the new version of this object
we want to get rid of the old version of the object is the current
validating schema so that we don't end up having duplicates.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 reverted the change
of commit c2853f55fc603d4875bb1e50a1cbf409df0421ea.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The logic to populate possible inferriors and system possible inferriors
is the same so instead of looping twice we do both attributes (depending
on the type of the class) in the same loop
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Fri May 17 15:11:29 CEST 2013 on sn-devel-104
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
cannot convert
We need to work out why we are unable to make a mapping for an OID in our database, because
we should not have been able to add it without such a mapping.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|