| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.
This results in
root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
While it works as system:
root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
# record 1
dn:
serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9763
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d64bc6c9af24109e89632db9133070f2ab827c46)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Jul 15 15:01:25 CEST 2014 on sn-devel-104
|
|
For now it's safer to reject setting 'userParameters' via LDAP,
as we'll not provide the same behavior as a Windows Server.
If someone requires that feature please report this in the following
bug reports!
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104
(cherry picked from commit 04e9d020c97c2dcd360b1845907f4c396d5671dc)
|
|
We should take the controls the caller provided when we search
for existing objects.
A search with a basedn of '<GUID=....>' should result in LDB_ERR_NO_SUCH_OBJECT
is the object has isDeleted=TRUE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9e6349f81edb3914d18bc50473d65c0c1f5bc113)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 26fa0b97d0270456becb86d93723a3c8e5d58585)
|
|
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
(cherry picked from commit 086c06e361962e1c118d8eed2316e9df7834ae8b)
|
|
These routines parse principals and generate keys only, no network
communication is done.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7a26989d4c62f38dcafc2a688b8cbaccc6499480)
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit cccc0dee04e2e3aecd82ed4cf887f9e36dd4962d)
|
|
event context
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.
This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.
If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).
Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.
Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104
(cherry picked from commit 401f555c28aee861385b75c371b5f44cded1d391)
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 543c5bf94187473271767ad782439abbfccda00d)
|
|
for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b19d80d0a97faffc165f068612f74d4ef8d7e5da)
|
|
What we now do is have the refresh function and module be on a
seperate object to the schema, only referring to the data and
not excuting on the original ldb and event loop.
That is, we never use another ldb context when calling the
refresh function, by binding the refresh handler to the
ldb and not the schema.
Andrew Bartlett
Change-Id: I5c323dda743cf5858badd01147fda6227599bc16
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 791c38282d681c60eaedb47803b9043991f5950d)
|
|
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8327321225251e312ccbd06bbefa5ebf98099f34)
|
|
This attempts to permit deletion of objects that have no objectClass
to allow dbcheck to clean up a corrupt database. It is not complete,
the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still
fail, but this is as much as is safe to do without a way to replicate
the original issue.
Andrew Bartlett
Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 74a83be540c8fa0dd0f91da25b1f9d7ccc4ec568)
|
|
Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit df2ef57584aab81c75012ec5d878322ff0691608)
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit dac1411b9ef9863152932698ce8c4e0a8cc79b1c)
|
|
We must have these two elements in a replPropertyMetaData for it to be
valid.
We may have to relax this for new partition creation, but for now we
want to find and isolate the database corruption.
The printing of the LDIF is moved above the checks to make it easier
to diagnoise the failures when further reproduced.
Based initially on a patch originally by Arvid Requate <requate@univention.de>
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25
Reviewed-on: https://gerrit.samba.org/164
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
(cherry picked from commit 9c9df40220234cba973e84b4985d90da1334a1d1)
|
|
enum is an int, and therefore signed. Some attributes have the high bit set.
Andrew Bartlett
Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-on: https://gerrit.samba.org/163
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
(cherry picked from commit 61b978872fe86906611f64430b2608f5e7ea7ad8)
|
|
According to MS-ADTS section 3.1.1.5.5.1.1 the searchFlags must be
checked.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 6 21:42:22 CET 2014 on sn-devel-104
(cherry picked from commit 98c961eb82194cd0738dbc58e4ae9f81771b409e)
|
|
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
(cherry picked from commit 13a10d43141c29dad61868b451c0c1dca82360de)
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 35e56d2b71b1dcd906baa70509ec50af39504b5a)
|
|
originating add operation
As described in MS-ATDS 3.1.1.5.2.8.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
(cherry picked from commit 8a505090215501324f83dda86d146708b687abcc)
|
|
Like LDB_MAP_RENAME, but drop the attribute if it occurs in an Add request.
Used for distinguishedName attribute, is read-only and generated but for
some bizarre reason AD allows it in an Add request.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
(cherry picked from commit 93f3aba5e083976a791b982b2064b619800ce110)
|
|
strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 35330aa2c8b255d74e94bc9dd742e621953c21f9)
|
|
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8c4e6f0cba164c91661a654e2ccc13c265a06953)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ee06cbce30ccdb057ffc5b3da2d7fb1010a13837)
|
|
about potentially uninitialized variables
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2bd15d1b830b177ea234aa29ff696379abbcd683)
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104
(cherry picked from commit 744abc882284bfde41b087bc06e13160b915f371)
|
|
about potentially uninitialized variables
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e5cb10f59122acc56a465c19885fe74a39985700)
|
|
about potentially uninitialized variables
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9c2951a9ca8228c714a1c1c834392077d050b569)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit de773f3785d8fedba605437fbd434a49b9d18b0e)
|
|
on EACCES and EPERM
This makes provision errors clearer in Samba.
Andrew Bartlett
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
(cherry picked from commit 262c3de3f880bb08b1220d1e755bb31365dab49b)
|
|
Change-Id: I88ee188c776364fd66da388ce01fc9288aa2ded0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 822b4927288231b7a90579af9792608a0bdef706)
|
|
metadata.tdb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 6da2dcd17ee46d339d7d80df3dccd456703e7fe2)
|
|
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6417d9e0355f840ca4cf3b740ad5aabfc534d834)
|
|
Change-Id: I10357236108f68ab749ba0e1f07558302c573887
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5b22222421c77c8c379c828c5da7e6c8c38cfb88)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10294
Failed to Join Domain - uncaught exception - attribute 'isRecycled'
|
|
This ensures that conflict objects can be created in CN=System, and
that we do not stop replication just because some other DC allowed a
rename we do not like.
This is achived by doing the work in the samldb module, which is above
repl_meta_data in the stack.
Andrew Bartlett
Change-Id: I8c1a7d3e0fbd5a470cf1326cc055044ca885f7d9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>
Tested-by: Guenter Kukkukk <kukks@samba.org>
(cherry picked from commit d3cd9f1575af18a6765a6b6a31811c9976f9c11e)
Fix bug #10569 - Rename checks prevent conflict resolution and create DRS
lockups.
|
|
As netlogon is handled by the samdb now,
the corresponding functions should live there as well.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
(cherry picked from commit 68ebb09193e73cff4389ccb9e3b190b12ee0a84a)
|
|
This patch adds support for a netlogon ldap style request
over the tcp socket. This is available since win2k3+ [1].
The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.
[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
(cherry picked from commit 0620c79d76b69811fd6c00d912db05477d894724)
|
|
This replaced the *module parameter, and uses ac->module in the function
instead, same for *req and *attrs.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
(cherry picked from commit 7a5a62547bc10053fb1e4850e0acacb6a837f36f)
|
|
The attribute on the RootDSE object is called 'dnsHostName'
instead of 'dNSHostName' (which is used in the schema and on
all other directory objects).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 295b4de7215f3326f9a403973547eb6ed4339f9b)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Oct 15 11:06:15 CEST 2013 on sn-devel-104
|
|
This code no longer needs to handle not renaming Deleted Objects
during a re-delete, because it is no longer called in that case.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit aa07b5caf9ac13fc517c4c9d21f16ebff5415544)
|
|
We need to ensure we do not re-delete the Deleted Objects DN during replication.
It itself not entirely a deleted object, but has isDeleted set.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c42db8975f8f84ce576c97ad95ca59ba5170d596)
|
|
This can happen if we do not find the invocationID, with later patches.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 40f99625ee4447aa36c0fa5631ffa13b7003569f)
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f2afdb61698c37389be286f9443471d4aeba49b8)
|
|
We now correctly ignore the link updates if the source or target is
deleted locally.
This fixes the long-standing failure in the vampire_dc dbcheck test.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0162be32ab4f9716a4300d1f1a0caae8b0133f7c)
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 32955a1dec3a97ab4550869dbeb5034247f3b1bc)
The last 12 patches address bug #10056 - dsdb improvements from 4.1.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a796cad90f1028ccc54a3539e34dc0728b990a96)
|
|
When an object is deleted, the links to be removed are not propogated,
you have to watch out for them manually!
We do this by calling back into the originating update delete code (ie
what is called if you ldb_delete() locally) so that any extra
attribute found locally and not on the remote server becomes removed
remotely too.
We currently do the same with links, but that isn't strictly correct,
but for now our getNCChanges server code filters these out, so only
the usn is bumped.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d3aad891c5759f66bd891cb47866d908a0562a8a)
|
