| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
These won't have any effect yet, but soon they will allow a privileged
account to perform a password reset that respects constraints on
password history, age, and length, as if the reset was an ordinary
password change (that is, where the user provides the old password).
A normal user can't reset their own password using this, if the
organisation is using a remote service (e.g. Entra ID or Keycloak) to
manage passwords, that service can use a policy hints control to
ensure it follows AD password policy.
Entra ID Self Service Password Reset (SSPR) uses the deprecated OID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
This reverts commit 542cf01bfe530a83dfbc8a606d182c0a5a622059.
We shouldn't put a hard requirement for libreplace in libldb! We do not need
libreplace on Linux until we start using hexbytes_upper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15961
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Found by Leak Sanitizer
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Oct 29 12:18:43 UTC 2025 on atb-devel-224
|
|
Detected by Leak Sanitizer.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
If add_control() hasn't been called before, it will be NULL. Use ret as
the context to allocate memory on.
Direct leak of 110 byte(s) in 1 object(s) allocated from:
#0 0x7fc1b5921c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7fc1b56ed6a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fc1b56ee9e8 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fc1b56ee9e8 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7fc1b56ee9e8 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7fc1b5f1ad18 in ldb_cmdline_process_internal ../../lib/ldb/tools/cmdline.c:389
#6 0x7fc1b5f1b53c in ldb_cmdline_process ../../lib/ldb/tools/cmdline.c:544
#7 0x000000202a19 in main ../../lib/ldb/tools/ldbdel.c:97
#8 0x7fc1b542b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#9 0x7ffdced96847 ([stack]+0x38847)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 22 09:25:35 UTC 2025 on atb-devel-224
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
|
|
This will be required in future.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Python will complain with “__str__ returned non-string (type NoneType)”.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
In file included from ../../lib/ldb/include/ldb.h:50,
from ../../lib/ldb/include/ldb_private.h:43,
from ../../lib/ldb/common/ldb_pack.c:34:
../../lib/ldb/common/ldb_pack.c: In function ‘ldb_filter_attrs’:
../../lib/talloc/talloc.h:1173:48: error: ‘i’ may be used uninitialized [-Werror=maybe-uninitialized]
1173 | #define talloc_array(ctx, type, count) (type *)_talloc_array(ctx, sizeof(type), count, #type)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1178:34: note: in expansion of macro ‘talloc_array’
1178 | filtered_msg->elements = talloc_array(filtered_msg,
| ^~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1134:22: note: ‘i’ was declared here
1134 | unsigned int i;
| ^
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
no sqlite://, but ldaps:// ldb://, mdb://.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
lib/ldb/web/index.html used to be the source for
https://ldb.samba.org/, but the web page has continued to evolve in
minor ways without git keeping up.
The current difference is all http:// have been converted to https://
and a few URL domains and paths have changed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
|
|
oops.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec 30 04:17:46 UTC 2024 on atb-devel-224
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
If neither dn can casefold, they should be considered equal. Otherwise
cmp(dn1, dn2) will be inconsistent with cmp(dn2, dn1).
These will still sort to the end of the list, relative to any valid
DNs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
with some subsequent tidy-ups for style.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
If the failure is not on the last component, we would have
TALLOC_FREE()ed some components that we hadn't set.
I think in all pathways we initialise the unset components to zero,
but we should be careful just in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
The index code (lib/ldb_key_value/ldb_kv_index.c) recapitulates LDB
expression logic, and it seemed less than completely obvious that it
would never make a mistake and return a different result than an
unindexed search.
Here we run the same search on an unindexed database and on some that
have been indexed with a variety of options. We assert that the
results are identical over a number of searches.
By default, when run from the command line, that number is 495161,
which takes a couple of minutes. But if the SKIP_SLOW_TESTS
environment variable is set, the number is 33569, which takes 20
seconds or so. In selftest we set the variable and run the smaller
number.
The tests will print the cumulative search time for each database for
each testsuite, like this:
$ python3 lib/ldb/tests/python/index_transparency.py
..........................................................[...]
<class '__main__.SearchTest'>
25.78186821937561 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-indexed-dn.ldb>
17.73349642753601 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-half-indexed.ldb>
15.14864206314087 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-indexed-guid.ldb>
13.107165575027466 <ldb connection mdb:///tmp/tmpf1x72x7l/mdb-indexed.ldb>
Like all benchmarks it is interesting but misleading. One caveat here
is that you have (probably) compiled tdb in developer mode without
optimisation, while lmdb is probably a system package compiled with -O2,
though perhaps not tuned to your exact architecture.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15729
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 27 09:06:43 UTC 2024 on atb-devel-224
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
It should be off by default, as this is not needed by default. It
crashes named on startup, if bind is built with jemalloc support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 26 09:59:34 UTC 2024 on atb-devel-224
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
We should build with lmdb support also if it is not in AD case. The lmdb
backend is also used e.g. by sssd.
If you don't want to build it, you can always specify --without-ldb-lmdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15721
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 25 05:36:13 UTC 2024 on atb-devel-224
|
|
Before:
ldb.python.api_search -> 52
ldb.python.api_search.tr -> 48
After:
ldb.python.api_search.tr -> 10
ldb.python.api_search -> 9
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 24 10:38:03 UTC 2024 on atb-devel-224
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
LMDB is not going to turn up midway through the testsuite, so we might
as well skip the whole class
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
The index attribute of these classes was a mutable object, which made
me nervous. If a subclass were to alter the class.index (rather than
replace it), it would affect tests in other subclasses.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
The api_search tests are really slow, in part because we populate the
database identically for all the individual tests. We can instead do
it once and use copies.
This makes the test several times faster.
Comparing "make test TESTS=ldb.python":
Before:
TOP 10 slowest tests
ldb.python.api_search.tr -> 415
ldb.python.api_search -> 413
ldb.python.api_add_modify -> 5
ldb.python.api_add_modify.tr -> 4
ldb.python.index.tr -> 4
ldb.python.index -> 4
ldb.python.api_simple.tr -> 2
ldb.python.api_simple -> 2
ldb.python.repack -> 2
ldb.python.api_misc.tr -> 1
'testonly' finished successfully (14m13.276s)
After:
TOP 10 slowest tests
ldb.python.api_search.tr -> 52
ldb.python.api_search -> 50
ldb.python.api_add_modify -> 7
ldb.python.api_add_modify.tr -> 7
ldb.python.index.tr -> 4
ldb.python.index -> 4
ldb.python.api_simple -> 4
ldb.python.api_simple.tr -> 2
ldb.python.repack -> 2
ldb.python.api_misc -> 1
'testonly' finished successfully (2m14.505s)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
This will help enusre we are using the right DB when (in the next
commit) we set up the database for each test via copy. It also helps
with debugging.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
This makes them available to class methods.
In a later commit we will convert the index attribute into an
add_index() class method, because having a mutable variable on a class
is a slightly bad idea.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
