summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-dsdb-test: Implement samdb_connect_env() to rely solely on environmentKamen Mazdrashki2015-02-031-0/+21
| | | | | | | | | | | | | | | | | | | this is to help me port Python tests to be more Unit test alike and remove all global handling Starting from a new test suite - tombstone_reanimation.py Andrew Bartlett rose his concerns that passing parameters through environment may make tests hard to trace for failures. However, passing parameters on command line is not Unit test alike either. After discussing this with him offline, we agreed to continue this approach, but prefix environment variables with "TEST_". So that an env var should not be used by coincidence. Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Some minor fixes in tombstone_reanimate, to make it work with aclNadezhda Ivanova2015-02-031-4/+4
| | | | | | | Change-Id: Idad221c7ecf778fd24f6017bb4c6eacac541086a Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Implementation of access checks on a undelete operationNadezhda Ivanova2015-02-032-18/+80
| | | | | | | | | | Special Reanimate-Tombstone access right is required, as well as most of the checks on a standard rename. Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Tests for security checks on undelete operationNadezhda Ivanova2015-02-032-5/+135
| | | | | | | | | | | Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears LC is also necessary, and it is not granted by default to anyone but System and Administrator, so tests had to be done negatively Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
* s4-dsdb: Mark request during Tombstone reanimation with custom LDAP controlKamen Mazdrashki2015-02-031-0/+14
| | | | | | | | | | We are going to need this so that underlying modules (acl.c) can treat those requests properly Change-Id: I6c12069aa6e7e01197dddda6c610d930d3fd9cb0 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Implement rename/modify requests as local for the moduleKamen Mazdrashki2015-02-031-2/+96
| | | | | | | | | | | The aim is for us to be able to fine tune the implementation and also add custom LDAP controls to mark all requests as being part of Reanimation procedure Change-Id: I9f1c04cd21bf032146eb2626d6495711fcadf10c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Add documentation link for Tombstone ReanimationKamen Mazdrashki2015-02-031-1/+1
| | | | | | | Change-Id: Ib779c8b0839889371f25ad5751c9cda1a510eb54 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-tests: Print out what the error is in delete_force()Kamen Mazdrashki2015-02-031-2/+2
| | | | | | | Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requestsKamen Mazdrashki2015-02-032-0/+9
| | | | | | | | | | | | | | | | Tombstone reanimation requries some special handling which is going to affect several modules. Most notably: - a bit different access checks in acl.c - restore certain attributes during modify requests in samldb.c Control added also to schema_samba4.ldif by Andrew Bartlett hence the "pair programmed with" tag. Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Make use dsdb_make_object_category() for objectCategoryKamen Mazdrashki2015-02-031-52/+1
| | | | | | | Change-Id: If65c54a653ad7078ca7a535b5c247db2746b5be7 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Make most specific objectCategory for an objectKamen Mazdrashki2015-02-031-0/+67
| | | | | | | | | | | | This is lightweight implementation and should be used on objects with already verified objectClass attribute value - eg. valid classes, sorted properly, etc. Checkout objectclass.c module for heavy weight implementation. Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Initialize module context only we are to handle Tombstone requestKamen Mazdrashki2015-02-031-5/+5
| | | | | | | Change-Id: I73bd2043e96907e3d1a669bdbd943ddee1df8c0a Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Return error codes as windows does for Tombstone reanimationKamen Mazdrashki2015-02-031-0/+4
| | | | | | | | | | | | Tested against Windows Server 2008 R2 In case we try to restore to already existing object, windows returns: LDB_ERR_ENTRY_ALREADY_EXISTS Otherwise it is: LDB_ERR_OPERATIONS_ERROR Change-Id: I6b5fea1e327416ccf5069d97a4a378a527a25f80 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-tests: Fix whitespace in deletetest.pyKamen Mazdrashki2015-02-031-1/+1
| | | | | | | Change-Id: Ic2924b0aa9cffd29fe0c857317ccb65ba53a1c21 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-tests: Make unique object names to test with in deletetestKamen Mazdrashki2015-02-031-10/+18
| | | | | | | | | This way we can re-run the test again and again Change-Id: I29bd878b77073d94a279c38bd0afc2f0befa6f9d Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-tests: Remove unused method get_ldap_connection()Kamen Mazdrashki2015-02-031-13/+0
| | | | | | | Change-Id: Ie50f77dbba724dbd3c2822de5c2cfff41016fac6 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-tests: Remove trailing ';' in deletetest.pyKamen Mazdrashki2015-02-031-2/+2
| | | | | | | Change-Id: Ic1ad6bbda55be56cbf7ae78a8ad988b8e479a40c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Insert tombstone_reanimate module in ldb modules chain after ↵Kamen Mazdrashki2015-02-031-0/+1
| | | | | | | | | objectclass Change-Id: Id9748f36f0aefe40b1894ecd2e5071e3b9c8a6d6 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Initial implementation for Tombstone reanimation moduleKamen Mazdrashki2015-02-032-1/+266
| | | | | | | | | | | | | | | | | | At the moment it works for basic scenario: - add user - delete user - restore deleted user TODO: - security checks - flags verification - cross-NC checks - asynchronous implementation (may not be needed, but anyway) Change-Id: If396a6dfc766c224acfeb7e93ca75703e08c26e6 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-tests: Some tests for deleted objects undelete operationNadezhda Ivanova2015-02-031-5/+198
| | | | | | | | | | Based on MS-ADTS 3.1.1.5.3.7.2 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Change-Id: I650b315601fce574f9302435f812d1dd4b177e68
* selftest: fix check for RODC and RID Set allocationStefan Metzmacher2015-02-021-1/+1
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Feb 2 01:10:18 CET 2015 on sn-devel-104
* python/samba/tests: don't lower case path names in connect_samdb()Stefan Metzmacher2015-02-011-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | We should not lower case file names, because we may get a path to sam.ldb. Now we only lower case ldap urls. For a long time I got failing private autobuild like this: [1623(9233)/1718 at 1h28m9s] samba4.urgent_replication.python(dc)(dc:local) Failed to connect to ldap URL 'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' - LDAP client internal error: NT_STATUS_NO_MEMORY Failed to connect to 'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' with backend 'ldap': (null) UNEXPECTED(error): samba4.urgent_replication.python(dc).__main__.UrgentReplicationTests.test_attributeSchema_object(dc:local) REASON: _StringException: _StringException: Content-Type: text/x-traceback;charset=utf8,language=python traceback 322 The problem is that /memdisk/metze/W/ is my test directory instead of /memdisk/metze/w/. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* selftest: Fix typo namerserver -> nameserver.Jelmer Vernooij2015-01-301-2/+2
| | | | | | | | Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jan 30 19:59:40 CET 2015 on sn-devel-104
* s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"Stefan Metzmacher2015-01-291-0/+3
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9702 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 29 14:58:40 CET 2015 on sn-devel-104
* s3:smb2_server: always try to grant the credits the client just consumedStefan Metzmacher2015-01-291-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | It turns out that the effective credits_requested is always at least 1, even if the client sends credits_requested == 0. This means the client is not able to reduce the amount of credits itself. Without this fix a client (e.g. Windows7) would reach the case where it has been granted all credits it asked for. When copying a large file with a lot of parallel requests, all these requests have credits_requested == 0. This means the amount of granted credits where reduced by each request and only when the granted credits reached 0, the server granted one credit to allow the client to go on. The client might require more than one credit ([MS-SMB2] says Windows clients require at least 4 credits) and freezes with just 1 credit. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9702 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* loadparm: Simplify "set_variable"Volker Lendecke2015-01-291-7/+3
| | | | | | | | | | | I usually don't like complicated if/else and in particular the else piece. But if the alternative is a goto, then else is better I guess :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Thu Jan 29 00:28:55 CET 2015 on sn-devel-104
* uwrap: Bump version to 1.1.0.Andreas Schneider2015-01-281-1/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 28 19:44:39 CET 2015 on sn-devel-104
* uwrap: Make sure we leave if the id is NULL.Andreas Schneider2015-01-281-0/+1
| | | | | | | CID #97616 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Support scenario where threads fork or creates threads.Robin Hack2015-01-281-221/+177
| | | | | | | | | | | | | | | | | When fork() is called here there is no need to disable uwrap as a whole. This change disables only uwrap for the thread which called fork(). uwrap catches calls of pthread_create() and pthread_exit() functions from libpthread library now. Pair-Programmed-With: Andreas Schneider <asn@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Robin Hack <hack.robin@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Prepare for overload of libpthread functions.Robin Hack2015-01-281-19/+140
| | | | | | | | | uwrap_bind_symbol are now renamed to uwrap_bind_symbol_libc and simlilar uwrap_bind_symbol_libpthread are introduced. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL macrosRobin Hack2015-01-281-8/+14
| | | | | | | | | Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL which make locking easier. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Rewrite uwrap_libc_fns struct to pass strict aliasing rules.Robin Hack2015-01-281-59/+116
| | | | | | | | | | Also rename struct uwrap_libc_fns fns to uwrap_libc_symbols and uwrap_load_lib_function to uwrap_bind_symbol (same for _uwrap_load_... variant. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix wrong data types in syscalls switch.Robin Hack2015-01-281-12/+12
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add support for getresuid() and getresgid() glibc/syscall.Robin Hack2015-01-282-0/+111
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Extend support for (set|get)groups libc functions and syscalls.Robin Hack2015-01-281-11/+82
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Extend support for syscalls called from threads or main process.Robin Hack2015-01-281-0/+36
| | | | | | | | | We need to distinguish if the syscall is called from main process or from a thread. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Small uwrap_init optimalization.Robin Hack2015-01-281-2/+2
| | | | | | | | Don't call libc_getuid/getgid function twice. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add support for running with address sanitizer.Andreas Schneider2015-01-282-0/+27
| | | | | | | | The address sanitzer will complain about our hack with variable function attributes. This disables the checking of it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Reflect changes of uid/gid in threads to main process.Robin Hack2015-01-281-7/+50
| | | | | | | | | | | | When thread changes uid/gid this change must be reflected to main process. Syscalls changes only uid/gid of thread. Call of libc functions changes also uid/gid of main process. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Small optimalization of uwrap_init().Robin Hack2015-01-281-1/+2
| | | | | | | | Don't call getenv("UID_WRAPPER") on start of uwrap_init(). Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Optimalization of uid_wrapper_enabled() function.Robin Hack2015-01-282-4/+42
| | | | | | | | | | | | | | | Check only bool variable inside uwrap structure instead of calling whole uid_init(). In the best case only one mutex lock is need when check. NOTES: * This patch uses __atomic_load gcc builtin function. * uid_init() were moved outside uid_wrapper_enabled() function. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uid_wrapper: Fix race condition - uwrap_init.Robin Hack2015-01-281-5/+2
| | | | | | | | | Patch moves uwrap_id_mutex before if (uwrap.initialised) statement which can be passed by concurrent threads. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix race condition - glibc lookups.Robin Hack2015-01-281-3/+14
| | | | | | | | | Patch adds libc_symbol_binding_mutex which guards global table of libc functions and their lookup. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add library constructor and move pthread_atfork inside.Robin Hack2015-01-282-9/+39
| | | | | | | | | Library constructor is used for pthread_atfork call. Moved here because pthread_atfork is cumulative and should be called only once. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Use UWRAP_LOCK/UNLOCK macros instead of pthread_mutex_lock/unlock calls.Robin Hack2015-01-281-31/+40
| | | | | | | | | New macros UWRAP_LOCK/UNLOCK has been created and all calls to pthread_mutex_lock/unlock has been replaced by these macros. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix the handle loop for older gcc versions.Andreas Schneider2015-01-281-1/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* waf: Add address sanitizer configure option.Andreas Schneider2015-01-282-0/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* ctdb-scripts: Call iptables/ip6tables directly from iptables_wrapperMartin Schwenke2015-01-282-12/+8
| | | | | | | | | | | | | | | | | | | | | | Drops the iptables() and ip6tables() functions and, hence, the hardcoding of paths /sbin/iptables and /sbin/ip6tables. The latter avoids problems on openSUSE where (for example) /usr/sbin/iptables is used instead. This means that locking around ip*tables commands is only done when iptables_wrapper is called directly. This is fine because the only conflict is when "releaseip" or "takeip"/"updateip" events are run in parallel. The other uses in 11.natgw and 70.iscsi are in events where there will be no collisions. Making 11.natgw support IPv6 is unnecessary. Just put a static IPv6 address on each interface - they're plentiful. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Wed Jan 28 08:29:55 CET 2015 on sn-devel-104
* ctdb-scripts: Error message, comment and whitespace cleanupsMartin Schwenke2015-01-281-8/+10
| | | | | Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* ctdb-scripts: iSCSI eventscript should fail when PNN can't be determinedMartin Schwenke2015-01-281-4/+1
| | | | | Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
generated by cgit (git 2.34.1) at 2025-09-26 22:40:16 +0000