IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will be used by Python also.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will make the next patch simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Commit 6877e4849e reversed the
return values of hresult_errstr() and hresult_errstr_const().
hresult_errstr() should return "HRES_SEC_E_WRONG_PRINCIPAL",
while hresult_errstr_const() should return
"The target principal name is incorrect.".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15769
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
torture_winbind_struct_show_sequence() is failing if run as:
make -j8 test TESTS="samba4.rpc.lsa.trusted.*ad_dc samba4.winbind.struct.ad_dc"
The reason is that the test constructs two lists of domains and assumes
that the list contain same domains in the same order.
However:
- the list based on DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep) contains 51 domains
- the list based on DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep) contains 39 domains
and we got:
failure: show_sequence [ ../../source4/torture/winbind/struct_based.c:824: domlist[i].netbios_name was TORTURE201, expected TORTURE200: inconsistent order of domain lists
]
Both list are based on full domain list, however the smaller one filters
out domain without trust_type in winbindd_list_trusted_domains():
trust_type = get_trust_type_string(talloc_tos(), d, domain);
if (trust_type == NULL) {
continue;
}
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 12 15:00:10 UTC 2024 on atb-devel-224
With netr_ServerAuthenticateKerberos() clients also use
krb5 for lsa_LookupSids3 and lsa_LookupNames4.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Works against Windows 2025 preview:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.115 DC_SERVER=w2025p-115.w2025p-l8.base \
DOMAIN="W2025P-L8" REALM="W2025P-L8.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
NETLOGON_STRONG_KEY_SUPPORT=1 NETLOGON_AUTH_KRB5_SUPPORT=1 \
STRICT_CHECKING=0 python/samba/tests/krb5/netlogon.py
The code still works against Windows 2022 with the
following options:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.118 DC_SERVER=w2022-118.w2022-l7.base \
DOMAIN="W2022-L7" REALM="W2022-L7.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
NETLOGON_STRONG_KEY_SUPPORT=1 NETLOGON_AUTH_KRB5_SUPPORT=0 \
STRICT_CHECKING=0 python/samba/tests/krb5/netlogon.py
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Currently this should not be needed, but it's better to
call dcesrv_assoc_group_common_destructor() in all assoc_group
destructors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15765
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 12 07:22:29 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 5 17:46:49 UTC 2024 on atb-devel-224
This might be the better option when we implement
netr_ServerAuthenticateKerberos().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This breaks compat with 4.21 and moves stuff out of
netlogon_creds_CredentialState_extra_info.
It also prepares support for netr_ServerAuthenticateKerberos()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
"If a file is removed from or added to the directory after the most recent call
to opendir() or rewinddir(), whether a subsequent call to readdir() returns
an entry for that file is unspecified."
https://pubs.opengroup.org/onlinepubs/009604599/functions/readdir.html
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 29 15:10:13 UTC 2024 on atb-devel-224
If a file is removed from or added to the directory after the most recent call
to opendir() or rewinddir(), whether a subsequent call to readdir() returns
an entry for that file is unspecified."
https://pubs.opengroup.org/onlinepubs/009604599/functions/readdir.html
As it is unspecified, the different filesystems on Linux implement this
differently:
ext4:
./a.out
opendir(foo)
creat(foo/bar)
readdir() loop
readdir entry: bar
readdir entry: ..
readdir entry: .
readdir() detected the newly created file `foo`
btrfs:
./a.out
opendir(foo)
creat(foo/bar)
readdir() loop
readdir entry: .
readdir entry: ..
readdir() did not detect the newly created file `foo`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This structure is only used in torture/ldap/netlogon.c now for
historic reasons. Replacing it with something else would be the right
thing to do...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will supersede the direct cldap based netlogon tests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This slightly changes behaviour: It uses separate client sockets per
ping instead of just one, but it allows to compare CLDAP with LDAP and
LDAPS (spoiler: LDAPS is *much* slower...)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This was not used consistently across all of our code base, and I
don't see a reason why this should ever not be port 389.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
