IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
By default we'll now require schannel connections with
privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b3ed90a054)
It's enough to warn the admin once per connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3c57608e11)
We'll soon add some additional contraints in dcesrv_netr_check_schannel(),
which are also required for dcesrv_netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 689507457f)
This will allow us to reuse the function in other places.
As it will also get some additional checks soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f43dc4f0bd)
This allows the admin to notice what's wrong in order to adjust the
configuration if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 43df4be359)
This makes it more flexible when we change the global default to
'reject md5 servers = yes'.
'allow nt4 crypto = no' is already the default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 69b3654160)
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need use the account name from our SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b09f51eefc)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4c7f84798a)
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need the downgrade detection in more places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b6339fd1dc)
For generic tests we should use the best available features.
And AES will be required by default soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit cfd55a22cd)
In order to avoid generating useless debug messages during make test,
we will use 'CVE_2020_1472:warn_about_unused_debug_level = 3'
and 'CVE_2020_1472:error_debug_level = 2' in order to avoid schannel warnings.
Review with: git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 16ee03efc1)
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2f)
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0e6a2ba83e)
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7baabbe981)
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e060ea5b3e)
This fixes a use after free problem introduced by
commit 7b8e32efc3,
which has msg = current; which means the lifetime
of the 'msg' memory is no longer in the scope of th
caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1414269dcc)
Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Mon Dec 12 15:52:22 UTC 2022 on sn-devel-184
If the client is not able to receive the results within connections idle
time, then we should treat it as dead. It's value is 15 minutes (900 s)
by default.
In order to limit that further an admin can use 'socket options'
and set TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and/or TCP_USER_TIMEOUT
to useful values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 19 17:13:39 UTC 2022 on sn-devel-184
(cherry picked from commit eb2f352603)
imessaging_client_init() is for temporary stuff only, so we should drop
(unexpected) incoming messages unless we expect irpc responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
(cherry picked from commit 266bcedc18)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Oct 19 09:45:53 UTC 2022 on sn-devel-184
We often create imessaging contexts just for sending messages,
but we'll never process incoming messages because a temporary event
context was used and we just queue a lot of imessaging_post_state
structures with immediate events.
With imessaging_init_discard_incoming() we'll discard any incoming messages
unless we have pending irpc requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a120fb1c72)
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6357== Command: ./bin/regpatch file
==6357==
Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
==6357== Syscall param openat(filename) points to unaddressable byte(s)
==6357== at 0x4BFE535: open (in /usr/lib64/libc.so.6)
==6357== by 0x4861432: reg_diff_load (patchfile.c:345)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
Error reading registry patch file `file'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
(cherry picked from commit 7e0e3f47cd)
This shows we currently hang when sending an SMB2_OP_FLUSH on
an AFP_Resource fork.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 1b8a873284)
This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 314bc44fa9)
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7ff743d65d)
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 62b426243f)
All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7981cba87e)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Sep 18 17:46:29 UTC 2022 on sn-devel-184
This will be used in the following commits.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a246ae993f)
Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fcabcb326d)
[jsutton@samba.org Included dsdb/common/util.h header for
DSDB_SESSION_INFO define]
This may return an error if we find the account is locked out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 268ea7bef5)
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a268a1a0e3)
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bdfc9d96f8)
[jsutton@samba.org Fixed knownfail conflicts due to not having claims
tests]
[jsutton@samba.org Fixed knownfail conflicts]
If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.
Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b1e740896e)
This simplifies the code for the following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2b593c34c4)
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 96479747bd)
[jsutton@samba.org Fixed conflict due to lack of dbg_ret variable]
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a65147a9e9)
[jsutton@samba.org Fixed conflicts due to lack of dbg_ret variable]
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8a862cb81)
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b5f78b7b89)
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 712181032a)
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 55147335ae)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b954acfde2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4a9e0fdccf)
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit de4cc0a3da)