IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.
This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If init_samr_CryptPasswordAES() does not fill the
u.info31.password.auth_data array completely, we may be comparing
uninitialised bytes.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 12 03:27:55 UTC 2022 on sn-devel-184
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 12 02:29:32 UTC 2022 on sn-devel-184
Based on tests originally written by Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 9 01:11:05 UTC 2022 on sn-devel-184
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 8 23:34:15 UTC 2022 on sn-devel-184
This is not a shared library. This only worked because we use
'--as-needed' as linker option.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will make a difference to the string printed in the cases that
call self.usage(), resulting in more specified usage for the
sub-command. It would also matter if the samba-tool sub-command had a
different .show_command_error() or .errf, but I don't think that
happens.
Note: usually command._run() will have caught and shown the exception,
returning -1.
We also rename away 'cmd' so we don't again imagine it is the command
we are running.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Prior to this commit, in super-commands, the first half of the _run()
is resolving what sub-command to run, and the second half is working
out what to print if that failed. Some issues with that are:
* it looks a little bit complicated.
* the tests can't use the tool's resolution code, because it runs
immediately, while the tests first want to fiddle with self.outf
and so on.
* it makes it harder to subclass and override the resolution code, so
instead we do strange things like where we subclass dict as in
main.py.
So we split it into ._resolve() and ._run().
There are a few tests that break. We mark these as flapping, rather
than knownfail, so as to avoid going into extremely fine-grain filters
for tests that will be fixed within a few commits.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Most likely it is a bad filename or attribute, not the wrong type of
argument.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
"--color variants" meaning --color=always instead of --color=yes, etc.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Passes against Windows, currently fails against Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
RN: Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Otherwise the session might still be around with the open handle when the next
test starts and then fails to delete the testfile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
sid_strings.py used the same OID range as ldap_schema.py, which
occasionally led to test failures when the same OID was generated twice.
Using a different range, and making use of the expected RID if we have
it, should reduce the likelihood of collisions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 25 13:55:47 UTC 2022 on sn-devel-184
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source4/selftest/win/wintest_rpc.sh:61:27: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
source4/selftest/win/wintest_net.sh:57:27: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Aug 22 15:15:11 UTC 2022 on sn-devel-184
source4/setup/tests/provision_fileperms.sh:27:14: error: Iterating over
ls output is fragile. Use globs. [SC2045]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
source4/selftest/win/wintest_2k3_dc.sh:57:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:62:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:85:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:101:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
source4/selftest/test_w2k3.sh:40:67: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/test_w2k3.sh:46:66: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/test_w2k3.sh:48:66: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
