IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In the initial implementation only IPv4 addresses were supported.
Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion
routines to support w2k, dotnet, longhorn clients.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104
This fixes issue #9791, where the MMC shows random data
listing the zone contents.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
NS records should be included in the query for sub-domains. NS records
got dropped when the rank for NS records was correctly set to NS_GLUE
from ZONE in commit 2036cbd9249c84d9b46370f0e8cd6a0264c737ba.
samba-tool dns query 172.31.9.161 s4xdom.base @ ALL
=>
Name=glue, Records=0, Children=0
samba-tool dns query 172.31.9.161 s4xdom.base glue ALL
=>
Name=, Records=1, Children=0
NS: glue.dns.private. (flags=40000082, serial=21, ttl=900)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 4 14:37:51 CEST 2014 on sn-devel-104
Change-Id: I3bc283b6fab4326131084d1abb89cb486af7b35a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 1 02:58:46 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 21 11:36:55 CEST 2014 on sn-devel-104
Windows allow both . and @ to be specified with modifying @ record.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Some clients call netr_ServerReqChallenge() and netr_ServerAuthenticate3()
on different connections. This works against Windows DCs as they
have a global challenge table.
A VMware provisioning task for Windows VMs seemy to rely on this behavior.
As a fallback we're storing the challenge in a global memcache with a fixed
size. This should allow these strange clients to work against a
Samba AD DC.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly.
Allocating one byte less memory than required causes malloc() heap corruption
and then a crash or lockup of the SAMR server.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Allow us to start if we bind to *either* :: or 0.0.0.0.
Allows us to cope with systems configured as only IPv4
or only IPv6.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
Reviewed-By: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104
This indicates that we're using nested event loops...
Andrew Bartlett
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Change-Id: I4dcc7bf3c624612980e53b6119a60989fc2ea3b6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
This matters after the lockout observation period has expired.
Note: that QueryUserInfo level 3 returns the raw badPwdCount value.
Andrew Bartlett
Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The samldb module will handle the verification and magic.
Change-Id: If38e0ed229b98eac4db9b39988de4a25f9a352f2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I99945f0b86ea2862c88c00ad39c809ef1101ca9b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Including a fix by Arvid Requate <requate@univention.de>
Change-Id: I25d10da50dd6119801cd37349cce970599531c6b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This seems to be the best choke point to check for locked out
accounts, as aside from the KDC, all the password authentication and
change callers use it.
Andrew Bartlett
Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Part of this was removed when ChangePasswordUser was unimplemented,
but remove the remainder of this flawed commit. Fully check the
password first, as extract_pw_from_buffer() already does a partial
check of the password because it needs a correct old password to
correctly decrypt the length.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/38
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients. It also has quite difficult semantics to handle regarding
password lockout.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is much better than creating the binding by hand.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We should not alter the callers binding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 11 18:30:55 CET 2014 on sn-devel-104
