IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is needed for smbtorture to join a domain in FIPS mode.
FYI: The correct way would be to join using LDAP as the s3 code is doing it. But
this requires a bigger rewrite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.
The anonymous connection can then change the password with SAMR.
Andrew Bartlett
The client side code was not falling back to older routines correctly
as it didn't check for the operation range error appropriately. It
also used the old rpc semantics.
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
- as the SetUserInfo2() levels 26/25 and 24/23 have the same encryption
but 26 and 24 change only the password and 25 and 23 take a info21 and change the password,
we now use 26 with fallback to 24 or 25 with fallback to 23.
- use samr_SetUserInfo2() to match what w2k3 does (works also against nt4)
- pass the info21 to libnet_SetPassword() to set acct_flags and full_name
together with the password (to match what w2k3 does)
metze
(This used to be commit 1b86af32f3069cc75ae645698d3f92a0798e38f7)
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
