IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is needed for plugin registration in the KDC.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This points to the kdc config file created by Samba by default.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This starts the krb5kdc binary shipped with MIT Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Are build without AD DC still only requried MIT Kerberos 1.9.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The samba_dnsupdate script is responsible to provision the DNS entries.
The private krb5.conf uses dns lookups to find the KDC to acquire a
Kerberos ticket. Obviously this will fail because currently we are are
in the process of adding the DNS entries for the KDC.
If we are inside of selftest we need to use the krb5.conf created by
selftest itself.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
All the Kerberos implementation do not expect an order of the pac
buffer. The buffers are not processed in the oder they are sent but when
required just located.
I confirmed this with MS at the IO Lab.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
They have only been created against Samba AD with Heimdal Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The previous code in dcesrv_lsa_AddRemoveAccountRights had the following snippet:
if (sec_privilege_id(rights->names[i].string) == SEC_PRIV_INVALID) {
if (sec_right_bit(rights->names[i].string) == 0) {
talloc_free(msg);
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
talloc_free(msg);
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
If I'm not mistaken, the inner if-statement is essentially dead code,
as regardless of the outcome of the if-condition we execute the same
code. The effect of this is that you can't "net rpc rights grant" a right,
for example SeInteractiveLogonRight. A quick test against a W2k12 server
shows that W2k12 allows this call.
This patch changes the semantics of dcesrv_lsa_AddRemoveAccountRights
to also allow "rights" to be granted and revoked. At the same
time, it centralizes the check for validity of user input from
dcesrv_lsa_EnumAccountsWithUserRight into dcesrc_lsa_valid_AccountRight
too.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 29 09:20:02 CEST 2017 on sn-devel-144
Fix the null pointer dereference in smbd, introduced in the auth logging
changes.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 28 07:18:54 CEST 2017 on sn-devel-144
Test case to replicate null pointer dereference in smbd, introduced in
the auth logging changes.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The current runtime check for robust mutexes in
tdb_runtime_check_for_robust_mutexes() is not thread-safe.
When called in a multi-threaded program where any another thread doesn't
have SIGCHLD blocked, we may end up hung in sigsuspend() waiting for a
SIGCHLD of a child procecss and the signal was delivered to another
thread.
Revert to the previous behaviour of waiting for the child instead of
waiting for the SIGCHLD signal.
Ensure the pid we wait for is not reset to -1 in a toctou race with the
signal handler.
Check whether waitpid() returns ECHILD which can happen if the signal
handler is run by more then one thread in parallel (yes, this can
happen) or if tdb_robust_mutex_wait_for_child() and the signal handler
are racing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12593
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
This makes sure we remove any messaging sockets if a child dies or calls exit()
without running the talloc destructor for messaging
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
