IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Instead, provide access functions for the LSA and net sam callers
for the information they need.
They still only enumerate the first 8 privileges that have traditionally
been exposed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The LSA enumeration in source3 will not show the new privileges,
but otherwise, they are now in common, and can be set by name.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This ensures there isn't a behaviour change when the source3 list is combined
with the longer source4 list.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
As Samba only deals with the lower 32 bits of the LUID, just return those
and let the LSA layer deal with the upper 0 bits.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This avoids the use of SE_END, and has all callers walking the
array using the same termination condition.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed) they were first
talloc_referenced and then later (53765c81f7)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.
This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
In a tevent_req based function tevent_req_create() should be the first
function! If it fails it's the only reason, why the function
could every return NULL.
And all temporary data belongs to 'state' and gets free'ed by
tevent_req_received() in the _recv function.
metze
The common code does not have a mem_ctx on ntlmssp_check_packet() and
ntlmssp_unseal_packet().
We do however need some internal working of the code exposed, so some
structures are moved to ntlmssp_sign.h
Andrew Bartlett
This needs a small re-arrangement of the supporting code.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
The code is not yet in common, but I hope to fix that soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.
Andrew PLEASE CHECK !
Jeremy.
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
[MS-WINSRA] — v20091104 was wrong
regarding section "2.2.10.1 Name Record"
If the name buffer is already 4 byte aligned
Windows (at least 2003 SP1 and 2008) add 4 extra
bytes. This can happen when the name has a scope.
metze
